>Old vulnerabilities that have been fixed are not a problem of much >concern to me. I run a recent version of ntpd that does not exhibit >these vulnerabilities. If people chose, for whatever reason, to run a >ten year old version of ntpd they must accept the associated risks and >inferior performance. Since the modern, improved and fixed version is >freely available to all I don't see any reason why anyone who needs NTP >and is concerned about security should not run it.
How about: If it ain't broke, don't fix it. Lots of people get their version of (x)ntp from their hardware vendor. Most of them are not time geeks, they just need something that's good enough. They depend on their vendor to fix security problems in packages like ntp. -- The suespammers.org mail server is located in California. So are all my other mailboxes. Please do not send unsolicited bulk e-mail or unsolicited commercial e-mail to my suespammers.org address or any of my other addresses. These are my opinions, not necessarily my employer's. I hate spam. _______________________________________________ questions mailing list [email protected] https://lists.ntp.isc.org/mailman/listinfo/questions
