gabriel rosenkoetter on Fri, 28 Feb 2003 00:01:07 -0500 |
On Thu, Feb 27, 2003 at 10:52:58PM -0500, David Shaw wrote: > is "if I didn't sign it myself, it's not valid". Depending on how big > your web of trust is, a smaller max-cert-depth can be somewhat faster > when checking the trustdb (less work to do). Hrm. Well, I'm not making it to five, but I'm almost there, and it sure feels like stopping around half of what I'm doing now would get back to being a viable processing time. At the same time, a reasonable (and 5 seems mostly reasonble to me) web of trust is kind of the point. And it gets me most of Debian, most of NetBSD (who bother to have and use OpenPGP keys), and most of Perry Metzger's crypto list/the respectable portion of cypherpunks, which is kind of nice. > I think I need to go for the large hammer next. The light bulb isn't > working. :) Heh. I'm pretty sure that only Microsoft is in a position to mandate peripherals at this point. Although some videogame manufacturers seem to want into the market[1]: http://www.penny-arcade.com/view.php3?date=2001-06-18&res=l > Note that you don't need to rebuild the cache nearly that often. In > fact, now that you've done it once you can probably not do it again > for a few months. It depends on how much importing of new keys you > do. Either way, don't bother to do the slower --no-sig-cache > variation of it again. There is no need. Wasn't planning on the --no-sig-cache part. And I end up importing at least one key a day and often more because of the variety of mailing lists that I follow. Maybe once a month would be enough... > Do this: > > gpg --no --batch --check-trustdb > > That will only do a check if it needs one. Right. I even read that in the man page earlier today and made a mental note to do so, but I forgot when I got back to it this evening. > I'm sort of glad it happened (not the scare part), as I was able to > fix the bug. When 1.2.2 comes out it will be safe to rebuild the > cache and import keys at the same time. Note that even in the current > version it is safe to do a --check-trustdb and import keys at the same > time. The bug is only in --rebuild-keydb-caches. I guess I was also worried about cranking up another --check-trustdb automatically on --verify in mutt, but my --no-auto-check-trustdb should prevent that. [1] Humorous: googling for: penny-arcade "in the beanbag" actually found this. I was afraid I was going to have to go dig for it. Oh, and in light of my comments earlier today: my apologies for the title. I'm not either of the guys that writes that strip. -- gabriel rosenkoetter gr@eclipsed.net Attachment:
pgp4R1TnN7J0A.pgp
|
|