public keyring management practices (was: Re: GPG Recipients List)

gabriel rosenkoetter gr at eclipsed.net
Wed Dec 3 16:30:08 CET 2003


On Wed, Dec 03, 2003 at 07:39:09PM +0000, Neil Williams wrote:
Content-Description: signed data
> Unfortunately, Denis' key isn't linked to the largest strongly connected set, 
> as used with Wotsap and others, http://www.lysator.liu.se/~jc/wotsap/ , so it 
> always comes up as untrusted and always gets deleted when I tidy up my 
> keyring!

Huh. Interesting.

Do you do this to avoid the lengthy automated trustdb rebuilds, or
just Because?

I avoid the pain of trustdb rebuilds when I actually want to be
reading mail by having no-auto-check-trustdb in gpg.conf and these
two cron jobs:

30 4 1 * * zsh -c 'time gpg --rebuild-keydb-caches'
0 8 * * 1-5 zsh -c 'time gpg --no --batch --check-trustdb'

8 am is conveniently exactly the time I leave for work, you see. The
once-a-month keydb cache rebuild really does make a verification-
time difference for me (but I'm mostly using GnuPG on a PowerPC G3,
perhaps not the processor for which GnuPG is best-designed).

-- 
gabriel rosenkoetter
gr at eclipsed.net
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 186 bytes
Desc: not available
Url : /pipermail/attachments/20031203/dc789eba/attachment.bin


More information about the Gnupg-users mailing list