Bug 82511 - redhat-config-time should contain NTP servers only by permission
redhat-config-time should contain NTP servers only by permission
Status: CLOSED RAWHIDE
Product: Red Hat Public Beta
Classification: Retired
Component: redhat-config-date (Show other bugs)
phoebe
i386 Linux
medium Severity medium
: ---
: ---
Assigned To: Brent Fox
:
Depends On:
Blocks: 79579
  Show dependency treegraph
 
Reported: 2003-01-22 17:43 EST by James Ralston
Modified: 2008-05-01 11:38 EDT (History)
2 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2003-01-23 12:57:48 EST
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description James Ralston 2003-01-22 17:43:13 EST
The redhat-config-time comes pre-loaded with a default set of NTP servers.

Unless Red Hat has confirmed with each and every server operator that listing
their server in redhat-config-time is acceptable, then Red Hat *should not* list
those NTP servers, as listing those servers without permission violates the NTP
"Rules of Engagement":

http://www.eecis.udel.edu/~mills/ntp/servers.html

(In particular, a handful of the servers redhat-config-time contains are stratum
1 servers.  Individual clients should rarely (if ever) point directly to stratum
1 servers.)

If Red Hat wants to always have default NTP servers in this utility, I suggest
the following:

    public-ntp-1.redhat.com
    public-ntp-2.redhat.com
    public-ntp-3.redhat.com
    [...]

(In other words, if Red Hat wants to create an application that will encourage
Red Hat customers to overwhelm NTP servers, it should be Red Hat's own NTP
servers that are overwhelmed.)

Alternatively, consider creating another checkbox:

    [ ] Use NTP servers provided by DHCP

This will be hard, though; you'll need hooks into the /sbin/dhclient-script
script to Do It Right.  And you'll still need a fallback if DHCP doesn't return
a value for the ntp-servers option.

If you already asked permission from each and every NTP server operator before
adding their server to the list in redhat-config-time, then please ignore this
report.
Comment 1 Brent Fox 2003-01-23 12:57:48 EST
All the servers in the list have an open access policy according to
http://www.eecis.udel.edu/~mills/ntp/clock2a.html.  I also changed the list to
include only stratum 2 time servers, except for time.nist.gov.  This change
should be in Phoebe2.

time.nist.gov, incidentally, is one of only two servers that Windows XP presents
(time.microsoft.com is the other one).  Considering that there must be tens of
millions of installations of Windows XP at this point, I don't think that adding
a few Linux users onto that server is going to make much difference.

For what it's worth, I tried months ago to convince people inside Red Hat to set
up a public NTP server as you suggested but I got nowhere with the idea.

See bug #68503 for information about NTP and DHCP.
Comment 2 James Ralston 2003-01-26 23:09:19 EST
That seems reasonable.

Although I would still argue that time.nist.gov should be removed.  We already
know that Microsoft is antisocial.  ;)  Red Hat should take the moral high
ground here, and list *only* stratum 2 time servers with open access policies.

(It's a pity that the pub-ntp.redhat.com idea didn't fly.)
Comment 3 Brent Fox 2003-02-11 18:13:31 EST
Good news.  We now have two public NTP servers.  clock.redhat.com and
clock2.redhat.com.
Comment 4 James Ralston 2003-03-05 03:35:09 EST
Coolness.

I can't find an access policy for those machines anywhere--not on Red Hat's web
site, nor on the NTP "Rules of Engagement" pages.

What's the access policy?
Comment 5 Brent Fox 2003-03-05 12:37:04 EST
Hmm...good question.  I don't know what the access policy is.  
Comment 6 James Ralston 2003-03-11 19:02:15 EST
Uhhh... could you find out?  ;)

(That they're public in some sense is fairly obvious.  The real question is
whether the access policy is "everyone and anyone", or "please only use these
NTP servers if you're providing time services to at least a hundred clients or
so"...)

Note You need to log in before you can comment on or make changes to this bug.