[Enigmail] Enigmail hanging when importing a public key?
Patrick Brunschwig
patrick at mozilla-enigmail.org
Wed Mar 12 00:49:52 PDT 2008
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Matt wrote:
> John Clizbe wrote:
>> Matt wrote:
>>> Is this selection (on how often to query) done in enigmail, or gnupg?
>> *ALL* actual key operations are handled by GnuPG. Enigmail only serves as a
>> front end, generating a command line which is passed to GnuPG for execution.
>
> As a front-end (for the purposes of ease-of-use), a program will
> normally execute multiple command lines of the CLI-only program; often
> to get around limitations the front-end users see. I was unaware that
> enigmail's developers had made a specific conscious decision that no
> more than 1 gnupg command be executed per menu selection (or button press).
>
> There is a difference between:
>
> for (each key in list)
> gnupg {refresh this key}
>
> and
>
> gnupg {refresh key1, key2, key3 .....}
Right, I took the second way, see below.
> The first option obviously executes gnupg many times, and might be used
> for any/all of the following reasons:
> A) gnupg has a limit on how many keys it will accept in one call.
> B) to get around max command line length imposed by the OS
> C) keyservers' limit the number of keys in a query, but gnupg's limit is
> higher.
> D) So a single server in the round-robin pool doesn't get hit with a
> "large" request, and all servers are used near equally (from the pool).
> but would violate the max one gnupg call per menu item. In this case
> enigmail is making the decision, not gnupg.
>
> If A & B & C never apply then the second is obviously the better choice.
The limits for A and B are identical -- there's only the limit of the
OS, which is quite high, even for large key rings (except on Windows
2000). In addition, GnuPG can handle C's limits, thus we only talk about B.
The main reason for me to do it the way I implemented it is runtime.
When importing or refreshing keys GnuPG checks the trustdb before it
terminates, i.e. as last operation. Depending on the size of the keyring
this can take quite a while -- it takes ca. 4 seconds (!) on my quite
new notebook with ca. 450 keys. If you refresh many keys in one call,
then checking the trustdb is only done once; if you call GnuPG
individually for each key, then the trustdb is checked after each
updated key. The difference is quite obvious especially because checking
the trustdb is to almost 100% CPU-bound.
- -Patrick
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.8 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/
iQEVAwUBR9eLH3cOpHodsOiwAQKjmgf/fuZSdf0fGBD3A4poARcVDkEvl7EDJPC2
JCZVcGLOw8az1QdsQ400wleS6ug5WiTUBDCKWxDRMPGQen2U7wB8PX14m+5b3LBN
laZkbkgcESlZX5HqUAhBzbiPQ4bgT+kMyDqDSPhTBgySh647saRhU7XyPk2u6pKF
8A7Lx9W/Br3bdj4uYeoIXi4qfj/1oWZB0r6mAPVWaJMVdkcb2HqY34T0ufZSLx1B
p971DBx3m+bnZqBEpGyTSRLpyne1N4r2GyNYYfXRSLQFvGJg7CE6UuemNH4dAHJH
TKJU2sLySOBKJ0gUS9ER2swE+lT4iImpN/7SvR7f3VUkutYjpIi1gQ==
=XYwF
-----END PGP SIGNATURE-----
More information about the Enigmail
mailing list