From owner-svn-src-all@freebsd.org Sat Oct 17 19:24:21 2015 Return-Path: Delivered-To: svn-src-all@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 78651A17061 for ; Sat, 17 Oct 2015 19:24:21 +0000 (UTC) (envelope-from imp@bsdimp.com) Received: from mail-pa0-f54.google.com (mail-pa0-f54.google.com [209.85.220.54]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (Client CN "smtp.gmail.com", Issuer "Google Internet Authority G2" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 44CDE66A for ; Sat, 17 Oct 2015 19:24:21 +0000 (UTC) (envelope-from imp@bsdimp.com) Received: by pabrc13 with SMTP id rc13so150770188pab.0 for ; Sat, 17 Oct 2015 12:24:14 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:sender:subject:mime-version:content-type:from :in-reply-to:date:cc:message-id:references:to; bh=E4y1uvCRxIqlBJ8ACe/VaTP9+pBS5bixABBRYxWGSo0=; b=C+N1H1DxnOjUg65r/+jXAspgqAM3LiTMh81v5+7VPLoF49J3GZhuQuoimjkm+vciZQ 0OtDOunW0qFz05yxyzPzAq1uoeahxbDXwdtnYzxnyym/BLmow7DnyYNauo06kBjZE00q Y65Mbn+LCBFnCqFJrZej1Ht8CATk43r5CQYLhxKW5nmqj8wvEQ5Zikh0w9asIhekOht9 yUk6zfuo3Q8DPPgGsdEEuVj3xcNFLVHakFwRuZYeZyjtBgkAa7kU2lYYtyjpsrGBrE4z CawoWRC3tC9sgY4D6NVemh+3fECpPcvYImr+uwX/OZLkZJkD8WnOYb+TiyxnQvsvGbtq hGjw== X-Gm-Message-State: ALoCoQn00Uz00YnWDMWg5JWkzbSGh3SPWw/KlGQiZ9DkDS0nb/gylanELHH2pkysrGtWxPDi4tKM X-Received: by 10.68.165.34 with SMTP id yv2mr24394581pbb.112.1445109854830; Sat, 17 Oct 2015 12:24:14 -0700 (PDT) Received: from ip-100-127-128-53.ec2.internal ([69.53.245.5]) by smtp.gmail.com with ESMTPSA id u10sm27890182pbs.63.2015.10.17.12.24.13 (version=TLS1 cipher=ECDHE-RSA-AES128-SHA bits=128/128); Sat, 17 Oct 2015 12:24:14 -0700 (PDT) Sender: Warner Losh Subject: Re: svn commit: r289421 - in head/etc: . mtree ntp Mime-Version: 1.0 (Mac OS X Mail 8.2 \(2104\)) Content-Type: multipart/signed; boundary="Apple-Mail=_16F1F0DA-759B-465C-8562-B362DD59EF9A"; protocol="application/pgp-signature"; micalg=pgp-sha512 X-Pgp-Agent: GPGMail 2.5.2 From: Warner Losh In-Reply-To: <562294A5.10309@FreeBSD.org> Date: Sat, 17 Oct 2015 13:24:12 -0600 Cc: Ian Lepore , Cy Schubert , src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-head@freebsd.org Message-Id: <8B01FEEE-71A5-4F0A-B733-D0846920C6D0@bsdimp.com> References: <201510161404.t9GE4GqM046436@repo.freebsd.org> <1445106350.71631.36.camel@freebsd.org> <562294A5.10309@FreeBSD.org> To: Bryan Drewery X-Mailer: Apple Mail (2.2104) X-BeenThere: svn-src-all@freebsd.org X-Mailman-Version: 2.1.20 Precedence: list List-Id: "SVN commit messages for the entire src tree \(except for " user" and " projects" \)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 17 Oct 2015 19:24:21 -0000 --Apple-Mail=_16F1F0DA-759B-465C-8562-B362DD59EF9A Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset=windows-1252 > On Oct 17, 2015, at 12:34 PM, Bryan Drewery = wrote: >=20 > On 10/17/15 11:25 AM, Ian Lepore wrote: >> On Fri, 2015-10-16 at 14:04 +0000, Cy Schubert wrote: >>> Author: cy >>> Date: Fri Oct 16 14:04:16 2015 >>> New Revision: 289421 >>> URL: https://svnweb.freebsd.org/changeset/base/289421 >>>=20 >>> Log: >>> Add default leap-seconds file. This should help ntp networks get >>> the >>> leap second date correct >>>=20 >>> Updates to the file can be obtained from ftp://time.nist.gov/pub/ o >>> r >>> ftp://tycho.usno.navy.mil/pub/ntp/. >>>=20 >>> Suggested by: dwmalone >>> Reviewed by: roberto, dwmalone, delphij >>> Approved by: roberto >>> MFC after: 1 week >>=20 >> One thing about this change scares me. In the ntpd documentation: >>=20 >> If the leapseconds file is present, the leap bits for reference >> clocks and downstratum servers are ignored. >>=20 >> I can't determine from casual code examination (and I don't have time >> to experiment now) whether that is true even if the file is expired. >>=20 >> The leapfile expires every six months, and users must update it using >> some external mechanism, or they must have configured autokey stuff = so >> that updates can be accepted from peer servers. In either case what >> we've done is created a default configuration that is likely to fail >> right out of the box, because at least for releases the file we = deliver >> will be expired before they even download and install the image. >>=20 >> At the very least I think we should hold off on MFC of this until we >> know for sure whether an expired-but-present leapfile causes = incorrect >> operation. If a pending leap notification in the leap bits of = packets >> from peer servers and refclocks will be honored when the file is >> expired, then there is no problem with this change. >>=20 >=20 > Yeah. This sounds like something that needs to be delivered more = easily > in a normal update mechanism, such as packages. ENs every 6 months = are > not practical for this and a lot of users don't always apply EN while > IMO they are more likely to apply package upgrades. Short of that, = some > kind of periodic script could fetch an updated file discussion>. The file itself is signed, but only weakly with a sha hash at the end. = Don=92t know if the hash is one of the ones that=92s been broken yet or not. Warner --Apple-Mail=_16F1F0DA-759B-465C-8562-B362DD59EF9A Content-Transfer-Encoding: 7bit Content-Disposition: attachment; filename=signature.asc Content-Type: application/pgp-signature; name=signature.asc Content-Description: Message signed with OpenPGP using GPGMail -----BEGIN PGP SIGNATURE----- Comment: GPGTools - https://gpgtools.org iQIcBAEBCgAGBQJWIqBcAAoJEGwc0Sh9sBEAXxMP/Ajo7+HPdkUCFpI+s8rMUjgu cIiWH3IKOYOcxtY8QfPXaMMJs20FdzIkMy3iG/MOmRLnRQBEeysli89M6Aeu4tvd sWQ8zmwVLlEvLgjyd3dqGfUJKNW8BCXVLHS0XFi62CYAx6i1gchBkJuzW4suey7z aAN0Sbsz+K7UY993nS+AXESnlVCw4pbSeYz/5y5iGmruJB26F76UWJlBqZjU35lx dLuPYXMwQxI21Zf+xWH2M3+XyR7KtGKe1G/egMRRoDc1TPBDe8KZEFPkuBfdX0Ca YesNqke4Bk1t0uhyaaLPVCPmNVheNG5y+iVvl+PQBcLCVGqCd3Q0Qk28PchBriCw 19HUXTlkR2jSLIEZ4NxAsIizTLwuwReqg7WS8Nb9NhS3+JuecUgsc7F8csF6mJgN xCKLkdSc8OHpKKBB1WUfYH54WijA2rCuln12g4o1i8a9BhewTJ/2xc/BFWk7+INp zn27LL3OmYYJIMb2y5qQpUSjvu5zv49AMjUZ2cZy/gelKbNvBVA5uA1exEo4D5FL kyrAEt/EDs5nh6N0naGRuedRggPr/ZR/03pmGvu7ehs2F7Ttqn58XNb1hoRLjJBg 4S2ZnLBpYHehSR1kck8KJIMzafOTAhr6FJGg4ifAezx20gSiDajewyJftoLiQwOP fYSnMd2+00b8sQphfKpq =CWrv -----END PGP SIGNATURE----- --Apple-Mail=_16F1F0DA-759B-465C-8562-B362DD59EF9A--