On Sun, Sep 06, 2015 at 05:41:11PM -0400, Jared Mauch wrote: > > On Sep 6, 2015, at 2:03 PM, Florian Weimer <[email protected]> wrote: > > Or have they already gone, and ntpd is just stuck because it does not > > periodically repeat name resolution? > > A better answer is why would someone allow EOL software in the pool. > > 4.2.6 was EOL last year yet is still included in many distributions > as the default. > > Take a look at this earlier note: > > http://lists.ntp.org/pipermail/pool/2015-March/007298.html
If everyone updated to 4.2.8 right after it was released, a large fraction of the pool servers would likely be down. There were (and apparently still are) some bugs that caused ntpd to crash on busy servers. > If your OS isn’t packaging 4.2.8 you need to ask them why as over 1000 > fixes went into 4.2.8 vs 4.2.6 and while back porting one CVE is > likely possible, back porting 1000 is less likely to be done right, or > is called the 4.2.6 -> 4.2.8 diff :) If the 4.2.6-4.2.8 diff was just bug fixes and nothing else, I think the downstream packagers would be quicker in rebasing to the new version. But there are incompatibilies and new bugs, known and unknown. Trying to force downstream packagers to rebase is not likely going to work. How many of those >1000 bugs are actually in 4.2.6 and how many of them are important? To me it looks like a lot of them were bugs introduced in the 4.2.7 development. There are commits with unrelated changes mixed together, with no comments, so it may not be easy to determine whether something is actually a bug fix. -- Miroslav Lichvar _______________________________________________ pool mailing list [email protected] http://lists.ntp.org/listinfo/pool
