https://fedoraproject.org/wiki/Changes/NtpReplacement == Summary == The `ntp` package is replaced with `ntpsec`. == Owner == * Name: [[User:mlichvar| Miroslav Lichvar]] * Email: mlichvar@xxxxxxxxxx == Detailed Description == `ntp` is one of the few NTP implementations provided in Fedora. It is not used or installed by default. The [https://www.ntp.org/ upstream project] is not in a good shape and it doesn't seem to be improving. The development is slow and happens behind closed doors. There is a significant number of known security issues that have not been fixed yet. Some are exploitable in the default configuration. [https://www.ntpsec.org/ ntpsec] is a fork of `ntp` with focus on security. It has removed a lot of code and fixed or avoided most of the security issues in `ntp`. It doesn't support all features, but in typical configurations it can be used as a drop-in replacement for `ntp`. There are few packages in Fedora that have a dependency on `ntp`: * `nagios-plugins-ntp-perl` * `ntpstat` == Benefit to Fedora == This change makes Fedora more secure. == Scope == * Proposal owners: # Package `ntpsec` obsoleting the `ntp` package. # Retire `ntp` package. # Make sure the dependent packages still work. * Other developers: N/A (not a System Wide Change) * Release engineering: N/A (not needed for this Change) * Policies and guidelines: N/A (not a System Wide Change) * Trademark approval: N/A (not needed for this Change) == Upgrade/compatibility impact == The `ntp` package is replaced automatically on upgrade to Fedora 34. The configuration file ''/etc/ntp.conf'' is saved as to ''/etc/ntp.conf.rpmsave'' and it needs to be renamed to ''/etc/ntp.conf'' to be used by `ntpsec`. Otherwise, `ntpsec` will fall back to the default configuration in ''/etc/ntp.d'' using the ''pool.ntp.org'' servers. The `ntpd` service is disabled after the upgrade and needs to be enabled again. == How To Test == * Install `ntpsec` * Run `ntpdate pool.ntp.org` * Start the `ntpd` service * Run `ntpq -p` to verify `ntpd` is polling servers and synchronizing the clock == User Experience == For most users of `ntp` the experience is not expected to change significantly. Advanced configurations may need to be modified to work with `ntpsec`. == Dependencies == N/A (not a System Wide Change) == Contingency Plan == * Contingency mechanism: Unretire `ntp` and remove the obsoletes in `ntpsec` * Contingency deadline: Fedora 34 Beta * Blocks release? N/A (not a System Wide Change) * Blocks product? == Documentation == N/A (not a System Wide Change) == Release Notes == TBD -- Ben Cotton He / Him / His Senior Program Manager, Fedora & CentOS Stream Red Hat TZ=America/Indiana/Indianapolis _______________________________________________ devel mailing list -- devel@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to devel-leave@xxxxxxxxxxxxxxxxxxxxxxx Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/devel@xxxxxxxxxxxxxxxxxxxxxxx
