When gpgsm is executed, if it doesn't find pubring.kbx, it will initialize one with certificates in /usr/share/gnupg/com-certs.pem. Most users using GNU Privacy Assistant (app-crypt/gpa) will see this, since GPA lists both gpg and gpgsm keys / certificates. Currently, /usr/share/gnupg/com-certs.pem contains 15 certificates, 12 of which are expired. Relevant links: http://git.gnupg.org/cgi-bin/gitweb.cgi?p=gnupg.git;a=history;f=doc/com-certs.pem http://git.gnupg.org/cgi-bin/gitweb.cgi?p=gnupg.git;a=history;f=doc/qualified.txt
Hello, We install whatever gnupg package provides. Please take this upstream so next package will be updated with valid certificates. Thanks,