GPG wants to check trustdb every day
dshaw at jabberwocky.com
Tue Dec 28 04:45:13 CET 2004
On Mon, Dec 27, 2004 at 05:24:54PM -0500, Walt Mankowski wrote:
> On Mon, Dec 27, 2004 at 08:43:43AM -0500, Walt Mankowski wrote:
> > I'm doubtful, since it's been on my keyring for years without any
> > problem.
> Well, I didn't change anything, and I just verified a signature that
> forced today's check of the trustdb. Interestingly, this time it said
> that the next trustdb check is scheduled for December 30. A check
> every 3 days beats a check everyday, but I'd still rather have the old
> once-a-monthish behavior.
> Does anyone know what the formula is that gpg uses to decide when the
> next check is supposed to be? Everything I've been able to find
> online has been pretty vague.
The date is set to the nearest expiration (key or signature) that
affects the calculated trust (i.e. a key or signature that actually
got used in your web of trust). So the check is not really once a
month or so, it's when needed. If you have no expiring keys or
signatures, GnuPG will never recheck.
Note that many actions (including importing keys, deleting keys,
revoking keys, revoking user IDs, etc) all force a recheck of the
trustdb since these actions may invalidate the existing web of trust.
If you're next trustdb check is scheduled for December 30th, then you
probably have a key or signature that expires then.
Note that if you're using PGP's global directory service, you will
always have a signature that expires soon since the GD issues 14 day
More information about the Gnupg-users