• gpg: Ignore all key-signatures received from keyservers.
• gpg: If an imported keyblocks is too large to be stored in the keybox (pubring.kbx) do not error out but fallback to an import using the options "self-sigs-only,import-clean".
• gpg: New command --locate-external-key which can be used to refresh keys from the Web Key Directory or via other methods configured with --auto-key-locate.
• gpg: New import option "self-sigs-only".
• gpg: In --auto-key-retrieve prefer WKD over keyservers.
• dirmngr: Support the "openpgpkey" subdomain feature from draft-koch-openpgp-webkey-service-07.
• dirmngr: Add an exception for the "openpgpkey" subdomain to the CSRF protection.
• dirmngr: Fix endless loop due to http errors 503 and 504.
• dirmngr: Fix TLS bug during redirection of HKP requests.
• gpgconf: Fix a race condition when killing components.
• gpg: Allow deletion of subkeys with --delete-key. This finally makes the bang-suffix work as expected for that command.
• gpg: Replace SHA-1 by SHA-256 in self-signatures when updating them with --quick-set-expire or --quick-set-primary-uid.
• gpg: Improve the photo image viewer selection.
• gpg: Fix decryption with --use-embedded-filename.
• gpg: Remove hints on using the --keyserver option.
• gpg: Fix export of certain secret keys with comments.
• gpg: Reject too long user-ids in --quick-gen-key.
• gpg: Fix a double free in the best key selection code.
• gpg: Fix the key generation dialog for switching back from EdDSA to ECDSA.
• gpg: Use AES-192 with SHA-384 to comply with RFC-6637.
• gpg: Use only the addrspec from the Signer's UID subpacket to mitigate a problem with another implementation.
• gpg: Skip invalid packets during a keyring listing and sync diagnostics with the output.
• gpgsm: Avoid confusing diagnostic when signing with the default key.
• agent: Do not delete any secret key in --dry-run mode.
• agent: Fix failures on 64 bit big-endian boxes related to URIs in a keyfile.
• agent: Stop scdaemon after a reload with disable-scdaemon newly configured.
• dirmngr: Improve caching algorithm for WKD domains.
• dirmngr: Support other hash algorithms than SHA-1 for OCSP.
• gpgconf: Make --homedir work for --launch.
• gpgconf: Before --launch check for a valid config file.
• wkd: Do not import more than 5 keys from one WKD address.
• wkd: Accept keys which are stored in armored format in the directory.

Signed-off-by: Pierre-Yves <pyu@riseup.net>

• Unit tests are OK
• This commit is signed with this version of GnuPG