gabriel rosenkoetter on Thu, 27 Feb 2003 22:21:05 -0500


[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

Re: [PLUG] GnuPG 1.2.1 trustdb checks for every pubkey import?


On Thu, Feb 27, 2003 at 06:11:29AM -0500, Chris Hedemark wrote:
> On Thursday, February 27, 2003, at 12:45 AM, gabriel rosenkoetter wrote:
> >Does this just point to "gcc STILL sucks at optimizing PowerPC"?
> >(Quite possible...)
> No.  I use a G4 and have no such problems.

So? Your processor should, on the fly, parallelize exactly this kind
of math with its Altivec functionality. It's possible to codegen
PPC assembly that Altivec will choke on, but you have to be pretty
braindamaged about it (meaning any sane compiler can use Altivec
without actively trying to use it, probably).

And if gcc's even started optimizing things for PPC noticeably,
you can bet they've started with the easy stuff like Altivec.

Also, are you sure your GnuPG was built with gcc? With what version
of gcc?

On Thu, Feb 27, 2003 at 08:50:50AM -0500, David Shaw wrote:
> Either 0 keys found in relation or the value of max-cert-depth is
> reached.  The default max-cert-depth is 5.

Would setting max-cert-depth lower (say, 2) be a bad idea in some
way?

> Note that GnuPG has optimized assembly for math operations on most
> CPUs... except PowerPC.  The next release (1.2.2) adds PowerPC code.

Eagerly awaiting that, for sure!

> GnuPG won't generate Elgamal keys any more unless the user specifies
> --expert, and then confirms the "are you crazy?  why would you want to
> do such a thing?" question.  People still make them.

Well, so it sounds like you have your bright, red light bulb after
all. ;^>

> Good.  What that does is check and cache EVERY signature on your
> keyring.  Once that is done, there is very little work to do in
> building the trustdb.

Well, it's not quite the magic fix-all I was dreaming of, but it's
certainly much better. Thanks for the advice!

On Thu, Feb 27, 2003 at 09:20:50PM -0500, Walt Mankowski wrote:
> Excellent points.  I'll probably add a cron job to periodically
> rebuild the caches to prevent these slowdowns from happening in the
> future.  Also, it sounds like things will be even better in the next
> release.

Fwiw, I'm thinking of something like this:

45 7 * * 1 gpg --rebuild-keydb-caches && gpg --check-trustdb
0 8 * * 2-5 gpg --check-trustdb

(That's during my drive to work. There's really no safe time on
weekends that will keep me from potentially adding a pubkey or
signature during a trustdb check, which may be as bad news as the
scary moment I had while running a --no-sig-cach --rebuild-keydb-caches
earlier today.)

-- 
gabriel rosenkoetter
gr@eclipsed.net

Attachment: pgp4ST7BhQXbN.pgp
Description: PGP signature