How does the parser work?
ntp_parser.y contqains: %token T_Tinker %token T_Tlsciphers %token T_Tlsciphersuites I'd expect those tokens to come from the keywords header file. But tlsciphers isn't in the keyword list. tlscipehrswuites is in the list. -- These are my opinions. I hate spam. ___ devel mailing list devel@ntpsec.org https://lists.ntpsec.org/mailman/listinfo/devel
Re: Asciidoc question
On Dec 3, 2023 18:49, Hal Murray via devel wrote:What does the $$ after the +aga+ do? |+year+ |One generation file element is generated per year. The filename suffix consists of a dot and a 4 digit year number. |+age+$$ |This type of file generation sets changes to a new element of the file set every 24 hours of server operation. The filenameIt appears it inserts it in the default font after 'age' which seems to be monospaced. ___ devel mailing list devel@ntpsec.org https://lists.ntpsec.org/mailman/listinfo/devel
Asciidoc question
What does the $$ after the +aga+ do? |+year+|One generation file element is generated per year. The filename suffix consists of a dot and a 4 digit year number. |+age+$$ |This type of file generation sets changes to a new element of the file set every 24 hours of server operation. The filename -- These are my opinions. I hate spam. ___ devel mailing list devel@ntpsec.org https://lists.ntpsec.org/mailman/listinfo/devel
Re: Release
Yo Hal! On Sun, 03 Dec 2023 17:44:45 -0800 Hal Murray via devel wrote: > Gary said: > > DO you have an account on: https://scan.coverity.com/ > > If so, I think I can add you to the project. > > How does their stuff work? How often do they check NTPsec? > Or what should I be asking? Every time a commit is made to NTPSec on GitLab, the CI asks Coverity to do a review. > How much mail should I expect? ... One email every few commits. > Should I push the fix? That will require more testing. Or you could do an MR that we can test first. All depends on how good you feel about the commit. RGDS GARY --- Gary E. Miller Rellim 109 NW Wilmington Ave., Suite E, Bend, OR 97703 g...@rellim.com Tel:+1 541 382 8588 Veritas liberabit vos. -- Quid est veritas? "If you can't measure it, you can't improve it." - Lord Kelvin pgp6xI3zyLWm5.pgp Description: OpenPGP digital signature ___ devel mailing list devel@ntpsec.org https://lists.ntpsec.org/mailman/listinfo/devel
Re: Release
Gary said: > DO you have an account on: https://scan.coverity.com/ > If so, I think I can add you to the project. Thanks. I think i worked. How does their stuff work? How often do they check NTPsec? Or what should I be asking? How much mail should I expect? ... There are 3 Coverity quirks. I'll go fix the filegen one. Should I push the fix? That will require more testing. -- These are my opinions. I hate spam. ___ devel mailing list devel@ntpsec.org https://lists.ntpsec.org/mailman/listinfo/devel
Re: Release
Yo Hal! On Sun, 03 Dec 2023 15:07:18 -0800 Hal Murray via devel wrote: > > Gary said: > > > Uh, not quite. Check the Coverity stuff. > > > > How do I do that? > > DO you have an account on: https://scan.coverity.com/ On further checking,halmurray...@sonic.net is an admin on the NTPSec Coverity account. RGDS GARY --- Gary E. Miller Rellim 109 NW Wilmington Ave., Suite E, Bend, OR 97703 g...@rellim.com Tel:+1 541 382 8588 Veritas liberabit vos. -- Quid est veritas? "If you can't measure it, you can't improve it." - Lord Kelvin pgpaBnZEYZfQa.pgp Description: OpenPGP digital signature ___ devel mailing list devel@ntpsec.org https://lists.ntpsec.org/mailman/listinfo/devel
Re: Release
Yo Hal! On Sun, 03 Dec 2023 15:07:18 -0800 Hal Murray via devel wrote: > Gary said: > > Uh, not quite. Check the Coverity stuff. > > How do I do that? DO you have an account on: https://scan.coverity.com/ If so, I think I can add you to the project. RGDS GARY --- Gary E. Miller Rellim 109 NW Wilmington Ave., Suite E, Bend, OR 97703 g...@rellim.com Tel:+1 541 382 8588 Veritas liberabit vos. -- Quid est veritas? "If you can't measure it, you can't improve it." - Lord Kelvin pgpYVmJogELej.pgp Description: OpenPGP digital signature ___ devel mailing list devel@ntpsec.org https://lists.ntpsec.org/mailman/listinfo/devel
Re: Release
Gary said: > Uh, not quite. Check the Coverity stuff. How do I do that? I'd expect something to send me email but I don't remember anything about Coverity. -- These are my opinions. I hate spam. ___ devel mailing list devel@ntpsec.org https://lists.ntpsec.org/mailman/listinfo/devel
Re: Release
Yo James! On Sat, 2 Dec 2023 21:12:04 -0800 (PST) James Browning via devel wrote: > 4. The buildbots are not reporting any unplanned regressions; there > are always issues to be addressed. Uh, not quite. Check the Coverity stuff. RGDS GARY --- Gary E. Miller Rellim 109 NW Wilmington Ave., Suite E, Bend, OR 97703 g...@rellim.com Tel:+1 541 382 8588 Veritas liberabit vos. -- Quid est veritas? "If you can't measure it, you can't improve it." - Lord Kelvin pgpkG88t_v7LS.pgp Description: OpenPGP digital signature ___ devel mailing list devel@ntpsec.org https://lists.ntpsec.org/mailman/listinfo/devel
Certificate geekery
I'm working on devel-TODO-NTS. (mostly deleting things) Currently, if a bad guy hacks or arm-twists a certificate authority, they can sign a certificate that the bad guy can use for a MITM attack. We can make that a lot harder if we lookup the current root certificate that a server is currently using, find that certificate in a system's root cert collection, and add a ca xxx to the server line. That doesn't take any changes to ntpd. It needs some script hacking. I think the openssl command can handle much of the details. Is that called pinning? If not, is there a term for it? Wiki has a page for a related proposal: https://en.wikipedia.org/wiki/Certificate_pinning Is this interesting? Anybody interested in writing that script? -- There is another tangle with verifying certificates. OCSP Is that interesting? https://en.wikipedia.org/wiki/OCSP -- These are my opinions. I hate spam. ___ devel mailing list devel@ntpsec.org https://lists.ntpsec.org/mailman/listinfo/devel