@ilf: Yes these message are emitted using log_info in 2.4.7 and 2.5.2. Thus they don't case a failure exit. I will silence them with --quiet in 2.5.3.

https://lists.gnupg.org/pipermail/gnupg-devel/2024-December/035686.html <- is a question to see if the situation has changed meanwhile. (I've send it to the list because the topic affects several things in the application and thus ggoes beyond an issue like this one.)

Better a new ticket for the rest, see T7441

A workaround exists with the new option --ignore-crl-extensions.

New external API is by GCRYCTL_FIPS_SERVICE_INDICATOR and/or the new macro gcry_get_fips_service_indicator.
This change is pushed by rCf51f4e98930e: fips: Introduce GCRYCTL_FIPS_SERVICE_INDICATOR and the macro.

New internal API is introduced with T7340 by the commit rCe1cf31232825: fips: Introduce an internal API for FIPS service indicator.

Change is pushed by rCe1cf31232825: fips: Introduce an internal API for FIPS service indicator.

Works for me in an NSIS installer. The VSD beta thing also works with copied conf files.
(gpg4win-5.0.0-beta27 with some local mods)

This doesn't happen anymore now that we offer all valid user IDs and not just the primary user IDs.

Maybe its overthinking the problem of attachments with content-id but no reference in the HTML (btw. if mails are shown as plain text all attachments are listed regardless of their content id. ) I guess code like: if filename.endsWith(.png) || filename.endsWith(.jpg) || filename.endsWith(.jpeg) then ignore_cid=false; else ignore_cid = true. Would do the right thing 99% of the time. Core reference: rOd87848059727587be1f660283e0aeb3be16cc382

I have created two subtasks for the two changes we could make in Kleopatra to avoid the gpg-agent startup race.

Neither gpg nor gpgsm start gpg-agent if the keyring is empty. That's why Andre made Kleo start gpg-agent explicitly so that people could get going with an empty keyring after inserting their (PKCS#15) smartcard.

Kleo needs this only because it wants to directly talk to gpg-agent via Assuan. For example to get smartcard infos. What about delaying this part until you have received some data back from gpg or gpgsm? This makes sure that the agent has been started.

Looks like there's something not correct in the completion model. Or we use different criteria for showing the blue "i" (as "information") which doesn't make it better. Reopen?

Yes, that's what happens. I did an experiment with waiting for gpgconf --launch gpg-agent to succeed, but the timeout of 5 seconds I used was too low and I didn't feel like increasing the timeout. Instead now we run gpgconf --launch gpg-agent detached.

Let me guess: Kleopatra starts the agent using gpgconf --launch gpg-agent which in turn uses gpg-connect-agent to actually start the agent if needed. Kleopatra does not seem to wait for the launch to succeed and fires up gpg and gpgsm. They both wait for the gpg-agent to be started and both use the same locking strategy. However, this involves a pseudo random wait which should avoid deadlocks. See gnupg/common/dotlock.c:next_wait_interval

This is long done, but only for Qt 6-based releases. Andre's comment T6663#175481 has also been addressed.

This is long done, but only for Qt 6-based releases.

Tested Gpg4win 4.4:
Interesting, when you search for the UID, it looks as before, with the green check mark: