Hal Murray <[email protected]>: > > It's probably all in NEWS (or should be), but that's chronological and seems > hard to read. For example, the deleted refclocks are scattered all over the > place. > > I think I'm suggesting something like CHANGES-form-ntp-classic
https://docs.ntpsec.org/latest/ For your convenience, here is the relevant part of the asciidoc master: == Differences from NTP Classic == The design objectives of this distribution, {project-fullname}, are in many ways a break with NTP's past. We have deliberately jettisoned support for ancient legacy hardware and operating systems in order to ship code that is security-hardened, simpler, drastically less bulky (the KLOC count of the suite has been cut by more than a factor of two!), easier to understand, and easier to maintain. We retain, however, almost full compatibility and interoperation with NTP Classic. The qualification "almost" is required because we do not support the Autokey (RFC5906) public-key encryption scheme. It had interoperability and exploitable vulnerability issues too severe to be patched. We are participating in an IETF effort to develop better security features. This project began as an effort to address serious security issues with NTP Classic, and we intend to keep a particularly strong focus on code security and code verifiability. Most of the changes are under the hood, internal to the codebase. A few will be user-visible. === Security changes === * The deprecated ntpdc utility, long since replaced by {ntpq} and a chronic locus of security vulnerabilities, has been removed. * As noted above, Autokey is not supported; that code has been removed, as it was chronically prone to security vulnerabilties. * The deprecated and vulnerability-prone ntpdate program has been replaced with a shell wrapper around {ntpdig}. Its -e and -p options are not implemented. It is no longer documented, but can be found in the util/ directory of the source distribution. * A large number of obsolete refclocks have been removed in order to reduce attack surface, code bulk, and documentation complexity. * Various features related to runtime dumping of the configuration state have been removed for security reasons. These include the saveconfig command in ntpq, the --saveconfigquit option of ntpd, and the implementation of related config declarations in ntp.conf. * The code has been systematically hardened, with unsafe string copy and formatting functions replaced by safe (bounded) ones. * In toto, around 60% of the NTP Classic code has been outright removed, with less than 5% new code added. This is a dramatic reduction in attack surface. === Time-synchronization improvements === * Internally, there is more consistent use of nanosecond precision. A visible effect of this is that time stepping with sufficiently high-precision time sources could be accurate down to nanoseconds rather than microseconds; this might actually matter for GPSDOs and high-quality radio clocks. === Documentation, Configuration, and Naming === * The documentation has been extensively updated and revised. One important change is that manual pages are now generated from the same masters as this web documentation, so the two will no longer drift out of synchronization. * There is a new, simpler syntax for declaring refclocks. The old syntax with the magic 127.127.t.u addresses and fudge command is still supported, but no longer documented. It may be removed in a future release. Relevant examples of the new syntax are included on each refclock page. One major feature of the new syntax is that refclock drivers are referred to by names, not numbers. * The +sntp+ program has been renamed +{ntpdig}+ in order to make NTP installables have a uniform name prefix and take up less namespace. Also, +ntp-keygen+ is now +{ntpkeygen}+, +ntp-wait+ is {ntpwait}, and +update-leap+ is now +{ntpleapfetch}+. * A new utility, +{ntpfrob}+, collects several small diagnostic functions for reading and tweaking the local clock hardware, including reading the clock tick rate, precision, and jitter. Part of it formerly traveled as +tickadj+. === Other user-visible changes === * The ntpsnmpd daemon, incomplete and not conformant with RFC 5907, has been removed. * Log timestamps look a little different; they are now in ISO8601 format. * Clock identifiers in log files are normally the driver shortname followed by the unit number in parentheses, rather than the magic IP addresses formerly used. The code can be built in a strict NTP Classic compatibility mode that restores the old behavior. * The -!m, ->, and -< options of some Classic commands are not supported. (The argument-parsing framework code that implemented them in Classic was overcomplicated and buggy and had to be removed.) * The shortname of --help options is now -h, not -? * An instance of {ntpq} built from the {project-shortname} code querying a legacy NTP daemons will not automatically display peers with 127.127.127.t.u addresses as refclocks; that assumption has been removed from the {project-shortname} code as part of getting it fully IPv6-ready. -- <a href="http://www.catb.org/~esr/";>Eric S. Raymond</a> _______________________________________________ devel mailing list [email protected] http://lists.ntpsec.org/mailman/listinfo/devel
