Default config file behavior - request for comment
Mark Atwood
fallenpegasus at gmail.com
Wed Sep 20 18:15:30 UTC 2017
While I like choice #2 for friendlyness, I have to agree re not to hardwire
the pool name without external consent.
Code in choice #1, and if its easy to do, with a big loud warning to stderr
and logerr that it's doing nothing.
Supply a reference config file that implements #2
..m
On Wed, Sep 20, 2017 at 10:35 AM Achim Gratz via devel <devel at ntpsec.org>
wrote:
> Eric S. Raymond via devel writes:
> > There are three obvious ways to address this.
> >
> > 1. The infosec-focused way. Change the default restrictions to be
> > "allow nothing." This way, if you bring it up with no config, there's
> > no harm. It just spins inaccessibly.
>
> If it does that without complaining loudly enough some folks might think
> it's actually doing something and act surprised when it doesn't.
>
> > 2. User-friendly way. Bring it up with these permissions:
> >
> > restrict default kod limited nomodify nopeer noquery
> > restrict -6 default kod limited nomodify nopeer noquery
> > restrict 127.0.0.1
> > restrict -6 ::1
>
> Stop it here. No pool (I think hardwiring pool names without consent of
> the pool administrators is a no-no). Also, no drift file. You might
> want to add "noserve notrust" to the last two statements.
>
> > pool pool.ntp.org iburst
> > driftfile /var/lib/ntp/ntp.drift
> >
> > That is, the behavior 99.9% of all installations want.
> >
> > 3. Leave current behavior alone.
>
> The current behaviour was addressing a different target audience, so I
> see no reason to keep it when we are targeting a different population.
>
>
> Regards,
> Achim.
> --
> +<[Q+ Matrix-12 WAVE#46+305 Neuron microQkb Andromeda XTk Blofeld]>+
>
> Factory and User Sound Singles for Waldorf rackAttack:
> http://Synth.Stromeko.net/Downloads.html#WaldorfSounds
>
> _______________________________________________
> devel mailing list
> devel at ntpsec.org
> http://lists.ntpsec.org/mailman/listinfo/devel
>
--
Mark Atwood
http://about.me/markatwood
+1-206-604-2198 Mobile & Signal
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.ntpsec.org/pipermail/devel/attachments/20170920/fe28cd38/attachment.html>
More information about the devel
mailing list