On Wed, Dec 2, 2020 at 9:24 AM Ben Cotton <bcotton@xxxxxxxxxx> wrote: > > https://fedoraproject.org/wiki/Changes/NtpReplacement > > == Summary == > > The `ntp` package is replaced with `ntpsec`. > > == Owner == > * Name: [[User:mlichvar| Miroslav Lichvar]] > * Email: mlichvar@xxxxxxxxxx > > == Detailed Description == > > `ntp` is one of the few NTP implementations provided in Fedora. It is > not used or installed by default. > > The [https://www.ntp.org/ upstream project] is not in a good shape and > it doesn't seem to be improving. The development is slow and happens > behind closed doors. There is a significant number of known security > issues that have not been fixed yet. Some are exploitable in the > default configuration. > > [https://www.ntpsec.org/ ntpsec] is a fork of `ntp` with focus on > security. It has removed a lot of code and fixed or avoided most of > the security issues in `ntp`. It doesn't support all features, but in > typical configurations it can be used as a drop-in replacement for > `ntp`. > > There are few packages in Fedora that have a dependency on `ntp`: > * `nagios-plugins-ntp-perl` > * `ntpstat` > > == Benefit to Fedora == > > This change makes Fedora more secure. > > == Scope == > * Proposal owners: > > # Package `ntpsec` obsoleting the `ntp` package. > # Retire `ntp` package. > # Make sure the dependent packages still work. > > * Other developers: N/A (not a System Wide Change) > * Release engineering: N/A (not needed for this Change) > * Policies and guidelines: N/A (not a System Wide Change) > * Trademark approval: N/A (not needed for this Change) > > == Upgrade/compatibility impact == > > The `ntp` package is replaced automatically on upgrade to Fedora 34. > The configuration file ''/etc/ntp.conf'' is saved as to > ''/etc/ntp.conf.rpmsave'' and it needs to be renamed to > ''/etc/ntp.conf'' to be used by `ntpsec`. Otherwise, `ntpsec` will > fall back to the default configuration in ''/etc/ntp.d'' using the > ''pool.ntp.org'' servers. > > The `ntpd` service is disabled after the upgrade and needs to be enabled again. > > == How To Test == > * Install `ntpsec` > * Run `ntpdate pool.ntp.org` > * Start the `ntpd` service > * Run `ntpq -p` to verify `ntpd` is polling servers and synchronizing the clock > > == User Experience == > For most users of `ntp` the experience is not expected to change > significantly. Advanced configurations may need to be modified to work > with `ntpsec`. > > == Dependencies == > N/A (not a System Wide Change) > > == Contingency Plan == > > * Contingency mechanism: Unretire `ntp` and remove the obsoletes in `ntpsec` > * Contingency deadline: Fedora 34 Beta > * Blocks release? N/A (not a System Wide Change) > * Blocks product? > > == Documentation == > N/A (not a System Wide Change) > > == Release Notes == > TBD > Makes sense, though I think the release notes section would be pretty easy to write: "The classic ntpd service was formerly provided by the ntp package. The ntp software has significant security issues and development seems moribund. It has now been replaced with the ntpsec package, an actively maintained fork of the ntp software. No functional changes are expected." -- 真実はいつも一つ!/ Always, there's only one truth! _______________________________________________ devel mailing list -- devel@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to devel-leave@xxxxxxxxxxxxxxxxxxxxxxx Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/devel@xxxxxxxxxxxxxxxxxxxxxxx
