On Tue, Feb 28, 2017 at 10:15:23AM +0100, Daniel Pocock wrote: > > But ntpd is also known to have a large amount of code written > > without as much regard for security as one would hope. It seems > > like an unnecessary risk for most systems. > > > Thanks for that security tip, I'm tempted to get rid of some ntpd > instances now
You'd be interested in NTPsec (https://www.ntpsec.org/) then, which is a project to review and sanitize ntpd without downsides prevalent in most replacements (such as same-week accuracy or no managing clock drift). Sadly, it's not a part of stretch or even unstable yet: https://bugs.debian.org/819806 > - for a site with several machines, should they all be querying > pool.ntp.org servers directly or can any other local ntp daemon be > relied on? Using a local daemon means: * less burden on public servers or the network * if there's a problem, your machines will be consistent at least between them, which is usually a bigger concern than being globally accurate -- ⢀⣴⠾⠻⢶⣦⠀ Meow! ⣾⠁⢠⠒⠀⣿⡁ ⢿⡄⠘⠷⠚⠋⠀ Collisions shmolisions, let's see them find a collision or second ⠈⠳⣄⠀⠀⠀⠀ preimage for double rot13!
