gabriel rosenkoetter on Thu, 27 Feb 2003 00:41:03 -0500


[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

Re: [PLUG] GnuPG 1.2.1 trustdb checks for every pubkey import?


On Wed, Feb 26, 2003 at 11:35:09PM -0500, David Shaw wrote:
> When a new key comes into the keyring, a trustdb check is necessary to
> find if it is valid or not.  --no-auto-check-trustdb just defers that
> check until you do it yourself.  Many people use
> --no-auto-check-trustdb and then run --check-trustdb out of cron late
> at night.

I'm about to, but it seems absurd. I wouldn't need to if checking
the trustdb took a sane (I define this as maybe 30 seconds for the
frequency with which it's going to happen) period of my time.

> That said, this:
> 
> > gpg --check-trustdb  109.24s user 20.77s system 80% cpu 2:40.70 total
> 
> is pretty bizarre.
> 
> How many keys are on your keyring,

uriel:~% gpg --list-keys | grep ^pub | wc -l
    1428

> and more importantly, did you recently upgrade from an earlier
> version of GnuPG?

This behavior showed up when I upgraded from 1.0.7 to 1.2.1. It had
also showed up when I'd switched to 1.0.7 (or maybe to 1.0.6?),
which I was warned about in the release notes, and (at the time) I
backed my trustdb up and did whatever I was told to it after the
upgrade (I think it was just --rebuild-keydb-caches, but maybe it
was --update-trustdb). I've also recently done a --update-trustdb
pass which involved setting ownertrust values for a lot of keyids,
but I've run --check-trustdb countless times since then without any
change in its performance.

A reply to the PLUG-only responses under separate cover.

-- 
gabriel rosenkoetter
gr@eclipsed.net

Attachment: pgp8nxw59L3OW.pgp
Description: PGP signature