Fedora 34 Change: ntp replacement (Self-Contained Change)

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



https://fedoraproject.org/wiki/Changes/NtpReplacement

== Summary ==

The `ntp` package is replaced with `ntpsec`.

== Owner ==
* Name: [[User:mlichvar| Miroslav Lichvar]]
* Email: mlichvar@xxxxxxxxxx

== Detailed Description ==

`ntp` is one of the few NTP implementations provided in Fedora. It is
not used or installed by default.

The [https://www.ntp.org/ upstream project] is not in a good shape and
it doesn't seem to be improving. The development is slow and happens
behind closed doors. There is a significant number of known security
issues that have not been fixed yet. Some are exploitable in the
default configuration.

[https://www.ntpsec.org/ ntpsec] is a fork of `ntp` with focus on
security. It has removed a lot of code and fixed or avoided most of
the security issues in `ntp`. It doesn't support all features, but in
typical configurations it can be used as a drop-in replacement for
`ntp`.

There are few packages in Fedora that have a dependency on `ntp`:
* `nagios-plugins-ntp-perl`
* `ntpstat`

== Benefit to Fedora ==

This change makes Fedora more secure.

== Scope ==
* Proposal owners:

# Package `ntpsec` obsoleting the `ntp` package.
# Retire `ntp` package.
# Make sure the dependent packages still work.

* Other developers: N/A (not a System Wide Change)
* Release engineering: N/A (not needed for this Change)
* Policies and guidelines: N/A (not a System Wide Change)
* Trademark approval: N/A (not needed for this Change)

== Upgrade/compatibility impact ==

The `ntp` package is replaced automatically on upgrade to Fedora 34.
The configuration file ''/etc/ntp.conf'' is saved as to
''/etc/ntp.conf.rpmsave'' and it needs to be renamed to
''/etc/ntp.conf'' to be used by `ntpsec`. Otherwise, `ntpsec` will
fall back to the default configuration in ''/etc/ntp.d'' using the
''pool.ntp.org'' servers.

The `ntpd` service is disabled after the upgrade and needs to be enabled again.

== How To Test ==
* Install `ntpsec`
* Run `ntpdate pool.ntp.org`
* Start the `ntpd` service
* Run `ntpq -p` to verify `ntpd` is polling servers and synchronizing the clock

== User Experience ==
For most users of `ntp` the experience is not expected to change
significantly. Advanced configurations may need to be modified to work
with `ntpsec`.

== Dependencies ==
N/A (not a System Wide Change)

== Contingency Plan ==

* Contingency mechanism: Unretire `ntp` and remove the obsoletes in `ntpsec`
* Contingency deadline: Fedora 34 Beta
* Blocks release? N/A (not a System Wide Change)
* Blocks product?

== Documentation ==
N/A (not a System Wide Change)

== Release Notes ==
TBD


-- 
Ben Cotton
He / Him / His
Senior Program Manager, Fedora & CentOS Stream
Red Hat
TZ=America/Indiana/Indianapolis
_______________________________________________
devel mailing list -- devel@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe send an email to devel-leave@xxxxxxxxxxxxxxxxxxxxxxx
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/devel@xxxxxxxxxxxxxxxxxxxxxxx




[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Index of Archives]     [Fedora Announce]     [Fedora Users]     [Fedora Kernel]     [Fedora Testing]     [Fedora Formulas]     [Fedora PHP Devel]     [Kernel Development]     [Fedora Legacy]     [Fedora Maintainers]     [Fedora Desktop]     [PAM]     [Red Hat Development]     [Gimp]     [Yosemite News]

  Powered by Linux