I really hate this thing. If I had my way all packages would simply have some sort of SHASUM for them. I just want to know the downloaded file is not an incomplete or corrupted archive.
So they made changes to this package again which has broken auto-retrieve setups for those of us who just want to know the download was complete.
According to
this, adding "no-self-sigs-only,no-import-clean" to your ~/.gnupg/gpg.conf file under keyserver-options should restore the old behavior. But... it doesn't work. The program now just exit immediately saying "no public key".
Has anyone figured this out? I may backport to 2.2.16.