Sequoia rejects EdDSA binding signature exported by GnuPG
It is a similar issue as in #1024 (closed), but applies to public keys.
Reproducer:
$ sq inspect /tmp/qubes-installer/qubes-release/RPM-GPG-KEY-qubes-4.2-templates-community
/tmp/qubes-installer/qubes-release/RPM-GPG-KEY-qubes-4.2-templates-community: OpenPGP Certificate.
Fingerprint: 8F24D388C9DA21A55D7DBC8F08D08ABE6D5C71B3
Public-key algo: EdDSA
Public-key size: 256 bits
Creation time: 2023-03-14 14:35:36 UTC
Key flags: certification, signing
UserID: Qubes OS Release 4.2 Community Templates Signing Key
$ mkdir test
$ gpg --homedir $PWD/test --import /tmp/qubes-installer/qubes-release/RPM-GPG-KEY-qubes-4.2-templates-community
gpg: WARNING: unsafe permissions on homedir '/home/user/test'
gpg: key 08D08ABE6D5C71B3: public key "Qubes OS Release 4.2 Community Templates Signing Key" imported
gpg: Total number processed: 1
gpg: imported: 1
$ gpg --homedir $PWD/test -a --export | sq inspect
gpg: WARNING: unsafe permissions on homedir '/home/user/test'
-: OpenPGP Certificate.
Fingerprint: 8F24D388C9DA21A55D7DBC8F08D08ABE6D5C71B3
Invalid: No binding signature at time 2023-07-28T22:29:23Z
Public-key algo: EdDSA
Public-key size: 256 bits
Creation time: 2023-03-14 14:35:36 UTC
UserID: Qubes OS Release 4.2 Community Templates Signing Key
Invalid: No binding signature at time 2023-07-28T22:29:23Z
The key in question can be found at https://github.com/QubesOS/qubes-qubes-release/blob/main/RPM-GPG-KEY-qubes-4.2-templates-community (if you look at its commit history, you'll see I needed to fix it there).
In principle it might be a GnuPG bug, but it affects interoperability in rather unfortunate way (for example https://github.com/rpm-software-management/dnf/issues/1974), so I think Sequoia parser should be relaxed (print it as a warning, instead of refusing input completely).