Yes I agree it makes sense to have this as an explicit setting to cover both use cases.

Yes the other one was a duplicate, somehow my search didnt find this and I thought I had forgotten to open the issue.

This was changed in kleopatra some time ago to also generate keys with 2y expiry. So the motivation for this issue is gone.

Hi Ingo, If you run out of work you can do this next. Its already something that I'm showing during product presentations and a workflow I would like to recommend.

I noticed when testing the surprising behavior that when I changed the expiry on the primary key (tested with a smartcard) it did not change the explriy on the subkey. I think in the past it must have been different that the subkey did not get the expiry by default.

Thanks I talked to werner and agree that this is something to work on next. As we are pushing for more LDAP servers used internally which will use the common search and not the WKD discovery mechanisms.

This is a bit more complex for us. I have often noticed the pattern of Windows users that if something does not work as expected they click "Run as Administrator". When they do that once with our software our backend software gnupg is also started with elevated privileges, it might create lock files with elevated permissions it might create data files. For example a user then generates a new key, but already had some keys the public key will be placed in the existing keyring and the permissions will not be changed. But the new key files created will be created with elevated privileges. Then the user runs Kleopatra again as normal user and reports bugs because he cannot access his newly created key files.

Very strange. Both logs show no error.

Just drag and drop it into the input field. There is also a little cloud icon that makes this explicit.

Sorry, but we are a security software. If you give any application that you run on your system root privileges then that is not a secure behavior. This kind of stuff has been deprecated with Windows Vista. Yes we changed the error to a warning as it was too zealous. I agree. It is not our place to educate users. But users should change your operating procedures. You should not handle protection worthy data on a system without privilege seperation.

Mmh, all these issues should be fixed with the most recent versions.

Looks good to me, it no longer returns immediately with the error when there are no readers and the command itself seems to work. Thanks.

Yes, I think the service not active is the cause of the issue. But I don't really understand where this error is lost, I think this should be investigated because I would also expect it not to have a success on this line:
[3900] org.kde.pim.kleopatra: DeviceInfoWatcher::Worker::poll: context finished with Erfolg (code: 0, source: Quelle nicht angegeben)

Btw this only occurs for some options:

pinentry-timeout is indeed used when it is not set to 0.

In my opinion this is also a problem. Especially if you think about it for a while. The one minute timeout is too short and pinentry-timeout which I would expect here to be the config value to adjust this is not used.

When testing under Windows "scd devinfo --watch" returns immediately with ERR 100663614 Service is not running <SCD>
Probably also if you would use PC/SC on Linux but I have not tested this.

The difference seems to be that "scd devinfo --watch" returns immediately with "Service not active"

Last week:

Yes. I know that this is annyoing but I don't think we have a quick command for something like that yet. So editinteractor it is :-/

Ingo, as you are currently working on the config dialog, maybe you could also fix this issue on the way.

I thought about this a bit regarding the search dialog.

Hi Ingo,

I am happy with the result, this seems very workable. Especially the Group Details dialog is a nice touch to inspect a group.

This issue has been overlooked when we opened T5175 and T5175 was where all the work was done.

Start from scratch on a german system, even when you do a gpg --version it shows it is in german. Then import a PKCS#12 container and the dialog is in english.

Hi, thanks I'll give it a spin tomorrow.

Released with gpg4win-3.1.15

werner this would really be a bug because we have code in Kleopatra to both save the selected coloumns, their widths and the sorting state.

Merged your fix. Thanks for the contribution. Commit should show up here in a second.

Thanks, I try to keep the README always up to date with the debian depenencies as I find this useful myself without running configure multiple times to find all the dependencies.

I have to leave this as open as this describes a clear issue users expirience in our software. I assign it to me to keep an eye on the issue. Werner and me discussed this issue at length verbally and there won't be a quick fix for the stable branch but we will address this some time in the future, but then not only for 8bit but for full unicode.

Anyhow. Let us unrelate this from personal issues and just to be clean respect the content of the issue. Git links should not be promoted and cbiedl asked me today why we disagree because plain text protocols are really not state of the art. Cbiedl: You should be able to fix this it would be in the gnupg-doc branch afaik. If you have permission problems please let me know. I'll assign this to you.

For what it is worth we have also just tasked someone from our team to reinstate our buildbot / CI but this would likely not have helped in the current case of the libgcrypt buffer error as only ASAN with large hashtests would have found this. Still we have the general infrastructure for such tests we are just lacking resources. That is why we publish everything and encourage the community to at least help us with testing.

the issue regarding this self test was immediately found after release. Our development is completely open and everyone is free to run tests with our software on any platform at any time. We would respect and fix all those bug reports. None about this reached us during the development phase.
As this is not happening as it should during development we release and test on our platforms and build systems. When after the release others test, too we immediately fix the issues as happened with 1.9.1 in libgcrypt.

I think this works now with error handling. At least it works for me, but needs some more testing of course.

I'm slightly against a backport as this is a behavior change for example KMail and GpgOL which use the --sender option might get different results after this change. I don't think it would be problematic but as said I have a slight preference against backporting because changing behavior of existing calls is better something for the new major release which is in its final steps for release anyway.

Last week:

• Some minor Kleopatra changes
• Finally picked up my GpgOL multi mail changes and refactored them to work more robust with the possibility of proper error handling. This is for T4814 T5228

Thanks for the feedback. I sadly forgot to include the italian translations of GpgOL in the installer. So they will only be part of the next relase.

There is a question for me here if we should make the behavior of rKLEOPATRA5639dc833f92 the default.

Thanks, I already tested it this morning before your last commit and it worked as expected with my configured groups. Even the autocompletion worked nicely.