Your message dated Tue, 18 Sep 2018 11:27:35 +0200 with message-id <[email protected]> and subject line Closing ntpdate ifupdown related bugs, removed from Buster has caused the Debian Bug report #844520, regarding ntpdate: should not set the date from /etc/network/if-up.d/ntpdate to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact [email protected] immediately.) -- 844520: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=844520 Debian Bug Tracking System Contact [email protected] with problems
--- Begin Message ---Package: ntpdate Version: 1:4.2.8p8+dfsg-1.1 Severity: wishlist Tags: security Running ntpdate from /etc/network/if-up.d/ntpdate is useless in most cases (the user should use another method to synchronize his machine, which is the case *by default* with systemd) and is insecure as there is no authentication of the time server: An attacker who controls the network can provide a server with an old date, for which some old certificates may become valid again. In particular, the user may not notice that the date has changed since disconnections/reconnections can be done automatically. I suppose that the main uses of ntpdate nowadays are: * to query (check) the time with some given server; * to set the time by running ntpdate manually in case something bad occurred (then the user can easily check that the date is not completely wrong). -- System Information: Debian Release: stretch/sid APT prefers unstable-debug APT policy: (500, 'unstable-debug'), (500, 'stable-updates'), (500, 'unstable'), (500, 'testing'), (500, 'stable'), (1, 'experimental') Architecture: amd64 (x86_64) Kernel: Linux 4.8.0-1-amd64 (SMP w/8 CPU cores) Locale: LANG=POSIX, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Init: systemd (via /run/systemd/system) Versions of packages ntpdate depends on: ii dpkg 1.18.15 ii libc6 2.24-5 ii libssl1.0.2 1.0.2j-4 ii netbase 5.3 ntpdate recommends no packages. ntpdate suggests no packages. -- no debconf information
--- End Message ---
--- Begin Message ---Version: 1:4.2.8p12+dfsg-2 Dear user, the bug you have submitted is related to the ifupdown triggers shipped by the ntpdate package that did a one-shot time sync every time an interface managed by ifupdown was configured. The hooks have been removed from the ntpdate package in version 1:4.2.8p12+dfsg-2, which will be part of the Buster release. ntpdate.NEWS reads: TL;DR: The ntpdate package does NOT ship triggers for ifupdown to run a one-time sync every time an interface comes up anymore. These hooks will also be removed on upgrades to Buster. It is strongly recommended to switch to a permanent NTP daemon like ntp, systemd-timesyncd or chrony. If you need a one-time sync in your setup please arrange for it yourselves, i.e. by calling sntp with the appropriate parameters in /etc/network/interfaces(.d) . Historically the package ntpdate has included both /usr/bin/ntpdate (which is the historic go-to program for one-shot NTP querying) and ifupdown hooks to execute a one-shot NTP query on every interface up event. The ifupdown hooks have introduced buggy behaviour by syncing too often (on every ifup), too seldom (never again) and are likely to interfere with other time-keeping measures on the same system including ntpd. The hooks frequently caused dependency problems with local DNS resolvers or uncommon network configurations. They have therefor been dropped from the ntpdate package. For time synchronisation purpose please use one of the many timekeeping daemons in Debian (ntp, systemd-timesyncd, chrony). For the manual use, /usr/bin/ntpdate has been deprecated upstream and replaced by /usr/bin/sntp (in the sntp binary package). If you want a proper one-shot sync against a pool of servers you may also consider the -q option of ntpd. Best Regards, The NTP maintainers
--- End Message ---
