Yo Mark! On Fri, 31 Mar 2017 20:06:32 +0000 Mark Atwood <[email protected]> wrote:
> I'm inclined to say drop the feature. Me too, but only as a me too. Don't blame me! > Yes defense in depth is good, but I think it doesn't really count in > this case. If a network admin is defending their NTP in depth, they > will do it in (in order), the local kernel table, the local switch, > the ingress switch, on the ISP side on the other side of the link to > the ingress switch, and in their ISP's connection to their transit > providers. Now you are thinking big boy toys, a lot of small guys run ntpd. Think of Hal running a single instance in a VM for the pool. But then, Hal would not be using this feature... > The feature also feels very "brittle" to me, from an admin POV. How > many netadmins are going to remember to update the setting when they > change anything about the local interface topology, or in the local > hypervisor or container topology. Yeah, I've been bitten by that. Especially when Gentoo changed ethernet intertfaces names a while back. > And yes, can someone Not Me ask on the NTP list? I just asked on [email protected]. Did not seem like a [email protected] thing. RGDS GARY --------------------------------------------------------------------------- Gary E. Miller Rellim 109 NW Wilmington Ave., Suite E, Bend, OR 97703 [email protected] Tel:+1 541 382 8588 Veritas liberabit vos. -- Quid est veritas? "If you can’t measure it, you can’t improve it." - Lord Kelvin
pgpyRwJzz_6zO.pgp
Description: OpenPGP digital signature
_______________________________________________ devel mailing list [email protected] http://lists.ntpsec.org/mailman/listinfo/devel
