[ntp:hackers] More on asymmetric links

Harlan Stenn stenn at ntp1.ntp.isc.org
Sat Jul 14 20:27:09 UTC 2007


Dave wrote:

> I have an ironclad policy which sometimes makes folks flame at me. If 
> you get anything from the "official" repository, it resides only on a 
> UDel machine supervised and managed by our department staff. This is to 
> avoid all forms of cuckoos and trojans. Some folks, including Harlan and 
> maybe you have accounts on pogo.udel.edu, which is my project server 
> distinct from students and staff. There is a good deal of stuff at ISC, 
> what Harlan calls the NTP Public Services Project, but the official 
> public software distribution and documentation reside only at UDel.

Which is one reason why I generate md5 signatures from the tarball on
Dave's master machine.  This tarball and the signature is then copied to
the UDel download server.

To my knowledge the UDel server is the only place to get tarball copies
of the distributions (and md5 signatures).

I *believe* the opensource bk client can be used against the repo copy
at ntp.bkbits.com.

Folks with commercial bk (NTP Project committers can use our license for
their work on NTP) can also sync with any of our mirror copies.

The bk repos are publically mirrored at:

 www.ntp.org (two machines, one at UDel, one at ISC)

 ntp.bkbits.com

At least, this is what I believe.

H


More information about the hackers mailing list