Possible abuse from fetching the leap second file

Kurt Roeckx kurt at roeckx.be
Mon Aug 15 13:11:07 UTC 2016


On Mon, Aug 15, 2016 at 08:37:14AM -0400, Eric S. Raymond wrote:
> Hal Murray <hmurray at megapathdsl.net>:
> > 
> > esr at thyrsus.com said:
> > > While I accept this as a general principle, is there anything about the new
> > > ntpleapfetch that inflicts a heavier load than the old ntpleapfetch has been
> > > causing for decades with the tolerance of NIST and USNO? 
> > 
> > The old stuff has poor publicity.  None of the major distros/OSes come setup 
> > to run it from a cron job.  As long as you don't change that we won't have 
> > any problems.
> > 
> > The problem will happen if somebody improves our documentation enough so that 
> > somebody notices, and that seems reasonably likely.
> 
> I've thought about this some more, and now I am in doubt that the
> general principle (don't use other peoples' resources without their
> permission) applies here.  I think we need to apply what tort law
> would call a reasonable-person test.
> 
> Some kinds of public-facing offer of a resource clearly constitute an
> implied invitation to download it as needed.  Consider, for example, a web page.
> 
> I think the NIST/IERS public offer of an authoritative leap-second resource
> constitutes the same sort of invitation.  If you disagree, ask yourself
> if your evaluation would change if that data were in HTML and accessed
> through port 80, or accessed by anonymous FTP. Surely the mechanics
> of how it's downloaded are irrelevant to the ethics of the situation!

That doesn't mean you should go and have millions of clients
change from not checking it to downloading it without at least
warning them about it.  It doesn't help anybody if we overload the
servers.


Kurt



More information about the devel mailing list