Bug 82511

Summary: redhat-config-time should contain NTP servers only by permission
Product: [Retired] Red Hat Public Beta Reporter: James Ralston <ralston>
Component: redhat-config-dateAssignee: Brent Fox <bfox>
Status: CLOSED RAWHIDE QA Contact:
Severity: medium Docs Contact:
Priority: medium    
Version: phoebeCC: mitr, wtogami
Target Milestone: ---   
Target Release: ---   
Hardware: i386   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2003-01-23 17:57:48 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On:    
Bug Blocks: 79579    

Description James Ralston 2003-01-22 22:43:13 UTC 
The redhat-config-time comes pre-loaded with a default set of NTP servers.

Unless Red Hat has confirmed with each and every server operator that listing
their server in redhat-config-time is acceptable, then Red Hat *should not* list
those NTP servers, as listing those servers without permission violates the NTP
"Rules of Engagement":

http://www.eecis.udel.edu/~mills/ntp/servers.html

(In particular, a handful of the servers redhat-config-time contains are stratum
1 servers.  Individual clients should rarely (if ever) point directly to stratum
1 servers.)

If Red Hat wants to always have default NTP servers in this utility, I suggest
the following:

    public-ntp-1.redhat.com
    public-ntp-2.redhat.com
    public-ntp-3.redhat.com
    [...]

(In other words, if Red Hat wants to create an application that will encourage
Red Hat customers to overwhelm NTP servers, it should be Red Hat's own NTP
servers that are overwhelmed.)

Alternatively, consider creating another checkbox:

    [ ] Use NTP servers provided by DHCP

This will be hard, though; you'll need hooks into the /sbin/dhclient-script
script to Do It Right.  And you'll still need a fallback if DHCP doesn't return
a value for the ntp-servers option.

If you already asked permission from each and every NTP server operator before
adding their server to the list in redhat-config-time, then please ignore this
report.
Comment 1 Brent Fox 2003-01-23 17:57:48 UTC 
All the servers in the list have an open access policy according to
http://www.eecis.udel.edu/~mills/ntp/clock2a.html.  I also changed the list to
include only stratum 2 time servers, except for time.nist.gov.  This change
should be in Phoebe2.

time.nist.gov, incidentally, is one of only two servers that Windows XP presents
(time.microsoft.com is the other one).  Considering that there must be tens of
millions of installations of Windows XP at this point, I don't think that adding
a few Linux users onto that server is going to make much difference.

For what it's worth, I tried months ago to convince people inside Red Hat to set
up a public NTP server as you suggested but I got nowhere with the idea.

See bug #68503 for information about NTP and DHCP.
Comment 2 James Ralston 2003-01-27 04:09:19 UTC 
That seems reasonable.

Although I would still argue that time.nist.gov should be removed.  We already
know that Microsoft is antisocial.  ;)  Red Hat should take the moral high
ground here, and list *only* stratum 2 time servers with open access policies.

(It's a pity that the pub-ntp.redhat.com idea didn't fly.)
Comment 3 Brent Fox 2003-02-11 23:13:31 UTC 
Good news.  We now have two public NTP servers.  clock.redhat.com and
clock2.redhat.com.
Comment 4 James Ralston 2003-03-05 08:35:09 UTC 
Coolness.

I can't find an access policy for those machines anywhere--not on Red Hat's web
site, nor on the NTP "Rules of Engagement" pages.

What's the access policy?
Comment 5 Brent Fox 2003-03-05 17:37:04 UTC 
Hmm...good question.  I don't know what the access policy is.
Comment 6 James Ralston 2003-03-12 00:02:15 UTC 
Uhhh... could you find out?  ;)

(That they're public in some sense is fairly obvious.  The real question is
whether the access policy is "everyone and anyone", or "please only use these
NTP servers if you're providing time services to at least a hundred clients or
so"...)