Hendrik,
Thanks for sharing this. It seems the latest GPG Tools release for macOS integrated the same behavior and is stripping valid 3rd party signatures from newly downloaded or updated keys. I’m trying to work around it, but so far no luck trying to use that option via the command line or in gpg.conf or dirmngr.conf. If anyone has solved for this for that platform please let me know.
-T
On Sep 10, 2019, at 2:03 AM, Hendrik Visage <address@hidden> wrote:
Thought it would be interesting to know this state:
apt-listchanges: News
---------------------
gnupg2 (2.2.12-1+deb10u1) buster; urgency=medium
In this version we adopt GnuPG's upstream approach of making keyserver
access default to self-sigs-only. This defends against receiving
flooded OpenPGP certificates. To revert to the previous behavior (not
recommended!), add the following directive to ~/.gnupg/gpg.conf:
keyserver-options no-self-sigs-only
We also adopt keys.openpgp.org as the default keyserver, since it avoids
the associated bandwidth waste of fetching third-party certifications
that will not be used. To revert to the older SKS keyserver network (not
recommended!), add the following directive to ~/.gnupg/dirmngr.conf:
keyserver hkps://hkps.pool.sks-keyservers.net
Note: we do *not* adopt upstream's choice of import-clean for the
keyserver default, since it can lead to data loss, see
https://dev.gnupg.org/T4628 for more details.
-- Daniel Kahn Gillmor <address@hidden> Wed, 21 Aug 2019 14:53:47 -0400
_______________________________________________
Sks-devel mailing list
address@hidden
https://lists.nongnu.org/mailman/listinfo/sks-devel