timedatex replacing systemd-timedated for NTP packages

[Florian Weimer]

On 11/25/2014 06:25 PM, Lennart Poettering wrote:
> On Tue, 25.11.14 18:04, Florian Weimer (fweimer at redhat.com) wrote:
>
>> On 11/25/2014 05:15 PM, Lennart Poettering wrote:
>>> Really? if you want a UI that controls whether NTP server software is
>>> running, why not call into the EnableUnitFiles() APIs directly?
>>
>> Both chronyd and ntpd are often used as clients.  Miroslav wasn't talking
>> about server usage scenarios, but replacing systemd's NTP client with either
>> ntpd or chronyd.  But if you do that, GNOME currently does not report
>> correctly if the system uses NTP time, which is the bug Miroslav is trying
>> to solve.
>
> Well, GNOME really shouldn't show an NTP check box in the first
> place. Instead it NTP should be always on, but GNOME should provide a
> way to manually set the time if no NTP synchronization could be
> acquired. More specifically, the NTPSynchronized property of timedated
> reflects the kernel's UNSYNC flag, and if that boolean is false, then
> GNOME should provide a fallback UI for setting the clock manually, but
> only then.

Some networks have bad NTP service in the sense that they hand out 
incorrect time (not just off by a few seconds, but days or months, 
enough to skew certificate validity).  Your proposed solution would make 
GNOME unusable on such networks.  Other bad things might happen there, 
but just pretending that everything this phenomenon does not exist and 
that we know better than the user what the correct system time should be 
in all cases seems very unhelpful.

Now if Fedora offered a high-availability cryptographic time service (we 
actually do, sort of), things might be different—but not much, because 
then we'd be having a discussion about phoning home instead.

-- 
Florian Weimer / Red Hat Product Security