On Wed, Jul 17, 2013 at 12:43 PM, Jaroslav Reznik <jreznik@xxxxxxxxxx> wrote: > = Proposed Self Contained Change: Remove deprecated calls of using ntpdate in > favor of ntpd = > https://fedoraproject.org/wiki/Changes/ntpdate Given what has been discussed/learned in this thread, it seems that the change proposal needs some changes (and perhaps another round of discussion?). Looking at the rationale, I wonder how the things that have been discussed so far (replacement of ntpd with chrony, and ntpdate with sntp) make a difference with respect to the hardening recommendations - perhaps such changes would help avoid the letter of the recommendations, but what about the substance? For example in http://www.nsa.gov/ia/_files/factsheets/rhel5-pamphlet-i731.pdf, I really doubt the intent was to exclude specifically a daemon named ntpd - rather the intent was most likely to avoid running a daemon at all[1], so just using chrony instead of ntpd wouldn't make a substantial difference. Mirek [1] Leaving aside whether such a recommendation is well justified. -- devel mailing list devel@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/devel
