On 23/06/17 15:50, Neal H. Walfield wrote: > Ensuring that a cache is consistent is *hard*. I don't think we want > to add complexity (nevermind a cache!) to this security-critical > functionality.
There are two hard problems in computer science: Cache invalidation, naming things, and off-by-one errors. Martin, I think --no-auto-check-trustdb and a cron job will already make it much more bearable, with the current state of things. That's what I'd suggest. Other than that, I don't think my outlined strategy is very complex, it basically boils down to not actually checking a signature until it is used to compute validity, and stop for a specific key when full validity is reached. I could be wrong though. It just doesn't seem like it should be high on a TODO list, which in practice probably means it won't be done. If the cron job wasn't available as an option, the situation would be different. Peter. PS: I didn't come up with "There are two..." but I can't be arsed to look up proper attribution :-). -- I use the GNU Privacy Guard (GnuPG) in combination with Enigmail. You can send me encrypted mail if you want some privacy. My key is available at <http://digitalbrains.com/2012/openpgp-key-peter>
signature.asc
Description: OpenPGP digital signature
_______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
