We should close this. The recent fix in 2.2 and the forthcoming 2.3 does everything we want. In the meantiime or if further problems turn up, --ignore-cert is a good workaround.

No, it does not matter.

Sorry, you need to wait for gnupg 2.3.8. It's next on our shortlist.

Why? One underscrore followed by a lowercase letter is not a reserved symbol. It is common to use this for symbols which are not part of the public API but need to have global linkage. Also not all system have a way to limit the visibility and there we need to use them for internal symbols.

What is a partial CRL; I have never seen that and IIRC the specification for that was not complete.

We want to get rid of sshcontrol but we could keep it as an optional configuration to sort keys. I won't say it is a bug, though.

The use of

I just fixed a bug related to the DP. That might be related. See rG0c8299e2b56ef2e1

That particular bug seems to have been solved a long time ago. I stumbled upon up while fixing a DP bug today.

What is the output of gpgconf --list-dirs ?

Works as designed. Whether the design is a good choice is a different
question.

keyboxd has nothing to do with this, it merely makes the lookup of keys a bit faster. The computation of the WoT itself takes long and there is no shortcut for it. Fortunately most users don't have a deeply meshed WoT with dedicated revokers etc., thus for them things are fast in the standard configuration.

If you run gpg --export-ownertrust you will notice that the trust has been set to ultimate (value is 6). However, due to the no-auto-check-trustdb in your gpg.conf that will valeu will only be shown after running gpg --check-trustdb. The value shown in the key listing is the computed value and the computation is done by --check-trustdb. I don't see a bug here.

I see what I can do

Of course it could be refined to use the same host if there is only a relative URL.

That's for sure. See rGfa1b1eaa4241ff3 :

Kleopatra does searches in parallel. What you see in the second dialog might be a response from a Web Key Directory (i.e. search by mail address with lookup at the mail domain).

BTW, gnupg/doc/DETAILS tells that the fingerprint is optional:

Fixed for 3 lists. I can't remember the details but quite some time ago someone requested some changes and while applying them the host_name must have changed / I changed it. The problem with Mailman is that it does not use plain config files to keep under etckeeper. At least not with some effort.

Thanks for mentioning this. I looked at the CVE last Sunday and figured that we are not affected. The vulnerable function inflateGetHeader is not used by GnuPG because we don;'t support the gzip format.

The more relavant error is that there is no status output on failure which is what gpgme uses (due to double forking).

gpgv returns success iff the signature is valid. That is the whole purpose of this tool.

Can you please give a more detailed example with regedit files to demonstrate that?

Can't we get them from the help.txt file? Putting a tooltip into the pattern file would be an option but needs substantial changes,

Yeah, we known. Fix is rGf34b9147eb3070b see T6070