Re: [gentoo-dev] Signed push & clock drift rejection

2016-07-19 Thread Alec Warner
On Tue, Jul 19, 2016 at 11:23 AM, Andrew Savchenko wrote: > On Mon, 18 Jul 2016 22:21:22 -0400 waltd...@waltdnes.org wrote: > > On Mon, Jul 18, 2016 at 11:27:09PM +0300, Andrew Savchenko wrote > > > > > > As I wrote earlier in this thread, ntp server is not a guarantee > > >

Re: [gentoo-dev] Signed push & clock drift rejection

2016-07-19 Thread Patrick McLean
On Tue, 19 Jul 2016 13:22:29 -0700 Patrick McLean wrote: > On Tue, 19 Jul 2016 21:23:16 +0300 > Andrew Savchenko wrote: > > On Mon, 18 Jul 2016 22:21:22 -0400 waltd...@waltdnes.org wrote: > > > On Mon, Jul 18, 2016 at 11:27:09PM +0300, Andrew Savchenko

Re: [gentoo-dev] Signed push & clock drift rejection

2016-07-19 Thread Alec Warner
On Tue, Jul 19, 2016 at 4:31 AM, Consus wrote: > On 18:03 Fri 15 Jul, Robin H. Johnson wrote: > > Hi all, > > > > In tracing down problems with the git->rsync path, it has been noticed > > that some developers have significant clock drift on their local systems > > (up to one

Re: [gentoo-dev] Signed push & clock drift rejection

2016-07-19 Thread Patrick McLean
On Tue, 19 Jul 2016 21:23:16 +0300 Andrew Savchenko wrote: > On Mon, 18 Jul 2016 22:21:22 -0400 waltd...@waltdnes.org wrote: > > On Mon, Jul 18, 2016 at 11:27:09PM +0300, Andrew Savchenko wrote > > > > > > As I wrote earlier in this thread, ntp server is not a guarantee > >

Re: [gentoo-dev] Signed push & clock drift rejection

2016-07-19 Thread R0b0t1
On Tue, Jul 19, 2016 at 1:23 PM, Andrew Savchenko wrote: > - System may become *vulnerable* because of time stamp based attack. > Though it is not easy to use such behaviour, it is still possible. All offline attacks are harder, even ones which haven't been invented yet.

Re: [gentoo-dev] Signed push & clock drift rejection

2016-07-19 Thread Andrew Savchenko
On Mon, 18 Jul 2016 22:21:22 -0400 waltd...@waltdnes.org wrote: > On Mon, Jul 18, 2016 at 11:27:09PM +0300, Andrew Savchenko wrote > > > > As I wrote earlier in this thread, ntp server is not a guarantee > > that such problems will not happen. If hardware clocked was > > significantly offset

Re: [gentoo-dev] Signed push & clock drift rejection

2016-07-19 Thread Chí-Thanh Christopher Nguyễn
waltd...@waltdnes.org schrieb: And even if the system is behind time, it can cause problems. cronjobs running unexpectedly close to each other (or missed cronjobs in extreme cases). User sessions expiring early, etc. And even if there is only one second, and that is known well ahead (e.g. leap

Re: [gentoo-dev] Signed push & clock drift rejection

2016-07-19 Thread Consus
On 18:03 Fri 15 Jul, Robin H. Johnson wrote: > Hi all, > > In tracing down problems with the git->rsync path, it has been noticed > that some developers have significant clock drift on their local systems > (up to one case of 14 days wrong), and it's potentially contributing to > problems in

Re: [gentoo-dev] Signed push & clock drift rejection

2016-07-19 Thread waltdnes
On Tue, Jul 19, 2016 at 10:07:12AM +0200, Chí-Thanh Christopher Nguy???n wrote > Kent Fredric schrieb: > > On Mon, 18 Jul 2016 22:21:22 -0400 > > waltd...@waltdnes.org wrote: > > > >>I'm amazed that "robust linux servers" are deathly afraid of simply > >> setting the time, and being done with

Re: [gentoo-dev] Signed push & clock drift rejection

2016-07-19 Thread Andrew Savchenko
On Mon, 18 Jul 2016 16:25:34 -0500 james wrote: > On 07/18/2016 03:03 PM, Marc Schiffbauer wrote: > > * Rafael Goncalves Martins schrieb am 18.07.16 um 03:12 Uhr: > >> On Sat, Jul 16, 2016 at 11:33 AM, Andrew Savchenko > >> wrote: > >>> Set it for a minute or two. This will

