On 06/03/12 18:25, Peter Eisentraut wrote:
So what do you have in mind? Change the default configuration, or
change the wording in the documentation? In either case, what concrete
change do you suggest?
I think the bug should go upstream. There should be different ACL from
clients and to servers, so we can effectively apply restrictions. I dont
know if this has been discussed before, I dont think im discovering
anything new.
In case this has been already discussed upstream, i would change the
defaults to "restrict ignore" in the debian default conf, and change the
server lines to ips instead of dns names to be able to apply "restrict
ip" "effectively" (where dns resolve to many ips).
Yes, I think to apply a restrictive conf but still act as a server by
default when the usual case is to act as a client (as stated by the own
doc of ntpd[1]) is *THAT* bad.
If anybody can point me to a ntp client that does not make my machine go
back in time, maybe thats another solution (as i understand it ntpdate
is deprecated already).
In case this has been discussed already in debian and people think im
crazy for even proposing that, at least we could state in the README
that the default conf is of a (very restrictive but still a) server.
I can be more specific about the doc changes if my last resort is my
only valid point here.
greets!
aL
[1] from ntpd man page:
-q Exit the ntpd just after the first time the clock is set.
This
behavior mimics that of the ntpdate program, which is to be
retired. The -g and -x options can be used with this option.
Note: The kernel time discipline is disabled with this
option.
--
To UNSUBSCRIBE, email to [email protected]
with a subject of "unsubscribe". Trouble? Contact [email protected]
