Feed All Stories

Yesterday

gniibe added a comment to T4619: Unable to decrypt symmetric-key encrypted data.

If the use of GnuPG (current implementation) is a condition, I think that you could improve the generation of SKESK packets, so that no other passphrase can not let gpg misunderstand as it may decrypt encrypted packet.

Thu, Jul 18, 11:48 PM · gnupg (gpg22), Bug Report
stm added a comment to T4619: Unable to decrypt symmetric-key encrypted data.

Unfortunately, for my use case the corresponding SKESK packet number is not known when calling GnuPG.

Thu, Jul 18, 11:02 PM · gnupg (gpg22), Bug Report
stm awarded T4644: gpg: implent keybox compression run a Like token.
Thu, Jul 18, 10:53 PM · Bug Report
ilf created T4644: gpg: implent keybox compression run.
Thu, Jul 18, 9:33 PM · Bug Report
JW-D added a comment to T4631: Difficulties to generate key on OpenPGP Smart Card V3.3.

I use the internal driver.

Thu, Jul 18, 8:37 PM · OpenPGP, scd, Bug Report
jukivili committed rC320ed4796303: Fix use of AVX instruction in SHA1/SSSE3 assembly (authored by jukivili).
Fix use of AVX instruction in SHA1/SSSE3 assembly
Thu, Jul 18, 7:57 PM
slandden updated subscribers of T4630: libgcrypt: POWER GHASH Vector Acceleration.

@werner I would be willing to share 20% to the reviewer of my patches. (or 25% in this case, as @jwilk went through the effort to even write a test to point out a bug in my code). However, so far that has been entirely @jwilk who has been reviewing my patches.

Thu, Jul 18, 5:59 PM · Feature Request, libgcrypt
dkg committed rE732855a48370: build: Use {CFLAGS,CPPFLAGS, LDFLAGS}_FOR_BUILD for helper programs (authored by dkg).
build: Use {CFLAGS,CPPFLAGS, LDFLAGS}_FOR_BUILD for helper programs
Thu, Jul 18, 5:49 PM
dkg added a commit to T4643: gpgrt: enable the environment to set compiler and linker flags for helper tools: rE732855a48370: build: Use {CFLAGS,CPPFLAGS, LDFLAGS}_FOR_BUILD for helper programs.
Thu, Jul 18, 5:49 PM · gpgrt, Feature Request
dkg added a comment to T4643: gpgrt: enable the environment to set compiler and linker flags for helper tools.

I've just pushed rE732855a483709345a5c0f49504f45cb8da3f883a to dkg-fix-T4643 in the gpg-error git repository. I don't know why it is not yet visible here.

Thu, Jul 18, 5:31 PM · gpgrt, Feature Request
dkg created T4643: gpgrt: enable the environment to set compiler and linker flags for helper tools.
Thu, Jul 18, 5:21 PM · gpgrt, Feature Request
dkg added commits to T4641: Libassuan: enable the environment to set compiler and linker flags for helper tools: rA45f01593d4ce: pass through {CFLAGS,CPPFLAGS,LDFLAGS}_FOR_BUILD when creating helper programs, rA98d7c7ea3f37: build: Use {CFLAGS,CPPFLAGS,LDFLAGS}_FOR_BUILD for helper programs..
Thu, Jul 18, 4:37 PM · libassuan, Feature Request
dkg added a task to rA45f01593d4ce: pass through {CFLAGS,CPPFLAGS,LDFLAGS}_FOR_BUILD when creating helper programs: T4641: Libassuan: enable the environment to set compiler and linker flags for helper tools.
Thu, Jul 18, 4:37 PM
dkg added a task to rA98d7c7ea3f37: build: Use {CFLAGS,CPPFLAGS,LDFLAGS}_FOR_BUILD for helper programs.: T4641: Libassuan: enable the environment to set compiler and linker flags for helper tools.
Thu, Jul 18, 4:37 PM
dkg added a comment to rA98d7c7ea3f37: build: Use {CFLAGS,CPPFLAGS,LDFLAGS}_FOR_BUILD for helper programs..

CC_FOR_BUILD is defined in configure.ac as build system C compiler, not build system C compiler and flags.

Thu, Jul 18, 4:35 PM
dkg added a comment to T4628: new import-clean default for keys from keyservers modifies the local keyring when anything is returned.

I'm aware of you releasing an RC for comments, and i apologize for not catching this particular case earlier. As you know from T4607, i was even advocating for it. i didn't understand the full implications of the "import-then-clean" approach at the time, and was thinking it would only apply to the incoming material, not the stored material.

