Yo Richard! On Wed, 27 Mar 2019 21:11:23 -0500 Richard Laager via devel <devel@ntpsec.org> wrote:
> >> I was thinking along the same lines. Should we have a command line
> >> switch, say "--secure", that requires nts (without noval) or shared
> >> key on all servers?
>
> I'm not sure how that helps in practice. Either someone is going to
> configure their ntp.conf that way or they're not.
Yup. Middle ground might an a global option in ntp.conf that
enables the use of noval. Like "insecure yes".
> > I could see the use for --insecure. --secure does not need an
> > option, it should be the default.
>
> I assume that a LOT of people use the pool, especially since that is
> how distros default, so requiring NTS as the default is a non-starter
> unless/until the (or another large public) pool supports NTS.
I don't think anyone suggest blocking non NTS servers, yet.
> The Debian packaging is keeping a /etc/defaults/ntpsec file to stay
> similar to the NTP Classic packaging and to keep systemd and sysvinit
> as consistent as possible for ntpd. Debian is keeping sysvinit for
> various reasons (including choice on Linux and for the kFreeBSD
> port). If I was only supporting systemd, I'd go "full systemd" and
> drop the /etc/defaults/ntpsec file.
Which hurts my head when users ask me how to change their command line
options. I need to know more than I care to know about how their
system is configured. But ntp.conf is always there and as we defined it.
> I think the existing "noval" is fine.
Hopefully, optionally, enhanced by some flavore of pinning.
RGDS
GARY
---------------------------------------------------------------------------
Gary E. Miller Rellim 109 NW Wilmington Ave., Suite E, Bend, OR 97703
g...@rellim.com Tel:+1 541 382 8588
Veritas liberabit vos. -- Quid est veritas?
"If you can’t measure it, you can’t improve it." - Lord Kelvin
pgpg_K4eMXya3.pgp
Description: OpenPGP digital signature
_______________________________________________ devel mailing list devel@ntpsec.org http://lists.ntpsec.org/mailman/listinfo/devel
