On Tue, 11 Aug 2020 14:56, Brian Minton said: > Why does gpg -k need to write to the tofu db? I should mention that gpg > is running at 100% cpu in the R state. Before starting the gpg -k
I was not able to replicate it but I must say that I don't have a large useful tofu.db. AFAICS, gpg sometimes updates the tofu.db to track expired bindings. You can have a closer look at hi8t by running gpg -k --debug trust or to disable updates by using gpg -k --dry-run I suspect that the TOFU database scheme is not well suited for large number of keys. In particular not if several gpg processes are running. I also don't like that it stores meta data of all signatures ever verified. Revamping the tofu stuff is on my list but I have not yet found the time (as usual). The Tofu information should be stored along the key and not in a separate database with all its transaction overhead. The optional keyboxd we will provide in 2.3 may help to solve the problems. Salam-Shalom, Werner -- Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz.
signature.asc
Description: PGP signature
_______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users