Yo Hal!
On Tue, 10 May 2022 10:26:08 -0700
Hal Murray wrote:
> Gary said:
> >> Should we do something like set the time to the time stamp of the
> >> drift file? (if it is significantly newer than the current time)
>
> > Nope. Don't get in a fight with the OS.
>
> Could you please say more.
Be careful whjat you ask for.
> The whole purpose of ntpsec is to keep good time.
Yes, but so many other tasks also may think that is their job. When two
fight, bad things happen. It is the job of the OS, using it RC method
(OpenRC, systemd(umb), launchd, etc.) to pick the right programs, in the
right order, to keep time on that host.
> If we know the
> clock is way off, what's wrong with taking a big step to get a lot
> closer so certificate checking has a better chance of working?
Nothing at all, once the system RC has tol ntpsec that system time is
its job, then ntpsec needs to do the best job it can.
I like you suggestion of ntpd using "-g" to get the system time close,
before checking any certificates.
The problem I see a lot is that a lot of Pi's are started with no
network connection, and a bad time, so swclock is commonly used
before starting ntpd.
RGDS
GARY
---
Gary E. Miller Rellim 109 NW Wilmington Ave., Suite E, Bend, OR 97703
g...@rellim.com Tel:+1 541 382 8588
Veritas liberabit vos. -- Quid est veritas?
"If you can't measure it, you can't improve it." - Lord Kelvin
pgpedRM2Q6rfa.pgp
Description: OpenPGP digital signature
___
devel mailing list
devel@ntpsec.org
https://lists.ntpsec.org/mailman/listinfo/devel
