Bug#2982

[Bdale Garbee <bdale@gag.com>]

Michael Shields (shields@crosslink.net) wrote:
: 
: It's not necessary to run ntpdate on every boot, since the time will be set
: from the CMOS clock, which will be kept accurate by the kernel while NTP is
: running.  If Linux is down for long enough for the clock to drift
: substantially, xntp will step the clock by itself after determining the
: correct time based on *authenticated* chimes from *every* NTP server.

I beg to differ.  If the clock is sufficiently different from reality, NTP
will exit after refusing to step the clock.  While this gets logged to syslog,
for most users this would result in the system quietly remaining out in the
weeds.  This happens pretty often in the world of PC motherboards, where 
batteries are rarely checked or replaced, power glitches can take out the 
contents of the CMOS backup for the clock, and so forth.

: Probably it is a good idea to run ntpdate from postinst when the package is
: first installed (not upgraded), but once you have configured an NTP
: environment, you should never need to touch it again.

I've always been happy with the notion that the ntpdate gets run against the
same set of servers I identify as 'server' to xntpd, which implies that I have
some amount of trust in those hosts.  

I'd suggest that, as a compromise, the postinst could ask the user if he
wants ntpdate run once, or at every boot, or not at all.  I would routinely
pick 'at every boot' for my hosts, since I also own and operate the lower
stratum servers my Debian box chimes with, and trust is less an issue than PC
hardware reliability.

Bdale