[cvsnt] CVSNT 2.5.04 build 3236 server really slow

jml at nykredit.dk jml at nykredit.dk
Fri Nov 14 09:22:29 GMT 2008


   Hi again
   I'm beginning to understand what is going on (that's the beauty of
   open source :-).
   The verification is not a Windows whim as Arthur implies, but an
   explicit check made by CVS. It happens in the cvsapi (in
   cvsapi\win32\LibraryAccess.cpp). This check is done for each dll that
   is loaded from the "triggers" folder (info.dll, audit.dll etc.).
   The problem is, that the verification is made for each and every
   execution of cvs.exe i.e. each cvs command served by the server. This
   check has a performance penalty, that in my case i about 30 seconds
   pr. dll in the "triggers" folder. Why it takes so long is not clear to
   me yet, but the actual IP-adress used to connect to Verisign seems to
   be almost unreachable. If can uninstall all dll's in the "triggers"
   folder except info.dll, and that leaves me with a response time of 30
   seconds, which of course is unbearable.
   I've contacted Verisign to try to clear up why the IP 199.7.71.190 is
   so slow, but even if the response time is reduced to, say, one second,
   it's still degrades performance, and in my view the verification is
   completely unnecessary. It should suffice to verify the dll's during
   installation.
   Best regards
   Jørgen Møller Larsen 
   
   "Arthur Barrett" <arthur.barrett at march-hare.com>

   06-11-2008 11:05

                                                                      Til

   <jml at nykredit.dk>, <cvsnt at cvsnt.org>

                                                                       cc

                                                                     Emne

   RE: [cvsnt] CVSNT 2.5.04 build 3236 server really slow

   Jørgen,
   > And what if I
   >    can't persuade the network people to change the DNS
   > servers? Can the
   >    signature verification be turned off?
   No - it's a windows thing.  CVSNT doesn't verify the signature -
   windows does.  It does this in 2.5.04 because the binaries are signed.
    Many corporates now have a policy not to run any unsigned executables
   - and many (most?) new commercial software is all signed - so you will
   be having the same problem with lots of programs - including every
   Microsoft update.
   Regards,
   Arthur Barrett


More information about the cvsnt mailing list