On Thu, Sep 17, 2015 at 10:53:03AM -0700, Philip Guenther wrote: > On Thu, Sep 17, 2015 at 8:04 AM, Rob Pierce <r...@2keys.ca> wrote: > > I understand that the authenticated TLS constraints are not for percision. > > Nonetheless, I thought it might make sense to consider displaying the ntpctl > > contraint offset output with greater percision to avoid it being misleading. > > Umm, the constraint is for checking whether responses are within *two > minutes* of the median constraint. Displaying milliseconds on > something where minutes and seconds are what matter seems more > misleading, not less, to me. > > > Philip Guenther
Right. Fair enough. I really like this feature, and maybe I am abusing it already! I have been testing with a CONSTRAINT_MARGIN of 2 seconds, with the intention of considering something in the order of seconds as a reasonable value that may be appropriate for one of our environments (hence my sensitivity to the rounding). When I have some time I was going to write a patch to make the constraint margin user configurable in the ntpd.conf file (which could default to 120 seconds). If this was an acceptable feature, then maybe greater precision in the output of ntpctl for the constraint offset might make sense at that time. If not, maybe the percision of the initial offsets from the constraint replies logged in /var/log/daemon should also be rounded to the nearest second. I personally like it the way it is though - maybe my original email is going to backfire. :) Does a user configurable constraint margin sound like a reasonable feature, or am I way off base here? Thanks for your reply. Regards, Rob