Global Directory signatures (was Re: GPG wants to check trustdb every day)

Johan Wevers johanw at vulcan.xs4all.nl
Wed Dec 29 19:54:30 CET 2004


David Shaw wrote:

>> Yes. However, it still doesn't prevent the keyservers from being
>> loaded with a lot of useless signatures. I don't know how this would
>> affect the load of the keyservers.

>It lowers the rate of growth (and thus the keyserver load) since gpg
>would not send out expired sigs to keyservers.

GPG would not, put pgp probably will, so the blogging will still occur.
If the keyservers won't sct against that, gpg will have to.

>I wonder if it is better to "clean" the keyring by simply not showing
>or preventing the import of sigs that are not useful rather than by
>deleting them after they are already imported.

In that case the keyring does remain big. If I get a keyring with each key
hundreds of expired sigs, I'm affraid gpg might get slow and diskusage for
the keyrings will increase (also a problem for "gpg on a floppy" solotions).

A bit like the situation now with a key like PRZ's, 0xFAEBD5FC has 1528 sigs
on my machine and is 135kb when exported unarmoured.

>Deleting expired sigs you have to do every single time
>you do a --refresh-keys.

I'm not saying the don't show options don't have their use, but if I want
my keyring clean I might choose to do a keyring cleanup every now and then.

-- 
ir. J.C.A. Wevers         //  Physics and science fiction site:
johanw at vulcan.xs4all.nl   //  http://www.xs4all.nl/~johanw/index.html
PGP/GPG public keys at http://www.xs4all.nl/~johanw/pgpkeys.html



More information about the Gnupg-users mailing list