F20 Self Contained Change: Remove deprecated calls of using ntpdate in favor of ntpd

Miloslav Trmač mitr at volny.cz
Fri Jul 19 20:37:05 UTC 2013


On Wed, Jul 17, 2013 at 12:43 PM, Jaroslav Reznik <jreznik at redhat.com> wrote:
> = Proposed Self Contained Change: Remove deprecated calls of using ntpdate in
> favor of ntpd =
> https://fedoraproject.org/wiki/Changes/ntpdate

Given what has been discussed/learned in this thread, it seems that
the change proposal needs some changes (and perhaps another round of
discussion?).


Looking at the rationale, I wonder how the things that have been
discussed so far (replacement of ntpd with chrony, and ntpdate with
sntp) make a difference with respect to the hardening recommendations
- perhaps such changes would help avoid the letter of the
recommendations, but what about the substance?  For example in
http://www.nsa.gov/ia/_files/factsheets/rhel5-pamphlet-i731.pdf, I
really doubt the intent was to exclude specifically a daemon named
ntpd - rather the intent was most likely to avoid running a daemon at
all[1], so just using chrony instead of ntpd wouldn't make a
substantial difference.
    Mirek

[1] Leaving aside whether such a recommendation is well justified.


More information about the devel mailing list