@dkg I subscribed you because I would be interested in your opinion as a downstream maintainer.
I do not think that gpg-agent or pinentry should pop up these annoying dialogs if a user decides not to enter a password or a seemingly (and the logic for that is super weak in gpg-agent) insecure passphrase.
Currently this leads me to implement GUI code where the passphrase for keygen is not provided by pinentry but by my own GUI. This should not be the case.
There are very many scenarios where "no passphrase" is viable for OpSec and as this increases usability it increases adoption.