Thu, Jul 18, 4:26 PM · Keyserver, gnupg (gpg22), Bug Report
werner committed rGe07584b52307: doc: Fix a debug hint on the keybox format. (authored by werner).
doc: Fix a debug hint on the keybox format.
Thu, Jul 18, 2:12 PM
werner committed rG824ca6f042dc: kbx: Allow "gpgsm --faked-system-time" to kick off a compression run. (authored by werner).
kbx: Allow "gpgsm --faked-system-time" to kick off a compression run.
Thu, Jul 18, 2:00 PM
efraim created T4642: gpa searches for gpg2keys_ldap, should be dirmngr_ldap in the S1 Public space.
Thu, Jul 18, 11:37 AM · gpa
werner edited projects for T4631: Difficulties to generate key on OpenPGP Smart Card V3.3, added: scd, OpenPGP; removed Info Needed.

Are you using pcscd (is that process running) or the internal driver.? Please try the latter if you are not already using it.

Thu, Jul 18, 11:15 AM · OpenPGP, scd, Bug Report
werner triaged T4633: gpg argument "--passphrase=" yields 'missing argument for option "--passphrase="' as High priority.
Thu, Jul 18, 11:13 AM · gnupg (gpg22), Bug Report
werner triaged T4634: "gpg --quiet --quick-gen-key" is not quiet: emits "key $FPR marked as ultimately trusted" to stderr. as Wishlist priority.
Thu, Jul 18, 11:11 AM · gnupg (gpg22), Bug Report
werner triaged T4640: Outdated text and links at <http://git.gnupg.org/> as Normal priority.
Thu, Jul 18, 11:10 AM · gpgweb, Bug Report
werner edited projects for T4640: Outdated text and links at <http://git.gnupg.org/>, added: gpgweb; removed Trash, Documentation.
Thu, Jul 18, 11:10 AM · gpgweb, Bug Report
werner added a comment to T4628: new import-clean default for keys from keyservers modifies the local keyring when anything is returned.

The code has comments why we do a first clean_key on the imported keyblock.

Thu, Jul 18, 11:07 AM · Keyserver, gnupg (gpg22), Bug Report
werner added a comment to rA98d7c7ea3f37: build: Use {CFLAGS,CPPFLAGS,LDFLAGS}_FOR_BUILD for helper programs..

I wonder why the flags can't go into CC_FOR_BUILD.

Thu, Jul 18, 10:59 AM
gniibe committed rPTH6b8ed75b40e6: build: Add -no-install for LDFLAGS of test programs. (authored by gniibe).
build: Add -no-install for LDFLAGS of test programs.
Thu, Jul 18, 8:55 AM
gniibe added a commit to T4298: 'make check' with uninstalled library, which is building now (even if rpath doesn't work well): rPTH2501a48930eb: build: With LD_LIBRARY_PATH defined, use --disable-new-dtags..
Thu, Jul 18, 8:55 AM
gniibe committed rPTH2501a48930eb: build: With LD_LIBRARY_PATH defined, use --disable-new-dtags. (authored by gniibe).
build: With LD_LIBRARY_PATH defined, use --disable-new-dtags.
Thu, Jul 18, 8:55 AM
JW-D added a comment to T4631: Difficulties to generate key on OpenPGP Smart Card V3.3.

All my keys are RSA 4096. It worked fine with OpenPGP smart cards and with two Yubikey 5. On all devices a set of RSA 4096 keys were geneated on the device itself. Only one card failed. But even the card which failed, generated at least the signature key in RSA 4096.

Thu, Jul 18, 8:18 AM · OpenPGP, scd, Bug Report
gniibe added a project to T4631: Difficulties to generate key on OpenPGP Smart Card V3.3: Info Needed.

Please let us know what kind of key and how large, like RSA-4096 or ECC Brainpool.
For RSA 2048 or larger, yes, it takes too long.

Thu, Jul 18, 7:47 AM · OpenPGP, scd, Bug Report
gniibe triaged T4641: Libassuan: enable the environment to set compiler and linker flags for helper tools as Normal priority.
Thu, Jul 18, 7:41 AM · libassuan, Feature Request
gniibe claimed T4641: Libassuan: enable the environment to set compiler and linker flags for helper tools.

Thanks.
Merged (with line break in the Makefile.am and formatting of commit message.

