https://fedoraproject.org/wiki/Changes/NtpReplacement
== Summary ==
The `ntp` package is replaced with `ntpsec`.
== Owner ==
* Name: [[User:mlichvar| Miroslav Lichvar]]
* Email: mlichvar(a)redhat.com
== Detailed Description ==
`ntp` is one of the few NTP implementations provided in Fedora. It is
not used or installed by default.
The [
https://www.ntp.org/ upstream project] is not in a good shape and
it doesn't seem to be improving. The development is slow and happens
behind closed doors. There is a significant number of known security
issues that have not been fixed yet. Some are exploitable in the
default configuration.
[
https://www.ntpsec.org/ ntpsec] is a fork of `ntp` with focus on
security. It has removed a lot of code and fixed or avoided most of
the security issues in `ntp`. It doesn't support all features, but in
typical configurations it can be used as a drop-in replacement for
`ntp`.
There are few packages in Fedora that have a dependency on `ntp`:
* `nagios-plugins-ntp-perl`
* `ntpstat`
== Benefit to Fedora ==
This change makes Fedora more secure.
== Scope ==
* Proposal owners:
# Package `ntpsec` obsoleting the `ntp` package.
# Retire `ntp` package.
# Make sure the dependent packages still work.
* Other developers: N/A (not a System Wide Change)
* Release engineering: N/A (not needed for this Change)
* Policies and guidelines: N/A (not a System Wide Change)
* Trademark approval: N/A (not needed for this Change)
== Upgrade/compatibility impact ==
The `ntp` package is replaced automatically on upgrade to Fedora 34.
The configuration file ''/etc/ntp.conf'' is saved as to
''/etc/ntp.conf.rpmsave'' and it needs to be renamed to
''/etc/ntp.conf'' to be used by `ntpsec`. Otherwise, `ntpsec` will
fall back to the default configuration in ''/etc/ntp.d'' using the
''pool.ntp.org'' servers.
The `ntpd` service is disabled after the upgrade and needs to be enabled again.
== How To Test ==
* Install `ntpsec`
* Run `ntpdate pool.ntp.org`
* Start the `ntpd` service
* Run `ntpq -p` to verify `ntpd` is polling servers and synchronizing the clock
== User Experience ==
For most users of `ntp` the experience is not expected to change
significantly. Advanced configurations may need to be modified to work
with `ntpsec`.
== Dependencies ==
N/A (not a System Wide Change)
== Contingency Plan ==
* Contingency mechanism: Unretire `ntp` and remove the obsoletes in `ntpsec`
* Contingency deadline: Fedora 34 Beta
* Blocks release? N/A (not a System Wide Change)
* Blocks product?
== Documentation ==
N/A (not a System Wide Change)
== Release Notes ==
TBD
--
Ben Cotton
He / Him / His
Senior Program Manager, Fedora & CentOS Stream
Red Hat
TZ=America/Indiana/Indianapolis