Interesting screwup case
James Browning
jamesb192 at jamesb192.com
Tue Mar 24 14:19:53 UTC 2026
> On 03/24/2026 5:04 AM PDT Hal Murray via devel <devel at ntpsec.org> wrote:
>
> I have a Raspberry Pi running Fedora. They don't have a version of
> fake-hwclock in their collection. So it came up with a bogus date/time.
>
> That box was setup to use NTS on all its servers. The certificate checks
> failed due to invalid dates. All of them. So the box was just sitting
> there, retrying the NTS-KE step occasionally.
>
> Should we add a hack to do something like set the clock to the date from
> the drift file if it is before the build date?
I think it would be nice if DHCP had a 'new' visitor option to
send the time.
Also, an option to temporarily waive DNSSEC if the time is
before BUILD_EPOCH and (probably) revoke those that do not
match after the big step would be nice. (working on it badly)
Additionally, find out whether Red Hat/Fedora has something
else. Also, what if the mini-SD card has been offline for
more than the duration of an involved signature or key?
Isn't this almost exactly the plug story for roughtime?
More information about the devel
mailing list