Mark Atwood <fallenpega...@gmail.com>:
> No modern sysadmin or devops shop is going to use or trust an userspace
> packet filter built into the userspace daemon they are defending.
Hm. I am ignorant here. Why is this so?
> This is an ancient feature that is a fossil evidence that NTP was a known
> security tarpit predating the widespread deployment of the kernel packet
> filter or edge switch filters.
>
> We will drop this feature.
>
> We can explain why, and every netadmin and devops manager will agree with
> the reason.
I am not arguing with the decision - it is exactly yours to make - but I'd like
to see an explanation in a form I can put in a doc patch. I'll first cleanly
remove it with explanation, then implement SINGLESOCK.
--
<a href="http://www.catb.org/~esr/";>Eric S. Raymond</a>
My work is funded by the Internet Civil Engineering Institute: https://icei.org
Please visit their site and donate: the civilization you save might be your own.
_______________________________________________
devel mailing list
devel@ntpsec.org
http://lists.ntpsec.org/mailman/listinfo/devel
