Date: Fri, 29 Apr 2016 11:47:51 -0400 From: "Matthew X. Economou" <xenophon@irtnog.org> To: <freebsd-security@freebsd.org> Subject: RE: FreeBSD Security Advisory FreeBSD-SA-16:16.ntp Message-ID: <BABF8C57A778F04791343E5601659908237051@cinip100ntsbs.irtnog.net> In-Reply-To: <CINIP100NTSBSRqf69a0000002a@cinip100ntsbs.irtnog.net> References: <20160429082953.DB31D1769@freefall.freebsd.org> <9e6342a420259fec7bd21d6222cc6e05@zahemszky.hu> <1461929003.67736.2.camel@yandex.com> <CINIP100NTSBSRqf69a0000002a@cinip100ntsbs.irtnog.net>
next in thread | previous in thread | raw e-mail | index | archive | help
Roger Marquis writes: >=20 > What are the reasons FreeBSD has not deprecated ntpd in favor of > openntpd? While I cannot speak for anyone other than myself, the two simply aren't equivalent. As a conscious design choice, OpenNTPD trades off accuracy for code simplicity. It lacks support for NTP authentication, access controls, reference clocks, multicast/broadcast operation, or any kind of monitoring/reporting. OpenNTPD is probably closer to rdate than ntpd in terms of their relative capabilities. I'd rather we keep ntpd in base as a consequence. The only change I'd suggest would be to alter the default configuration such that all unauthorized access were blocked (i.e., set "restrict default ignore" and "restrict -6 default ignore"). Best wishes, Matthew --=20 "The lyf so short, the craft so longe to lerne."
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?BABF8C57A778F04791343E5601659908237051>