touch-packages team mailing list archive

["A. Denton" <aquina@xxxxxxxxxxxxxx>]

Quote by r0lf: "The NTP code has seen numerous security vulnerabilities
and we have to assume that ntpdate is not receiving the same scrutiny
anymore when compared to NTPd."

Sorry r0lf, but that's laughable. Do you really want people to run a
fully featured (your wording: vulnerable) NTP daemon just to do s.th.
like this (ntpdate -u HOSTNAME >>/var/log/messages 2>&1) one a day
within a "/etc/cron.hourly/ntp"?

Don't get me wrong -- I agree with you on the upstream-part of your
statement, but I disagree when it comes to bloat systems unnecessarily.
Once OS used to be simple, only containing things which their operators
needed. Why force them into running daemons the don't really have demand
for? I think "ntpd -qg" is the only option, although far from perfect.

https://twitter.com/TRONDELTA/status/546138511284658177

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to ntp in Ubuntu.
https://bugs.launchpad.net/bugs/583994

Title:
  Consider replacing ntpdate calls by 'ntpd -g'

Status in NTP:
  Invalid
Status in ntp package in Ubuntu:
  Confirmed
Status in ubuntu-meta package in Ubuntu:
  Triaged
Status in ntp package in Debian:
  Unknown

Bug description:
  Binary package hint: ntp

  Given that 'ntpdate' is being obsoleted upstream [1], we should
  replace 'ntpdate' usage by:

   * ntpd -qg (if we really want to set the time and exit), or
   * ntpd-g (if we want to keep ntpd running)

  the '-q' option will set the clock once, and exit; the 'g' allows for
  large corrections to the clock, like what is done by 'ntpdate'.

  
  [1] http://www.eecis.udel.edu/~mills/ntp/html/ntpdate.html

To manage notifications about this bug go to:
https://bugs.launchpad.net/ntp/+bug/583994/+subscriptions