Date: Sat, 17 Oct 2015 13:24:12 -0600 From: Warner Losh <imp@bsdimp.com> To: Bryan Drewery <bdrewery@freebsd.org> Cc: Ian Lepore <ian@freebsd.org>, Cy Schubert <cy@FreeBSD.org>, src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-head@freebsd.org Subject: Re: svn commit: r289421 - in head/etc: . mtree ntp Message-ID: <8B01FEEE-71A5-4F0A-B733-D0846920C6D0@bsdimp.com> In-Reply-To: <562294A5.10309@FreeBSD.org> References: <201510161404.t9GE4GqM046436@repo.freebsd.org> <1445106350.71631.36.camel@freebsd.org> <562294A5.10309@FreeBSD.org>
next in thread | previous in thread | raw e-mail | index | archive | help
--Apple-Mail=_16F1F0DA-759B-465C-8562-B362DD59EF9A Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset=windows-1252 > On Oct 17, 2015, at 12:34 PM, Bryan Drewery <bdrewery@freebsd.org> = wrote: >=20 > On 10/17/15 11:25 AM, Ian Lepore wrote: >> On Fri, 2015-10-16 at 14:04 +0000, Cy Schubert wrote: >>> Author: cy >>> Date: Fri Oct 16 14:04:16 2015 >>> New Revision: 289421 >>> URL: https://svnweb.freebsd.org/changeset/base/289421 >>>=20 >>> Log: >>> Add default leap-seconds file. This should help ntp networks get >>> the >>> leap second date correct >>>=20 >>> Updates to the file can be obtained from ftp://time.nist.gov/pub/ o >>> r >>> ftp://tycho.usno.navy.mil/pub/ntp/. >>>=20 >>> Suggested by: dwmalone >>> Reviewed by: roberto, dwmalone, delphij >>> Approved by: roberto >>> MFC after: 1 week >>=20 >> One thing about this change scares me. In the ntpd documentation: >>=20 >> If the leapseconds file is present, the leap bits for reference >> clocks and downstratum servers are ignored. >>=20 >> I can't determine from casual code examination (and I don't have time >> to experiment now) whether that is true even if the file is expired. >>=20 >> The leapfile expires every six months, and users must update it using >> some external mechanism, or they must have configured autokey stuff = so >> that updates can be accepted from peer servers. In either case what >> we've done is created a default configuration that is likely to fail >> right out of the box, because at least for releases the file we = deliver >> will be expired before they even download and install the image. >>=20 >> At the very least I think we should hold off on MFC of this until we >> know for sure whether an expired-but-present leapfile causes = incorrect >> operation. If a pending leap notification in the leap bits of = packets >> from peer servers and refclocks will be honored when the file is >> expired, then there is no problem with this change. >>=20 >=20 > Yeah. This sounds like something that needs to be delivered more = easily > in a normal update mechanism, such as packages. ENs every 6 months = are > not practical for this and a lot of users don't always apply EN while > IMO they are more likely to apply package upgrades. Short of that, = some > kind of periodic script could fetch an updated file <enter ssl cacert > discussion>. The file itself is signed, but only weakly with a sha hash at the end. = Don=92t know if the hash is one of the ones that=92s been broken yet or not. Warner --Apple-Mail=_16F1F0DA-759B-465C-8562-B362DD59EF9A Content-Transfer-Encoding: 7bit Content-Disposition: attachment; filename=signature.asc Content-Type: application/pgp-signature; name=signature.asc Content-Description: Message signed with OpenPGP using GPGMail -----BEGIN PGP SIGNATURE----- Comment: GPGTools - https://gpgtools.org iQIcBAEBCgAGBQJWIqBcAAoJEGwc0Sh9sBEAXxMP/Ajo7+HPdkUCFpI+s8rMUjgu cIiWH3IKOYOcxtY8QfPXaMMJs20FdzIkMy3iG/MOmRLnRQBEeysli89M6Aeu4tvd sWQ8zmwVLlEvLgjyd3dqGfUJKNW8BCXVLHS0XFi62CYAx6i1gchBkJuzW4suey7z aAN0Sbsz+K7UY993nS+AXESnlVCw4pbSeYz/5y5iGmruJB26F76UWJlBqZjU35lx dLuPYXMwQxI21Zf+xWH2M3+XyR7KtGKe1G/egMRRoDc1TPBDe8KZEFPkuBfdX0Ca YesNqke4Bk1t0uhyaaLPVCPmNVheNG5y+iVvl+PQBcLCVGqCd3Q0Qk28PchBriCw 19HUXTlkR2jSLIEZ4NxAsIizTLwuwReqg7WS8Nb9NhS3+JuecUgsc7F8csF6mJgN xCKLkdSc8OHpKKBB1WUfYH54WijA2rCuln12g4o1i8a9BhewTJ/2xc/BFWk7+INp zn27LL3OmYYJIMb2y5qQpUSjvu5zv49AMjUZ2cZy/gelKbNvBVA5uA1exEo4D5FL kyrAEt/EDs5nh6N0naGRuedRggPr/ZR/03pmGvu7ehs2F7Ttqn58XNb1hoRLjJBg 4S2ZnLBpYHehSR1kck8KJIMzafOTAhr6FJGg4ifAezx20gSiDajewyJftoLiQwOP fYSnMd2+00b8sQphfKpq =CWrv -----END PGP SIGNATURE----- --Apple-Mail=_16F1F0DA-759B-465C-8562-B362DD59EF9A--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?8B01FEEE-71A5-4F0A-B733-D0846920C6D0>