Global Directory signatures (was Re: GPG wants to check trustdb every day)

David Shaw dshaw at
Thu Dec 30 02:44:43 CET 2004

On Wed, Dec 29, 2004 at 07:54:30PM +0100, Johan Wevers wrote:
> David Shaw wrote:
> >> Yes. However, it still doesn't prevent the keyservers from being
> >> loaded with a lot of useless signatures. I don't know how this would
> >> affect the load of the keyservers.
> >It lowers the rate of growth (and thus the keyserver load) since gpg
> >would not send out expired sigs to keyservers.
> GPG would not, put pgp probably will, so the blogging will still occur.
> If the keyservers won't sct against that, gpg will have to.
> >I wonder if it is better to "clean" the keyring by simply not showing
> >or preventing the import of sigs that are not useful rather than by
> >deleting them after they are already imported.
> In that case the keyring does remain big. If I get a keyring with each key
> hundreds of expired sigs, I'm affraid gpg might get slow and diskusage for
> the keyrings will increase (also a problem for "gpg on a floppy" solotions).

Yes, this is true.  Ok, how about going back to the idea of import and
export options to not import or export expired sigs.  It's not
perfect, due to the time overlap between expired and reissued GD
signatures, but it's a reasonably good solution.

I rather like the notion of GPG keeping GPG clean, the keyservers
keeping the keyservers clean, and so on.  So long as people aren't
actively bridging keys between the GD and the keyserver net (which
seems to be happening in my case, though I have no idea why someone
would bother), this should be okay.


More information about the Gnupg-users mailing list