Thu, Jul 18, 7:39 AM · libassuan, Feature Request
gniibe committed rA98d7c7ea3f37: build: Use {CFLAGS,CPPFLAGS,LDFLAGS}_FOR_BUILD for helper programs. (authored by dkg).
build: Use {CFLAGS,CPPFLAGS,LDFLAGS}_FOR_BUILD for helper programs.
Thu, Jul 18, 7:37 AM
gniibe added a comment to T4619: Unable to decrypt symmetric-key encrypted data.

I mean, if all SKESK packets should be tried, we need some larger surgery of current implementation.

Thu, Jul 18, 5:07 AM · gnupg (gpg22), Bug Report
gniibe added a comment to T4619: Unable to decrypt symmetric-key encrypted data.

Is it possible for your application (DOTS), to specify the packet number for SKESKP, not trying all SKESK packets?


^-- with this change, we can decrypt the skesks.asc with --passphrase-repeat=169, and skesks2.asc with --passphrase-repeat=30

Thu, Jul 18, 5:05 AM · gnupg (gpg22), Bug Report
gniibe committed rG44be675b759d: gpg: More check for symmetric key encryption. (authored by gniibe).
gpg: More check for symmetric key encryption.
Thu, Jul 18, 4:05 AM
dkg committed rA45f01593d4ce: pass through {CFLAGS,CPPFLAGS,LDFLAGS}_FOR_BUILD when creating helper programs (authored by dkg).
pass through {CFLAGS,CPPFLAGS,LDFLAGS}_FOR_BUILD when creating helper programs
Thu, Jul 18, 12:57 AM
dkg added a comment to T4628: new import-clean default for keys from keyservers modifies the local keyring when anything is returned.

i've merged a variant of rGbe99eec2b105eb5f8e3759147ae351dcc40560ad into the GnuPG packaging in debian unstable as of version 2.2.17-3 to avoid the risks of data loss and signature verification failures. I'll revert it if i see the concern addressed upstream.

Thu, Jul 18, 12:17 AM · Keyserver, gnupg (gpg22), Bug Report

Wed, Jul 17

dkg added a comment to T4592: gpg takes > 30s to list the keys from a 17MiB `pubring.gpg` that contains a single certificate.

@gniibe, thank you for backporting this to STABLE-BRANCH-2-2!

Wed, Jul 17, 10:25 PM · gnupg (gpg23), Bug Report
dkg added a task to rG33c17a8008c3: gpg: Improve import slowness.: T4592: gpg takes > 30s to list the keys from a 17MiB `pubring.gpg` that contains a single certificate.
Wed, Jul 17, 10:24 PM
dkg added a task to rGeb00a14f6d2d: gpg: Improve import slowness.: T4592: gpg takes > 30s to list the keys from a 17MiB `pubring.gpg` that contains a single certificate.
Wed, Jul 17, 10:24 PM
dkg added commits to T4592: gpg takes > 30s to list the keys from a 17MiB `pubring.gpg` that contains a single certificate: rGeb00a14f6d2d: gpg: Improve import slowness., rG33c17a8008c3: gpg: Improve import slowness..
Wed, Jul 17, 10:24 PM · gnupg (gpg23), Bug Report
dkg added a comment to T4641: Libassuan: enable the environment to set compiler and linker flags for helper tools.

I don't know why dkg-fix-T4641 is not showing up here on the assuan git repo.

Wed, Jul 17, 9:11 PM · libassuan, Feature Request
stm added a comment to T3389: canonical OpenPGP certificate export.

@dkg You are right. The term "issuer" was too ambiguous.
I like your proposal and would try to implement it. However, "export" of dkg-keycheck and other programs from DKGPG are very limited.

Wed, Jul 17, 8:53 PM · gnupg (gpg23), Feature Request
stm added a comment to T4619: Unable to decrypt symmetric-key encrypted data.

But that's exactly my use case in DOTS: an easily to create 'decryption puzzle' (including the hardness of iterated and salted S2K) for the serving party in order to make DoS harder. I don't see how public-key crypto can help here. Moreover, I would keep the user interaction as cheap as possible, i.e., copy'n'paste an ASCII-armored message and passwort to GnuPG without importing public keys etc.

Wed, Jul 17, 8:34 PM · gnupg (gpg22), Bug Report
dkg added a comment to T4641: Libassuan: enable the environment to set compiler and linker flags for helper tools.

I've just pushed rA45f01593d4ce794ae3562359aee2ff80c97e368e to the dkg-fix-T4641 branch that resolves this.

