Harlan Stenn wrote: >>>>In article <[EMAIL PROTECTED]>, "Maarten Wiltink" <[EMAIL PROTECTED]> >>>>writes: > > >>>All right, there are, or were, fifteen reported exploits. None is dated >>>more recently than 2004 and some seem to be complaining about ten year >>>old software distributed by companies such as Sun, Redhat, Debian, etc. > > > Maarten> Still distributed right now, yes. For all those people who aren't > Maarten> allowed to run something not backed by RFCs, and then come here > Maarten> with questions about something called xntp. Sound familiar? > > What's your point? I don't see how what you just said applies to the > thread. > > Maarten> I will work on the assumption that there are exploits in the > Maarten> current NTP until you _prove_ to me it's safe, and I'm not holding > Maarten> my breath. > > Are you volunteering to perform or pay for a code audit? > > H Should one try to shove ntpq sources to coverity? They do a "for free" scan for a bunch of OSS ( of varying licenses ) stuff like Python, perl, tcl*, apache, linux-kernel, some of the bsds.
* we found some usefull things that way and had some false positives. ymmv uwe _______________________________________________ questions mailing list [email protected] https://lists.ntp.isc.org/mailman/listinfo/questions
