Skip site navigation (1)Skip section navigation (2)
Date:      Fri, 29 Apr 2016 11:47:51 -0400
From:      "Matthew X. Economou" <xenophon@irtnog.org>
To:        <freebsd-security@freebsd.org>
Subject:   RE: FreeBSD Security Advisory FreeBSD-SA-16:16.ntp
Message-ID:  <BABF8C57A778F04791343E5601659908237051@cinip100ntsbs.irtnog.net>
In-Reply-To: <CINIP100NTSBSRqf69a0000002a@cinip100ntsbs.irtnog.net>
References:  <20160429082953.DB31D1769@freefall.freebsd.org> <9e6342a420259fec7bd21d6222cc6e05@zahemszky.hu> <1461929003.67736.2.camel@yandex.com> <CINIP100NTSBSRqf69a0000002a@cinip100ntsbs.irtnog.net>

next in thread | previous in thread | raw e-mail | index | archive | help
Roger Marquis writes:
>=20
> What are the reasons FreeBSD has not deprecated ntpd in favor of
> openntpd?

While I cannot speak for anyone other than myself, the two simply aren't
equivalent.  As a conscious design choice, OpenNTPD trades off accuracy
for code simplicity.  It lacks support for NTP authentication, access
controls, reference clocks, multicast/broadcast operation, or any kind
of monitoring/reporting.  OpenNTPD is probably closer to rdate than ntpd
in terms of their relative capabilities.  I'd rather we keep ntpd in
base as a consequence.  The only change I'd suggest would be to alter
the default configuration such that all unauthorized access were blocked
(i.e., set "restrict default ignore" and "restrict -6 default ignore").

Best wishes,
Matthew

--=20
"The lyf so short, the craft so longe to lerne."




Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?BABF8C57A778F04791343E5601659908237051>