Wed, Jul 17, 7:31 PM · libassuan, Feature Request
dkg created T4641: Libassuan: enable the environment to set compiler and linker flags for helper tools.
Wed, Jul 17, 7:29 PM · libassuan, Feature Request
dkg added a comment to T4632: Make it easier to cross-compile gpg-error.

Thanks for the feedback. I'll go ahead and close any tickets that come in via debian that expect to be able to cross compile without having at least once had a native compiler on the platform to generate the appropriate lock-obj-pub-*.h.

Wed, Jul 17, 7:05 PM · gpgrt, Feature Request
olf created T4640: Outdated text and links at <http://git.gnupg.org/>.
Wed, Jul 17, 5:01 PM · gpgweb, Bug Report
aheinecke created T4639: GpgOL: Plain Text mails are classified as HTML after decryption by GpgOL.
Wed, Jul 17, 4:51 PM · gpg4win, gpgol
werner added a comment to T4619: Unable to decrypt symmetric-key encrypted data.

The problem here is that trial decryption may cost a lot of time because of the passphrase KDF function which, on purpose, takes long. There is one exception: A simple S2K (algo 0) takes no time and its use makes sense iff the passphrase has been created directly as a random string. However, I do not see the use cases for of a set of many passphrases compared to just use public key crypto.

Wed, Jul 17, 12:19 PM · gnupg (gpg22), Bug Report
werner closed T4632: Make it easier to cross-compile gpg-error as Wontfix.

In fact this specific scheme of indirect access to pthread objects is there to minimize dependencies of libgpg-error. It makes cross-compiling a bit harder but that is anyway the case because you need to check a lot of things for a new platform.

Wed, Jul 17, 12:12 PM · gpgrt, Feature Request
werner triaged T4630: libgcrypt: POWER GHASH Vector Acceleration as Low priority.
Wed, Jul 17, 12:07 PM · Feature Request, libgcrypt
werner added a comment to T4630: libgcrypt: POWER GHASH Vector Acceleration.

Please STOP adding such bug reports or feature requests. They are not helpful and such discussion are better done at the mailing list. In case you want to spend money to speed up things you may contact gnupg.com for a quote.

Wed, Jul 17, 12:07 PM · Feature Request, libgcrypt
werner triaged T4635: ship gpgscm and necessary *.scm files from gpgrt as Low priority.

It is on on my private todo list but thanks for opening a puplic issue for tracking.

Wed, Jul 17, 12:02 PM · Tests, gpgrt, Feature Request
aheinecke created T4638: GpgOL: Permanently decrypt not available on Outlook 2010.
Wed, Jul 17, 9:08 AM · gpgol
aheinecke created T4637: GpgOL: Encoding problems in German.
Wed, Jul 17, 8:54 AM · gpgol
aheinecke created T4636: GpgOL: Enable "File->Save As" also for mails opened in their own windows.
Wed, Jul 17, 8:38 AM · gpg4win, gpgol
JW-D added a comment to T4631: Difficulties to generate key on OpenPGP Smart Card V3.3.

I should may add, that on the card which failed, only the signature key was generated and written to the card. The authentication and encryption keys could not be generated..

Wed, Jul 17, 8:06 AM · OpenPGP, scd, Bug Report
stm added a comment to T4619: Unable to decrypt symmetric-key encrypted data.

@gniibe Thanks for explaining the background. Are there any ideas for fixing? (e.g. the decrypted content could be checked for a valid packet structure or at least for starting with a valid packet header)

Wed, Jul 17, 7:36 AM · gnupg (gpg22), Bug Report
dkg created T4635: ship gpgscm and necessary *.scm files from gpgrt.
Wed, Jul 17, 2:12 AM · Tests, gpgrt, Feature Request
dkg added a comment to T3389: canonical OpenPGP certificate export.

@stm it kind of is a last-resort already, given that it's only in the event where the signature creation dates are equal, but sure, i wouldn't mind adjusting the proposal to say that (sigs) means "sort by date, then issuer, then binary content" -- but what do we think "sort by issuer" means?

Wed, Jul 17, 1:28 AM · gnupg (gpg23), Feature Request
dkg created T4634: "gpg --quiet --quick-gen-key" is not quiet: emits "key $FPR marked as ultimately trusted" to stderr..
Wed, Jul 17, 1:01 AM · gnupg (gpg22), Bug Report
dkg added a comment to T4601: gpg --quiet --quick-sign-key is not quiet.

does the removal of the gpg22 tag mean that it will not be possible to rely on colon-delimited output for the gpg 2.2 series?

