debcrafters-packages team mailing list archive

Thread
Date

[Bug 2111342] Re: Install time-daemon with NTS support by default

To: debcrafters-packages@xxxxxxxxxxxxxxxxxxx
From: Nick Rosbrook <2111342@xxxxxxxxxxxxxxxxxx>
Date: Mon, 16 Jun 2025 15:45:43 -0000
Reply-to: Bug 2111342 <2111342@xxxxxxxxxxxxxxxxxx>
Sender: noreply@xxxxxxxxxxxxx

What's the reasoning for that decision? We have a best-effort goal that
this sort of behavior/default should be consistent across newly-
installed *and* upgraded systems. Is there a limitation or specific risk
involved in making this transition across upgrades?

-- 
You received this bug notification because you are a member of
Debcrafters packages, which is subscribed to systemd in Ubuntu.
https://bugs.launchpad.net/bugs/2111342

Title:
  Install time-daemon with NTS support by default

Status in Ubuntu:
  Fix Released
Status in chrony package in Ubuntu:
  New
Status in systemd package in Ubuntu:
  Invalid
Status in ubuntu-meta package in Ubuntu:
  Fix Released
Status in ubuntu-release-upgrader package in Ubuntu:
  Deferred

Bug description:
  Ubuntu shall be secure by default, therefore utilize Network Time
  Security (NTS), as time is the trust anchor for many cryptography
  related processes (e.g. certificates).

  NTS was previously enabled in chrony (LP: #2084585) and comes pre-
  installed in certain Ubuntu cloud images. Still, in Ubuntu
  Desktop/Server and other generic Ubuntu images we rely on systemd-
  timesyncd (without support for NTS [1]). This leads to a situation
  where we have to maintain two time-daemons in "main", while still not
  using NTS on most systems.

  [1] https://github.com/systemd/systemd/issues/9481

  References: spec-FO207, SD-2171, chrony MIR (LP: #1744072)

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+bug/2111342/+subscriptions

References

[Bug 2111342] [NEW] Install time-daemon with NTS support by default
From: Lukas Märdian, 2025-05-20