Re: systemd, ntp, kernel and hwclock
On Tue, Feb 28, 2017 at 10:15:23AM +0100, Daniel Pocock wrote:
> > But ntpd is also known to have a large amount of code written
> > without as much regard for security as one would hope. It seems
> > like an unnecessary risk for most systems.
>
>
> Thanks for that security tip, I'm tempted to get rid of some ntpd
> instances now
You'd be interested in NTPsec (https://www.ntpsec.org/) then, which is a
project to review and sanitize ntpd without downsides prevalent in most
replacements (such as same-week accuracy or no managing clock drift).
Sadly, it's not a part of stretch or even unstable yet:
https://bugs.debian.org/819806
> - for a site with several machines, should they all be querying
> pool.ntp.org servers directly or can any other local ntp daemon be
> relied on?
Using a local daemon means:
* less burden on public servers or the network
* if there's a problem, your machines will be consistent at least between
them, which is usually a bigger concern than being globally accurate
--
⢀⣴⠾⠻⢶⣦⠀ Meow!
⣾⠁⢠⠒⠀⣿⡁
⢿⡄⠘⠷⠚⠋⠀ Collisions shmolisions, let's see them find a collision or second
⠈⠳⣄⠀⠀⠀⠀ preimage for double rot13!
Reply to: