On Jun 8, 4:07 am, Rob <[email protected]> wrote: > Terje Mathisen <"terje.mathisen at tmsw.no"> wrote: > > > Running everything directly on the protocol's recommended platform, and > > with source code for everything, would make it very easy to document > > that the server is on spec. > > I wonder if they would consider the presence of source code (and the > implied possibility of hand-checking all of it to make sure it is secure) > would be sufficient. It would probably fit in some bureaucratic > ruleset, but we all know that security issues *are* found in open source > products. Even with only port 123 open, there could always be some > as of yet unknown security issue in ntpd. It would certainly not be > very easy to prove, using the source code, that there is none.
You can find some good guidance if you google 'DoD open source'. I believe the presence of available source code helps a lot in allowing its use. For our application and business environment, I would like to try very hard to find a commercial product. But a homebrew system would be a fallback. Thanks everybody for you ideas, Fran _______________________________________________ questions mailing list [email protected] http://lists.ntp.org/listinfo/questions
