This has a serious usability issue. If you cancel the password entry when exporting it reports success and creates an apparently valid secret key file but without the subkey you intended to export. So worst case the user thinks he has a backup but instead has no backup :/

works

works as described by Ingo

What is a partial CRL; I have never seen that and IIRC the specification for that was not complete.

For what it is worth, I think that my patch is more standard compliant then yours because it checks if there is a partial CRL.

I think 289fbc550d18a7f9b26c794a2409ba820811f6b3 implemented this wish from 2016 :) @werner please read the full report and then close it as fixed if you agree. I find it a bit funny that we both came independently to the same conclusion, that it should be handled differently even if the standard says otherwise. Because the behavior from the standard does not make sense and is in contradiction to other parts where it says that each CRL must contain all revocations.

As part of this the "Change Reset Code" button should be hidden in the general user interface.

This is about showing the corresponding about dialog text for the disable support option.

The default validity period can be specified in the configuration file with

[CertificateCreationWizard]
ValidityPeriodInDays=42

Quick gen key is only used for the keygen in GpgOL and KMail. Kleopatra itself uses the old batch generate interface.

--quick-gen-key supports this but there is no general option; the 2 years are hard coded.

This works with the message class changing. We still need to do it for OpenPGP, too.

This has been resolved with rOb05416e7bc41

And I also did a backport to 2.2 :-) See rGa028f24136a062f55408a5fec84c6d31201b2143

There are likely some bugs in the new code and I also want to do some improvements; see rGb4f1159a5bd7. But things should basically work as before and thus I set this again to testing

i'd be unlikely to ship anything as /etc/gnupg/gpg.conf or /etc/gnupg/dirmngr.conf just because of the mess that admins have to deal with when shipped config files change.

Arggh, gpgconf uses its own option parser so adding the global config file there will require some extra work.

@dkg You might find this interesting. Debian could do stuff in /etc/gnupg/gpg.conf or /etc/gnupg/dirmngr.conf without patching GnuPG to change some defaults.

All done in master with the latest libgpg-error (see T4859). There is always a global configure file in /etc/gnupg (or whatever "gpgconf --list-dirs sysconfdir" prints). The name of the configure file is the same as the user config file (gpg.conf, gpgsm.conf, gpg-agent.conf, ...) but for gpg.conf no versioned config names are used.

Okay, we now have global conf files in master. The extra flags to ignore or force certain options will be added to libgpg-error.

This is fixed now.

This is fixed in Gpg4win-3.1.11

We now have a decent error message for this.

Maybe it is the same issue described in https://dev.gnupg.org/T4717 ?

I think we can fix it by removing the smime attachment from OOM, because we still have it in MAPI, we just never cared that it was also in OOM (where only our decrypted attachments belong) because it was hidden.

In T2300#90092, @aheinecke wrote:

Ah nevermind. I think myself that this is nobug and current behavior is correct.

To implement / test the "not literally RFC compliant but in practice better" behavior let us call this now a wish and feature request as there are certificates in the wild other then intevation's and customers in large institutions run into that.

We should publish a status report about the campaign. I'd suggest to do this a few days before the 2.2 release.