debcrafters-packages team mailing list archive

[Lukas Märdian <2111342@xxxxxxxxxxxxxxxxxx>]

Public bug reported:

Ubuntu shall be secure by default, therefore utilize Network Time
Security (NTS), as time is the trust anchor for many cryptography
related processes (e.g. certificates).

NTS was previously enabled in chrony (LP: #2084585) and comes pre-
installed in certain Ubuntu cloud images. Still, in Ubuntu
Desktop/Server and other generic Ubuntu images we rely on systemd-
timesyncd (without support for NTS [1]). This leads to a situation where
we have to maintain two time-daemons in "main", while still not using
NTS on most systems.

[1] https://github.com/systemd/systemd/issues/9481

References: spec-FO207, SD-2171, chrony MIR (LP: #1744072)

** Affects: ubuntu
     Importance: Undecided
         Status: New

** Affects: chrony (Ubuntu)
     Importance: Undecided
         Status: New

** Affects: systemd (Ubuntu)
     Importance: Undecided
         Status: New

** Also affects: chrony (Ubuntu)
   Importance: Undecided
       Status: New

** Also affects: systemd (Ubuntu)
   Importance: Undecided
       Status: New

** Description changed:

  Ubuntu shall be secure by default, therefore utilize Network Time
  Security (NTS), as time is the trust anchor for many cryptography
  related processes (e.g. certificates).
  
  NTS was previously enabled in chrony (LP: #2084585) and comes pre-
  installed in certain Ubuntu cloud images. Still, in Ubuntu
  Desktop/Server and other generic Ubuntu images we rely on systemd-
  timesyncd (without support for NTS [1]). This leads to a situation where
  we have to maintain two time-daemons in "main", while still not using
  NTS on most systems.
  
+ [1] https://github.com/systemd/systemd/issues/9481
  
- [1] https://github.com/systemd/systemd/issues/9481
+ References: spec-FO207, SD-2171

** Description changed:

  Ubuntu shall be secure by default, therefore utilize Network Time
  Security (NTS), as time is the trust anchor for many cryptography
  related processes (e.g. certificates).
  
  NTS was previously enabled in chrony (LP: #2084585) and comes pre-
  installed in certain Ubuntu cloud images. Still, in Ubuntu
  Desktop/Server and other generic Ubuntu images we rely on systemd-
  timesyncd (without support for NTS [1]). This leads to a situation where
  we have to maintain two time-daemons in "main", while still not using
  NTS on most systems.
  
  [1] https://github.com/systemd/systemd/issues/9481
  
- References: spec-FO207, SD-2171
+ References: spec-FO207, SD-2171, chrony MIR (LP: #1744072)

-- 
You received this bug notification because you are a member of
Debcrafters packages, which is subscribed to systemd in Ubuntu.
https://bugs.launchpad.net/bugs/2111342

Title:
  Install time-daemon with NTS support by default

Status in Ubuntu:
  New
Status in chrony package in Ubuntu:
  New
Status in systemd package in Ubuntu:
  New

Bug description:
  Ubuntu shall be secure by default, therefore utilize Network Time
  Security (NTS), as time is the trust anchor for many cryptography
  related processes (e.g. certificates).

  NTS was previously enabled in chrony (LP: #2084585) and comes pre-
  installed in certain Ubuntu cloud images. Still, in Ubuntu
  Desktop/Server and other generic Ubuntu images we rely on systemd-
  timesyncd (without support for NTS [1]). This leads to a situation
  where we have to maintain two time-daemons in "main", while still not
  using NTS on most systems.

  [1] https://github.com/systemd/systemd/issues/9481

  References: spec-FO207, SD-2171, chrony MIR (LP: #1744072)

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+bug/2111342/+subscriptions