GnuPG 1.2.1 trustdb checks for every pubkey import?

gabriel rosenkoetter gr@eclipsed.net
Thu Feb 27 05:10:01 2003


--Pd0ReVV5GZGQvF3a
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

Every time a key is added to my public keyring, GnuPG forces a
trustdb check. Has anyone else experienced this at least absurd and
arguably broken behavior?

Using --no-auto-check-trustdb makes reading mail with mutt practical
again. Using --no-expensive-trust-checks has no visible effect
(but that's probably to be expected based on its entry in the man
page). Exporting my trust, blowing away trustdb.gpg, and
reimporting my trust doesn't change this behavior.

There is no sane explanation for needing to do a trustdb check with
every imported key. If that were going to be necessary, then it
shouldn't ever have been modularized out.

I don't think I have an excessively large web of trust, but what do
I know.

For reference, here's what a --check-trustdb looks like for me these
days:

uriel:~% time gpg --check-trustdb
gpg: checking at depth 0 signed=3D46 ot(-/q/n/m/f/u)=3D0/0/0/0/0/1
gpg: checking at depth 1 signed=3D84 ot(-/q/n/m/f/u)=3D0/0/0/17/29/0
gpg: checking at depth 2 signed=3D288 ot(-/q/n/m/f/u)=3D0/0/0/72/7/0
gpg: checking at depth 3 signed=3D181 ot(-/q/n/m/f/u)=3D0/74/0/22/1/0
gpg: checking at depth 4 signed=3D0 ot(-/q/n/m/f/u)=3D0/0/0/0/1/0
gpg: next trustdb check due at 2003-03-07
gpg --check-trustdb  109.24s user 20.77s system 80% cpu 2:40.70 total

This is on a PowerPC G3 (a 750, running, I believe, at 300 MHz,
but it's been a long time since I thought about it and NetBSD/macppc
doesn't report cycle speed in dmesg(8)) with 288 MBs (says dmesg(8);
I don't recall exactly what DIMMs I've got in there) of memory.
The disk isn't the fastest around, but this process is clearly
(based on zsh's time builtin's output and also observation of top(1)
while the thing is running) cpu-bound, so that doesn't matter
here.

I'm using:

gpg (GnuPG) 1.2.1
Copyright (C) 2002 Free Software Foundation, Inc.
This program comes with ABSOLUTELY NO WARRANTY.
This is free software, and you are welcome to redistribute it
under certain conditions. See the file COPYING for details.

Home: ~/.gnupg
Supported algorithms:
Pubkey: RSA, RSA-E, RSA-S, ELG-E, DSA, ELG
Cipher: 3DES, CAST5, BLOWFISH, AES, AES192, AES256, TWOFISH
Hash: MD5, SHA1, RIPEMD160, TIGER192
Compress: Uncompressed, ZIP, ZLIB

on:

NetBSD uriel 1.5.3_ALPHA NetBSD 1.5.3_ALPHA (URIEL) #2: Wed Jan 16 07:12:29=
 EST 2002     gr@uriel.eclipsed.net:/usr/src/sys/arch/macppc/compile/URIEL =
macppc

There doesn't seem to be any discussion of this on either this list
or gnupg-devel (searched for "1.2.1 trustdb" using
http://marc.theaimsgroup.com/), but I'd be glad to be pointed at an
archive of a previous discussion if there is one, having just
subscribed to this mailing list.

--=20
gabriel rosenkoetter
gr@eclipsed.net

--Pd0ReVV5GZGQvF3a
Content-Type: application/pgp-signature
Content-Disposition: inline

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (NetBSD)

iD8DBQE+XY/p9ehacAz5CRoRArB+AJoCDOExkZ2KU3wBxB3NyOUwm5blbACfScsF
KXRVeJMm6S7jP82pzbydQns=
=4RhQ
-----END PGP SIGNATURE-----

--Pd0ReVV5GZGQvF3a--