[ntp:hackers] Protocol specification modification for MS-SNTP

Martin Burnicki martin.burnicki at meinberg.de
Fri Jul 10 07:47:46 UTC 2009


Todd Glassey wrote:
> Martin Burnicki wrote:
>> In my opinion the problem is that nowadays only few people build the
>> NTP package on their final target systems.
> Martin - I totally understand this point but I have to also paint the
> other side of the coin. We rebuild NTP on each machine its to run on and
> do not use binaries. The reason is that the general case compliers may
> or may not have our special extensions to GLIB2.0 and other tool suites.

If you rebuild NTP anyway then it should not matter specifically to you
which options are enabled or disabled by default. You are one of the
guys who know what they expect from their NTP binaries, and I assume you
carefully check the configuration options to be enabled.

On their other hand there are the guys who maintain the packages for
their Linux/FreeBSD/Solaris or whatever distribution. They are not
necessarily as familiar with NTP and its configurable features, so we
should provide a package with default options which are most suitable
for most users.

Remember the time back when some Linux distributions came with a default
NTP configuration which let an ntpd with local clock reference only run
at stratum 1, assumably only because the package maintainers did not
really know what they were doing.

Or the Solaris guys who have been building their NTP binaries since xntp
3-5.93 with --enable-all-clock, expecting support for really all clocks
had been compiled in, whereas support for the parse clocks hadn't been
enabled in spite of the config option. See:

AFAIK Brian is currently working on a fix for this. Thanks, Brian.

>> Not only the Windows port is shipped as a set of binaries, also Linux,
>> Solaris, and (AFAIK) FreeBSD provide binary packages which are
>> precompiled by the maintainers of the OS or distribution. 
> Yes but the users of those will have no idea about their compilation or
> working operations and since there is no 'reliability guarentee' none of
> this code can be used in commercial production in audited environments.
> All LINUX kits install NTP from some form of container - whether its a
> binary one of a source one. FreeBSD is different and NTP for it is
> supplied through the /usr/ports collection of applications and their
> FreeBSD specific patches.

I don't understand what you mean here. As long as people simply install
from a prepared package (and most users do) they rely on the assumption
the package maintainer has done things correctly.

>>   So, for example, only the maintainers need to have the openSSL
>> headers installed. On the end user's target system it is sufficient to
>> have the openSSL libs installed.
> Except again if the users are also not sticking with distributions of
> OpenSSH or OpenSSL that are supplied with their systems they also need
> the headers to enable recompiling.
>> Similarly, the end user can decide whether he wants to have the Samba
>> daemon running or not, and I don't believe he would be happy to
>> recompile the NTP daemon just because Sambe shall be running but the
>> NTP installation package comes with support for Samba authentication
>> disabled.
> I understand the point but there are in fact many who still build from
> source and this group will actually grow I think.

Again, those people who prefer to build their *own* binaries should know
what they are doing.

Martin Burnicki

Meinberg Funkuhren
Bad Pyrmont

More information about the hackers mailing list