trust management script
linux at codehelp.co.uk
Wed Apr 28 10:55:15 CEST 2004
On Wednesday 28 April 2004 9:15, Stuart A Yeates wrote:
> Adrian 'Dagurashibanipal' von Bidder wrote:
> > Incidentally: is gpg's database handling good enough, or will I get a
> > speedup by starting again from an empty keyring?
> You will get a speed-up. Be aware that keys with multiple signatures and
> uids consume far more space that keys with fewer signatures and uids.
> The safe way to start with an empty keyring is:
> 0) send any new signatures to the keyservers (gpg --send)
> 1) rename pubring.gpg
> 2) rename trustdb.gpg
> 3) import your public key(s) from a keyserver
> 4) edit your key(s) to make them trusted
That will take a while!
In a keyring of 3,000 keys where 2,000 have multiple signatures, just how much
speed is going to be gained over simply deleting the 1,000 keys?
Each time --update-trustdb gets new trust information, the entire trust
database needs to be checked so the closer you get to that 2,000th multiple
sig key, the longer the trust check takes.
Instead of a single trust update after deleting 1,000 keys with a script, you
are using a recursively longer trust check 2,000 times.
Me thinks that would take longer than a simple find, identify, delete script.
You would have to have a very considerable speed improvement to justify the
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Size: 189 bytes
Url : /pipermail/attachments/20040428/42fe5f03/attachment.bin
More information about the Gnupg-users