Wed, Jul 17, 12:56 AM · gnupg (gpg23), Bug Report
dkg created T4633: gpg argument "--passphrase=" yields 'missing argument for option "--passphrase="'.
Wed, Jul 17, 12:53 AM · gnupg (gpg22), Bug Report

Tue, Jul 16

dkg created T4632: Make it easier to cross-compile gpg-error.
Tue, Jul 16, 11:18 PM · gpgrt, Feature Request
JW-D created T4631: Difficulties to generate key on OpenPGP Smart Card V3.3.
Tue, Jul 16, 8:27 PM · OpenPGP, scd, Bug Report
dkg added a comment to T4593: dirmngr should not apply Kristian's CA when fetching from a keyserver that is not `hkps.pool.sks-keyservers.net`.

Just a note that we're now shipping this patch in debian unstable. It would be great if it was merged upstream.

Tue, Jul 16, 8:08 PM · gnupg (gpg22), Bug Report, dirmngr
dkg added a comment to T4628: new import-clean default for keys from keyservers modifies the local keyring when anything is returned.

that pseudocode is strange to me -- it looks like you have (two) duplicate calls to clean_key (imported_keyblock) (though maybe i just don't know what .... means in this pseudocode).

Tue, Jul 16, 6:36 PM · Keyserver, gnupg (gpg22), Bug Report
johnmar created T4630: libgcrypt: POWER GHASH Vector Acceleration in the S1 Public space.
Tue, Jul 16, 6:32 PM · Feature Request, libgcrypt
aheinecke committed rM6f4a886b30ca: core: Fix arg counting in enginge-gpg (authored by aheinecke).
core: Fix arg counting in enginge-gpg
Tue, Jul 16, 12:03 PM
gniibe added a comment to T4042: RFC 4880 compliance.

It was rG07250279e7ec: * keyedit.c (keyedit_menu): Invisible alias "passwd" as "password". in 2004, which set default to rfc2440-text behavior.
And in 2007, the commit rGb550330067b6: * gpg.c (main): Disable --rfc2440-text and --force-v3-sigs by default. Enable… changed the default to no-rfc2440-text.

Tue, Jul 16, 10:20 AM · OpenPGP, gnupg
gniibe closed T4105: Inconsistent output for revocation keys in --list-keys --with-colons as Resolved.

Thanks, fixed in master.

Tue, Jul 16, 9:55 AM · Documentation, gnupg, Bug Report
gniibe committed rG4195ce15f494: doc: Fix description of the field 11. (authored by gniibe).
doc: Fix description of the field 11.
Tue, Jul 16, 9:55 AM
gniibe added a commit to T4105: Inconsistent output for revocation keys in --list-keys --with-colons: rG4195ce15f494: doc: Fix description of the field 11..
Tue, Jul 16, 9:55 AM · Documentation, gnupg, Bug Report
physkets awarded T4393: GnuPG should always accept key updates even if the update does not contain UIDs a Like token.
Tue, Jul 16, 8:43 AM · gnupg (gpg23), Feature Request
werner triaged T4529: libgcrypt: POWER AES Vector Acceleration as Normal priority.

Please do not change the priority back. That is a maintainer's task. I consider this along with adding replicas of issues to a bit rude.

Tue, Jul 16, 8:33 AM · libgcrypt, Feature Request
werner triaged T4530: libgcrypt: POWER SHA-2 Vector Acceleration as Normal priority.

Please do not change the priority back without discussing this with the maintainer first. Thanks.

Tue, Jul 16, 8:31 AM · libgcrypt, Feature Request
werner triaged T4627: "gpg --verbose --list-secret-keys" prints a lot of warning messages unrelated to secret keys as Low priority.
Tue, Jul 16, 8:29 AM · gnupg (gpg22), Bug Report
werner closed T4629: POWER AES Vector Acceleration as Spite.
Tue, Jul 16, 8:27 AM · libgcrypt, Feature Request
werner triaged T4628: new import-clean default for keys from keyservers modifies the local keyring when anything is returned as Normal priority.
Tue, Jul 16, 8:25 AM · Keyserver, gnupg (gpg22), Bug Report
werner added a comment to T4628: new import-clean default for keys from keyservers modifies the local keyring when anything is returned.

You are partly right. I missed that we also do clean the original keyblock while updating a key. The code is

Tue, Jul 16, 8:17 AM · Keyserver, gnupg (gpg22), Bug Report
werner added a comment to T4594: dirmngr appears to unilaterally import system CAs.

