$ kleopatra --version
kleopatra 3.1.12 (20.12.2)
on fedora 34. Received downstream report,
"kleopatra: Creates unsafe ~/.gnupg when not already present"
That I think I have confirmed.
If you let gpg2 (and friends) create a fresh ~/.gnupg , ownership/perms as such:
gpg: directory '/home/rdieter/.gnupg' created
gpg: keybox '/home/rdieter/.gnupg/pubring.kbx' created
gpg: WARNING: no command supplied. Trying to guess what you mean ...
gpg: Go ahead and type your message ...
$ ls -ld ~/.gnupg
drwx------. 1 rdieter rdieter 92 Sep 3 12:51 /home/rdieter/.gnupg
But if that dir doesn't exist and I start kleopatra, I end up with:
$ ls -ld ~/.gnupg*
drwxrwxr-x. 1 rdieter rdieter 98 Sep 3 12:28 /home/rdieter/.gnupg
Same on Debian, and same with 20.12 - 21.04 - 21.08
Thanks for the report. We were able to reproduce it and have fixed this.