use the source Its not NTP orgs problem if a distro cant keep up, and be wary if that distro tells you its nothing to worry bout, remember how debian fscked everything with the openssl patch few years ago after being told not to do it by openssl.
On 12/22/14, Robert Gray <[email protected]> wrote: > On 21 December 2014 at 22:27, Harlan Stenn <[email protected]> wrote: >> >> Debian should have patches now. >> > > The debian security update DSA 3108-1 reported that: "The default ntpd > configuration in Debian restricts access to localhost (and possible the > adjacent network in case of IPv6). Keys explicitly generated by "ntp-keygen > -M" should be regenerated." > > It was not clear to me whether the problem was actually fixed or simply not > considered a problem. The Debian security site does not list the resolution > either https://www.debian.org/security/ > > Rather than take my server entirely offline I have replaced ntp with > openntpd until there is more clarity. > > Robert Gray > Ph +64 9 233 6201 Mob +64 21 971 860 > _______________________________________________ > pool mailing list > [email protected] > http://lists.ntp.org/listinfo/pool > _______________________________________________ pool mailing list [email protected] http://lists.ntp.org/listinfo/pool
