[ntp:questions] Re: Due diligence

David Sullivan david.c.sullivan at gmail.com
Sun May 1 16:06:35 UTC 2005


Lee Sailer wrote:
> As I am sure that you all know, there is a legal concept of "due
> diligence".  More of less, this means that you are trying to do
things
> right, even if you are not doing things perfectly.  (I am not a
lawyer.
>  No flames, please.)
>
> HP-UX ships with version 3.5f of xntpd (I think). For those NTP buffs
> out there, do you think the use of this old version is good enough to
> show due diligence?  My company supplies financial services (not time
> services) to cusotmers world-wide.  We use NTP internally to keep our
> hosts in sync.

I'm no buff but the patch for the buffer overflow that was present in
3.5 and 4.0 was fairly easy to backport to 3.5 (which was necssary for
us at the time since the arcron driver was not working in 4.0). Whether
it's an issue or not might depend on whether HP-UX are shipping a
patched version or stock xntp.

David.




More information about the questions mailing list