I've had keyserver-options import-clean in my gnupg.conf for some reason or other, and so far it hadn't caused problems until I tried to import 0xE63EDCA9329DD07E. When I run
gpg --recv-keys DE0E66E32F1FDD0902666B96E63EDCA9329DD07E
...the option causes the ed25519 2018-02-09 subkey to be ignored, showing this in logs:
gpg: key E63EDCA9329DD07E: 1 duplicate signature removed gpg: key E63EDCA9329DD07E: 1 signature reordered gpg: key E63EDCA9329DD07E: invalid subkey binding gpg: key E63EDCA9329DD07E: removed multiple subkey binding gpg: key E63EDCA9329DD07E: removed multiple subkey binding gpg: key E63EDCA9329DD07E: removed multiple subkey binding gpg: key E63EDCA9329DD07E: removed multiple subkey binding gpg: key E63EDCA9329DD07E: removed multiple subkey binding gpg: key E63EDCA9329DD07E: skipped subkey`
Yet, if I import _without_ import-clean active, and run gpg --check-sigs, it says that the subkey has a valid self-signature, and is perfectly happy verifying email messages signed with that subkey.
Was advised on IRC that this should be reported as a bug.
To reproduce:
export GNUPGHOME=/tmp/gpg.$$ && mkdir $GNUPGHOME && gpg --keyserver-options import-clean --recv-keys DE0E66E32F1FDD0902666B96E63EDCA9329DD07E && gpg --list-keys 76BE5DB25271E1481E678C35B6C41CE35664996C