Re: [gentoo-dev] Signed push & clock drift rejection

2016-07-19 Thread Chí-Thanh Christopher Nguyễn
Kent Fredric schrieb: On Mon, 18 Jul 2016 22:21:22 -0400 waltd...@waltdnes.org wrote: I'm amazed that "robust linux servers" are deathly afraid of simply setting the time, and being done with it. There's problems at the software level everywhere that are not so simply solved. A more

Re: [gentoo-dev] Signed push & clock drift rejection

2016-07-18 Thread Kent Fredric
On Mon, 18 Jul 2016 22:21:22 -0400 waltd...@waltdnes.org wrote: > I'm amazed that "robust linux servers" are deathly afraid of simply > setting the time, and being done with it. There's problems at the software level everywhere that are not so simply solved. A more obvious example is in the

Re: [gentoo-dev] Signed push & clock drift rejection

2016-07-18 Thread waltdnes
On Mon, Jul 18, 2016 at 11:27:09PM +0300, Andrew Savchenko wrote > > As I wrote earlier in this thread, ntp server is not a guarantee > that such problems will not happen. If hardware clocked was > significantly offset during boot, it may take several _hours_ for > ntp to fix this via clock skew.

Re: [gentoo-dev] Signed push & clock drift rejection

2016-07-18 Thread Bill Kenworthy
On 19/07/16 07:06, Mart Raudsepp wrote: > Ühel kenal päeval, E, 18.07.2016 kell 16:25, kirjutas james: >> On 07/18/2016 03:03 PM, Marc Schiffbauer wrote: >>> * Rafael Goncalves Martins schrieb am 18.07.16 um 03:12 Uhr: On Sat, Jul 16, 2016 at 11:33 AM, Andrew Savchenko

Re: [gentoo-dev] Signed push & clock drift rejection

2016-07-18 Thread Mart Raudsepp
Ühel kenal päeval, E, 18.07.2016 kell 16:25, kirjutas james: > On 07/18/2016 03:03 PM, Marc Schiffbauer wrote: > > * Rafael Goncalves Martins schrieb am 18.07.16 um 03:12 Uhr: > > > On Sat, Jul 16, 2016 at 11:33 AM, Andrew Savchenko > > o.org> wrote: > > > > Set it for a minute or

Re: [gentoo-dev] Signed push & clock drift rejection

2016-07-18 Thread Rich Freeman
On Sat, Jul 16, 2016 at 5:33 AM, Andrew Savchenko wrote: > > On Fri, 15 Jul 2016 18:03:30 + Robin H. Johnson wrote: >> >> The tolerances are presently set to: >> - 5 seconds of clock drift. > > Set it for a minute or two. This will protect from commits from > really

Re: [gentoo-dev] Signed push & clock drift rejection

2016-07-18 Thread Ulrich Mueller
> On Mon, 18 Jul 2016, Rafael Goncalves Martins wrote: > On Sat, Jul 16, 2016 at 11:33 AM, Andrew Savchenko wrote: >> Why such tight requirement? Why not a minute, which will not hurt >> git, but will help with system _temporarily_ out-of-sync. >> >> Some hardware clocks

Re: [gentoo-dev] Signed push & clock drift rejection

2016-07-18 Thread Andrew Savchenko
On Mon, 18 Jul 2016 22:03:35 +0200 Marc Schiffbauer wrote: > * Rafael Goncalves Martins schrieb am 18.07.16 um 03:12 Uhr: > > On Sat, Jul 16, 2016 at 11:33 AM, Andrew Savchenko > > wrote: > > > Set it for a minute or two. This will protect from commits from > > > really

Re: [gentoo-dev] Signed push & clock drift rejection

2016-07-18 Thread james
On 07/18/2016 03:03 PM, Marc Schiffbauer wrote: * Rafael Goncalves Martins schrieb am 18.07.16 um 03:12 Uhr: On Sat, Jul 16, 2016 at 11:33 AM, Andrew Savchenko wrote: Set it for a minute or two. This will protect from commits from really out-of-sync systems (like 14 days

Re: [gentoo-dev] Signed push & clock drift rejection

2016-07-18 Thread Marc Schiffbauer
* Rafael Goncalves Martins schrieb am 18.07.16 um 03:12 Uhr: > On Sat, Jul 16, 2016 at 11:33 AM, Andrew Savchenko wrote: > > Set it for a minute or two. This will protect from commits from > > really out-of-sync systems (like 14 days mentioned above) and will > > keep usablity

Re: [gentoo-dev] Signed push & clock drift rejection

2016-07-16 Thread Andrew Savchenko
Hi, On Fri, 15 Jul 2016 18:03:30 + Robin H. Johnson wrote: > Hi all, > > In tracing down problems with the git->rsync path, it has been noticed > that some developers have significant clock drift on their local systems > (up to one case of 14 days wrong), and it's potentially contributing to