Resuming the great cleanup
Eric S. Raymond
esr at thyrsus.com
Tue May 29 10:13:45 UTC 2018
Mark Atwood <fallenpegasus at gmail.com>:
> No modern sysadmin or devops shop is going to use or trust an userspace
> packet filter built into the userspace daemon they are defending.
Hm. I am ignorant here. Why is this so?
> This is an ancient feature that is a fossil evidence that NTP was a known
> security tarpit predating the widespread deployment of the kernel packet
> filter or edge switch filters.
> We will drop this feature.
> We can explain why, and every netadmin and devops manager will agree with
> the reason.
I am not arguing with the decision - it is exactly yours to make - but I'd like
to see an explanation in a form I can put in a doc patch. I'll first cleanly
remove it with explanation, then implement SINGLESOCK.
<a href="http://www.catb.org/~esr/">Eric S. Raymond</a>
My work is funded by the Internet Civil Engineering Institute: https://icei.org
Please visit their site and donate: the civilization you save might be your own.
More information about the devel