Yo Eric! On Tue, 29 May 2018 15:15:15 -0400 "Eric S. Raymond via devel" <devel@ntpsec.org> wrote:
> I could summarize it something like this:
>
> "We have removed packet filtering by interface name because we judge
> it's a security-defect attractor. The place to do this is in
> kernel-level packet filters and firewalls, which get much more
> scrutiny; good admin practice in this century is to not trust
> usespace packet filtering at all."
+1
> This opens a can of worms, though. Should we drop the entire
> interface command?
Yes, after years of deprecation. At least to start we want to be drop=in
replacement for NTP Classic.
RGDS
GARY
---------------------------------------------------------------------------
Gary E. Miller Rellim 109 NW Wilmington Ave., Suite E, Bend, OR 97703
g...@rellim.com Tel:+1 541 382 8588
Veritas liberabit vos. -- Quid est veritas?
"If you can’t measure it, you can’t improve it." - Lord Kelvin
pgp6ljAlnodtT.pgp
Description: OpenPGP digital signature
_______________________________________________ devel mailing list devel@ntpsec.org http://lists.ntpsec.org/mailman/listinfo/devel
