At 5:27 PM +0000 2005-10-23, Tom Smith wrote:
Brad, perhaps you are not familiar with the format of system logs and/or
did not understand the point.
Excuse me?!?
I've been doing Unix for over twenty years. I've been a
professional Unix systems administrator for over sixteen. You might
want to bother checking my credentials before you go spouting off
garbage like that.
20 Jul 17:40:44 xntpd[764]: ntpd 4.0.98a Wed Oct 16 17:36:24 EDT 2002
Oct 23 00:34:02 seeaxp xntpd[56499]: ntpd [EMAIL PROTECTED] Tue Feb 8
16:04:28 EST 2005 (1)
[ ... deletia ... ]
The portion of the log entry after that is the actual message that issued
by the application. Note that in both cases above, the version message issued
by the application identifies itself as "ntpd", as you would like, and
identifies
its specific version. The second example above, shown to emphasize the point,
is from the released V4.2.0 downloaded from the project site, built from
source,
installed as /usr/local/bin/ntpd, and started via a symbolic link to it
named "xntpd".
There has been NO modification to the code, and the messages, as well as all
of the others shown, DO come from "your" source code.
The two lines above merely show that the code claims to be a
program that calls itself ntpd, and that is executed via a link that
calls the binary xntpd. Of course, that's assuming that they
actually came from a syslog file -- you could just as easily have
created whatever you want without referring to any real log file.
Even if these two lines are accurate, there is no proof here one
way or the other that the underlying code has or has not been
modified. Moreover, you cannot possibly prove such a claim based
solely on log data.
To make any attempt to prove such a claim, you have to take our
tarball (with MD5 and SHA-1 hashes shown to match the tarball we make
available), build the code yourself, provide the MD5 and SHA-1 hashes
of that binary, then show that they match the MD5 and SHA-1 hashes of
the binary that was actually executing.
Even that wouldn't be enough, because you could have lied and
provided whatever MD5 or SHA-1 hashes you wanted at any point along
that process.
Getting back to the original lines which were logged which
demonstrated the particular problem the user was having, Dr. Mills
has said that you do not find those lines anywhere in our source
code. I trust him on that statement. If you can prove otherwise,
feel free to do so.
But until then, stop calling me a liar, and you should stop
calling him a liar was well.
--
Brad Knowles, <[EMAIL PROTECTED]>
"Those who would give up essential Liberty, to purchase a little
temporary Safety, deserve neither Liberty nor Safety."
-- Benjamin Franklin (1706-1790), reply of the Pennsylvania
Assembly to the Governor, November 11, 1755
SAGE member since 1995. See <http://www.sage.org/> for more info.
_______________________________________________
questions mailing list
[email protected]
https://lists.ntp.isc.org/mailman/listinfo/questions
