Re: [pkg-gnupg-maint] Bug#842291: notmuch processes frequently stuck in select()

Subject: Re: [pkg-gnupg-maint] Bug#842291: notmuch processes frequently stuck in select()

Date: Tue, 29 Nov 2016 14:10:54 -0400

To: Daniel Kahn Gillmor

Cc: Brian May, 842291@bugs.debian.org, Robbie Harwood, notmuch@notmuchmail.org, Debian GnuPG packaging

From: David Bremner


Werner Koch <wk@gnupg.org> writes:

> On Wed, 23 Nov 2016 18:19, dkg@fifthhorseman.net said:
>
>>  0) turn off CRL updates entirely during s/mime signature verification
>
> The gpgsm option is --disable-crl-checks.  
>
>>  1) do s/mime signature verification without CRL updates, but schedule
>>     CRL checks to happen in the background for dirmngr, so that future
>>     verifications will reflect the cert validity

A notmuch user reported on IRC that adding disable-crl-checks to
~/.gnupg/dirmngr.conf eliminated the long pauses when verifying s/mime
signatures.

This will prevent the user from noticing Certificate revokations, so
it's not without cost in security, but perhaps it's temporary workaround
until we figure out some better solution.

d



Thread: