Why admin's do not trust daemons to do their own packet filtering (was Re: Resuming the great cleanup)

Eric S. Raymond esr at thyrsus.com
Tue May 29 20:54:11 UTC 2018


Ian Bruene via devel <devel at ntpsec.org>:
> I've skimmed through some of the code associated with these features during
> deglobalization. It /needs/ to be cleaned up one way or another. Cleaning it
> with a scythe is all the better.

Hmmm.  You may have talked yourself into a job, apprentice.  Because you
are absolutely right, and more motivated than I knew.

I was going to do SINGLESOCKET myself, but now that I think about it
that would be almost the next logical C task for you.  I say "almost"
because it's more challenging than I would have picked in an ideal
world; OTOH you haven't screwed up anything I've thrown at you yet.
(Which fact is pretty impressive, by the way.)

Are you up for trying?  "No" is an acceptable answer - I'm not certain
you're ready for this myself.  It would be what Marines call "good
training" (evil laughter).  But if you take it on I'll be on call to
back you up. Because "Job gets done" plus "Ian gets good training" is
a better outcome than "Job gets done" alone.

Mark: if Ian takes this one it might mean I get a head start on
EVENTS, which is harder and I judge not in his range yet.  But we need
to resolve the discussion anout whether EVENTS is worth chasing - that
is, whether the intersection of "no refclocks" and "low power" with
our important deployment cases is large.
-- 
		<a href="http://www.catb.org/~esr/">Eric S. Raymond</a>

My work is funded by the Internet Civil Engineering Institute: https://icei.org
Please visit their site and donate: the civilization you save might be your own.




More information about the devel mailing list