On 12/20/2014 08:13 AM, Harlan Stenn wrote:
Please tell me a valid use case for sticking with the older version.
"Because my auditor says so" is a valid but not good reason.
We barely have adequate resources to work on the mainline codebase. Did
you notice it's been 5 YEARS since the last stable release?
That is pretty much exactly the problem.
You just declared the development-version stable, that has a bazillion
changes from the last 5 years besides the actual security fixes.
I will have to rework our local patches (for our refclocks), and I most
certainly will have to rework all config files until they work again as
before. Both of which are things I do not like to do at extremely short
notice, much less so during my christmas vacation.
Not releasing a 4.2.6p6 that has just the security-fixes really is a
giant "FUCK YOU" into the faces of your users.
To make matters worse, it doesn't even seem like too much testing has
gone into 4.2.8. Right now it doesn't even compile for me on SLES11,
because it seems to blindly depend on libbsd, which is simply not
available on SLES11. configure does not check for its availability and
just makes the compile fail due to an "undefined reference to
`arc4random_buf'".
So unfortunately, that means that with the information that is currently
available and the fact that 4.2.8 is absolutely unusable even after just
spending two hours of my christmas vacation on it, I cannot take the risk.
I just took all four of our public stratum 1 NTP-servers offline.
--
Michael Meier, Zentrale Systeme
Friedrich-Alexander-Universitaet Erlangen-Nuernberg
Regionales Rechenzentrum Erlangen
Martensstrasse 1, 91058 Erlangen, Germany
Tel.: +49 9131 85-28973, Fax: +49 9131 302941
[email protected]
www.rrze.fau.de
_______________________________________________
pool mailing list
[email protected]
http://lists.ntp.org/listinfo/pool
