> On Sep 6, 2015, at 2:03 PM, Florian Weimer <[email protected]> wrote: > > * Miroslav Lichvar: > >> How about sending an email to the admins and ask them to restart ntpd >> if they have 4.2.6? > > Why aren't those servers removed from the pool? Shouldn't they be > pulled automatically? > > Or have they already gone, and ntpd is just stuck because it does not > periodically repeat name resolution?
A better answer is why would someone allow EOL software in the pool. 4.2.6 was EOL last year yet is still included in many distributions as the default. Take a look at this earlier note: http://lists.ntp.org/pipermail/pool/2015-March/007298.html Also: ntp-4.2.8p3 was released on 29 June 2015, and addresses leap-second issues and a minor security issue. Anything not running 4.2.8p3 really isn’t wise to operate regardless. If your OS isn’t packaging 4.2.8 you need to ask them why as over 1000 fixes went into 4.2.8 vs 4.2.6 and while back porting one CVE is likely possible, back porting 1000 is less likely to be done right, or is called the 4.2.6 -> 4.2.8 diff :) - Jared _______________________________________________ pool mailing list [email protected] http://lists.ntp.org/listinfo/pool