I see. I am also mostly testing with ntbtls so I was wondering about the report. Thanks for reporting and fixing.

Tue, Jul 16, 8:04 AM · Bug Report, dirmngr, gnupg (gpg22)
Laurent Montel <montel@kde.org> committed rLIBKLEOe7f5774b9873: GIT_SILENT: 19.12 is open (authored by Laurent Montel <montel@kde.org>).
GIT_SILENT: 19.12 is open
Tue, Jul 16, 7:12 AM
gniibe added a comment to T4623: pkg-config for mingw needs to emit -lws2_32.

Current situation of *.pc: static linking is not supported (yet).
It has never supported, actually, by *-config.

Tue, Jul 16, 5:49 AM · Windows, gpgrt, Bug Report
gniibe triaged T4594: dirmngr appears to unilaterally import system CAs as Normal priority.

While I understand incorrectness, the risk in practice is not that high. So, I put this as "normal" priority.

Tue, Jul 16, 5:35 AM · Bug Report, dirmngr, gnupg (gpg22)
gniibe added a comment to T4619: Unable to decrypt symmetric-key encrypted data.

In the current implementation of GnuPG, multiple packets of Symmetric-Key Encrypted Session Key Packet are not handled very well.

Tue, Jul 16, 4:03 AM · gnupg (gpg22), Bug Report
gniibe changed the status of T4594: dirmngr appears to unilaterally import system CAs from Open to Testing.

Pushed the change to master as well as 2.2 branch.

Tue, Jul 16, 3:15 AM · Bug Report, dirmngr, gnupg (gpg22)
gniibe committed rG58e234fbeb6c: dirmngr: Don't add system CAs for SKS HKPS pool. (authored by gniibe).
dirmngr: Don't add system CAs for SKS HKPS pool.
Tue, Jul 16, 3:14 AM
gniibe added a commit to T4594: dirmngr appears to unilaterally import system CAs: rG58e234fbeb6c: dirmngr: Don't add system CAs for SKS HKPS pool..
Tue, Jul 16, 3:14 AM · Bug Report, dirmngr, gnupg (gpg22)
gniibe committed rG75e0ec65170b: dirmngr: Don't add system CAs for SKS HKPS pool. (authored by gniibe).
dirmngr: Don't add system CAs for SKS HKPS pool.
Tue, Jul 16, 3:13 AM
gniibe added a commit to T4594: dirmngr appears to unilaterally import system CAs: rG75e0ec65170b: dirmngr: Don't add system CAs for SKS HKPS pool..
Tue, Jul 16, 3:13 AM · Bug Report, dirmngr, gnupg (gpg22)
gniibe committed rGb7df72d3074b: gpg: Fix keyring retrieval. (authored by gniibe).
gpg: Fix keyring retrieval.
Tue, Jul 16, 1:34 AM
gniibe committed rGeb00a14f6d2d: gpg: Improve import slowness. (authored by gniibe).
gpg: Improve import slowness.
Tue, Jul 16, 1:34 AM
gniibe added a commit to T4592: gpg takes > 30s to list the keys from a 17MiB `pubring.gpg` that contains a single certificate: rGb7df72d3074b: gpg: Fix keyring retrieval..
Tue, Jul 16, 1:34 AM · gnupg (gpg23), Bug Report

Mon, Jul 15

dkg added a task to rGbe99eec2b105: gpg: drop import-clean from default keyserver import options: T4628: new import-clean default for keys from keyservers modifies the local keyring when anything is returned.
Mon, Jul 15, 10:37 PM
dkg added a commit to T4628: new import-clean default for keys from keyservers modifies the local keyring when anything is returned: rGbe99eec2b105: gpg: drop import-clean from default keyserver import options.
Mon, Jul 15, 10:37 PM · Keyserver, gnupg (gpg22), Bug Report
dkg committed rGbe99eec2b105: gpg: drop import-clean from default keyserver import options (authored by dkg).
gpg: drop import-clean from default keyserver import options
Mon, Jul 15, 10:36 PM
dkg added a comment to T4628: new import-clean default for keys from keyservers modifies the local keyring when anything is returned.

I think dropping import-clean from the default keyserver options is the right way to go. It is not clear what additional benefit import-clean provides given that we are already using self-sigs-only. And the idea of non-additive behavior to the local keyring when pulling from a keyserver is a deeply surprising change for multiple users i've talked to.

Mon, Jul 15, 10:35 PM · Keyserver, gnupg (gpg22), Bug Report