Maarten Wiltink wrote: > "Harlan Stenn" <[EMAIL PROTECTED]> wrote in message > news:[EMAIL PROTECTED] > >>>>>In article <[EMAIL PROTECTED]>, "Maarten Wiltink" > > <[EMAIL PROTECTED]> writes: > > >>>>All right, there are, or were, fifteen reported exploits. None is >>>>dated more recently than 2004 and some seem to be complaining about >>>>ten year old software distributed by companies such as Sun, Redhat, >>>>Debian, etc. >> >>Maarten> Still distributed right now, yes. For all those people who >>Maarten> aren't allowed to run something not backed by RFCs, and then >>Maarten> come here with questions about something called xntp. Sound >>Maarten> familiar? >> >>What's your point? I don't see how what you just said applies to the >>thread. > > > I object to Richard's statement that old vulnerabilities are irrelevant > and no cause for concern. More than most other software, NTP is haunted > by users of old versions. >
Old vulnerabilities that have been fixed are not a problem of much concern to me. I run a recent version of ntpd that does not exhibit these vulnerabilities. If people chose, for whatever reason, to run a ten year old version of ntpd they must accept the associated risks and inferior performance. Since the modern, improved and fixed version is freely available to all I don't see any reason why anyone who needs NTP and is concerned about security should not run it. _______________________________________________ questions mailing list [email protected] https://lists.ntp.isc.org/mailman/listinfo/questions
