What you observe is indeed reality; we ran into it too. (Though we ran into it in the context of a long-running client verifying server certificates.)
My assumption is that it's for performance, and that's sensible, but it would sure be nice to figure out how to detect those changes. If a stat() on each verification is considered too expensive, maybe there could be a timeout, that if the file hasn't been checked in the last ten minutes then check it. -- Jordan Brown, Oracle ZFS Storage Appliance, Oracle Solaris
