Resuming the great cleanup

Eric S. Raymond esr at
Tue May 29 10:13:45 UTC 2018

Mark Atwood <fallenpegasus at>:
> No modern sysadmin or devops shop is going to use or trust an userspace
> packet filter built into the userspace daemon they are defending.

Hm.  I am ignorant here.  Why is this so?

> This is an ancient feature that is a fossil evidence that NTP was a known
> security tarpit predating the widespread deployment of the kernel packet
> filter or edge switch filters.
> We will drop this feature.
> We can explain why, and every netadmin and devops manager will agree with
> the reason.

I am not arguing with the decision - it is exactly yours to make - but I'd like
to see an explanation in a form I can put in a doc patch.  I'll first cleanly
remove it with explanation, then implement SINGLESOCK. 
		<a href="">Eric S. Raymond</a>

My work is funded by the Internet Civil Engineering Institute:
Please visit their site and donate: the civilization you save might be your own.

More information about the devel mailing list