Quote by r0lf: "The NTP code has seen numerous security vulnerabilities and we have to assume that ntpdate is not receiving the same scrutiny anymore when compared to NTPd."
Sorry r0lf, but that's laughable. Do you really want people to run a fully featured (your wording: vulnerable) NTP daemon just to do s.th. like this (ntpdate -u HOSTNAME >>/var/log/messages 2>&1) one a day within a "/etc/cron.hourly/ntp"? Don't get me wrong -- I agree with you on the upstream-part of your statement, but I disagree when it comes to bloat systems unnecessarily. Once OS used to be simple, only containing things which their operators needed. Why force them into running daemons the don't really have demand for? I think "ntpd -qg" is the only option, although far from perfect. https://twitter.com/TRONDELTA/status/546138511284658177 -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to ntp in Ubuntu. https://bugs.launchpad.net/bugs/583994 Title: Consider replacing ntpdate calls by 'ntpd -g' Status in NTP: Invalid Status in ntp package in Ubuntu: Confirmed Status in ubuntu-meta package in Ubuntu: Triaged Status in ntp package in Debian: Unknown Bug description: Binary package hint: ntp Given that 'ntpdate' is being obsoleted upstream [1], we should replace 'ntpdate' usage by: * ntpd -qg (if we really want to set the time and exit), or * ntpd-g (if we want to keep ntpd running) the '-q' option will set the clock once, and exit; the 'g' allows for large corrections to the clock, like what is done by 'ntpdate'. [1] http://www.eecis.udel.edu/~mills/ntp/html/ntpdate.html To manage notifications about this bug go to: https://bugs.launchpad.net/ntp/+bug/583994/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
