Large keyrings, GnuPG slowdowns/Seahorse segfaults

Ingo Klöcker ingo.kloecker@epost.de
Sun Sep 15 20:44:02 2002 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On Sunday 15 September 2002 20:04, Werner Koch wrote:
> On Sun, 15 Sep 2002 12:56:13 +0200, Ingo Klöcker said:
> > BTW, why is this command neither listed in the manual page nor in
> > the output of 'gpg --help'?
>
> It is a migration command and mentioned in the NEWS file. I am pretty
> sure that I suggested to use the rebuild command in the orginal
> annoucemnet for 1.0.7 too.

I know you did. But most people installing some packaged gpg won't read 
the announcement.

>  From NEWS:
>
>     * The way signature stati are store has changed so that v3
>       signatures can be supported. To increase the speed of many
>       operations for existing keyrings you can use the new
>       --rebuild-keydb-caches command.

That's almost the last item in a very long list of news. Many people 
will either stop before this item or read over it not noting its 
importance. People are lazy.

> Folks packaging gnupg should defintely read the NEWS file and
> consider to employ migration post-install script.

I doubt that a post-install script would be applied to the keyrings of 
all users. Especially when the users' home directories are on an NFS 
mounted device. In this case often root can't access these directories 
and so can't a post-install script.

>  Anyway, I'll add
> this command to the man page of course but I guess it won't help much
> given the "structure" of the man page.

At least I will then find the command when I'm looking for it.

Wouldn't it be possible to run this command automatically when the users 
run GnuPG 1.0.7 for the first time? Many people are compiling GnuPG 
1.0.7 from source (there is for example still no official RPM from 
SuSE). And a lot of those people obviously don't have a look at the 
NEWS file (or they stop reading when they are halfway through).

Also adding a corresponding item to the FAQ ("Q: Why is gpg so slow? A: 
You did run gpg --rebuild-keydb-caches after updating from GnuPG 1.0.6 
or below, right?") would be good. Maybe it's already there. I haven't 
checked.

Regards,
Ingo

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.7 (GNU/Linux)

iD8DBQE9hNWWGnR+RTDgudgRAolEAKCcIc5k7F3Alpv6YCCaAVtsv6b6OwCg17/K
TqrGnmOHOqqJn7zxMxbm4ho=
=204s
-----END PGP SIGNATURE-----