I tried this with the current 2.2 branch and master and was not able to replicate it. The stubs are all deleted as expected. I also checked the commit log since 2.2.6 and didn't found anything which indicated that such a bug was fixed.

See rG26bce2f01d2029ea2b8a8dbbe36118e3c83c5cba for a description of the problem and its fix.
Thanks for reporting.

Thanks. I added all standard names to that list.

I do not fully understand your problem. Can you please explain it with an example and also state the full file names of the mentioned folders?

With recent versions of gpg you will now get Bad Data etc. This is implemented by giving an ERROR status line a higher precedence than the NO_SECKEY status.

BTW, you now need to use --rfc2440 to create a non-mdc message for testing.

Better?

Please add

Please dee the commit for a description of this fix.

I justed commited some gadgets to gpgme which might be helpful But please show warnings etc before you use that new option.

There won't be anything without MDC in 2.2.8 anymore.

In addition GnuPG master and 2.2.8 now always create MDC messages (except with option --rfc2440) and always fail for messages without an MDC. For old algorithms a hint is printed:

gpg: WARNING: message was not integrity protected
gpg: Hint: If this message was created before the year 2003 it is
     likely that this message is legitimate.  This is because back
     then integrity protection was not widely used.
gpg: Use the option '--ignore-mdc-error' to decrypt anyway.
gpg: decryption forced to fail!

I need to revise my statement (partly because fixing gpgme would be quite complicated). Marcus is right in that using the the literals_seen counter is the straightforward way to get this right. And it will fix it also for non-GPGME applications.

[We do things in the public unless explicitly requested by a bug reporter writing to security.]

Do you have a need for doing a new release immediately?

The set of information returned by gpg is too large to be mapped on an exit code. Thus we have status codes and the gpgv tool.

Oh dear, adding new keywords which have not been reserved in the past was a bad idea by C11. This will eventually require fixes at lot of places because the noreturn attribute is widely used ( other common headers may include the noreturn header as well).

Sorry. gpg is a real software and not some memory hog. real software runs under Unix and complies with the Unix rules, where one of them is to allow the use in a pipeline. All standard Unix tools have this feature and you need to check the error code ("set -e" in the simplest case). It is not different from gzip, tar, curl, rsync, ...

From the autocrypt page:

Let me state it again: Using symmetric encryption for authentication is Bad Thing™.

You are not cross-compiling. This is not suggested and I don't have the environment to replicate this. Maybe @aheinecke can help.

Please discuss this at gnupg-devel. A bug tracker is not a useful here.

What you try to do is very special and not directl supported. You need to find the keygrip of the subkey (I guess you know that) and enter it as "use existing key" in the add-key sub-command. To change capabilities use the change-usage sub-command which is described in the gpg man page and the online manual.