ntpd vulnerabilities
Chris Nehren
cnehren+freebsd-security at pobox.com
Mon Dec 22 18:57:29 UTC 2014
On Mon, Dec 22, 2014 at 10:39:54 -0700, Brett Glass wrote:
> I'd like to propose that FreeBSD move to OpenNTPD, which appears to
> have none of the
> fixed or unfixed (!) vulnerabilities that are present in ntpd.
> There's already a port.
Heartbleed, more than any other vulnerability in recent memory,
showed us users on the outside of the Project just how much
effort is involved in patching the base system (thank you, again,
DES, for being patient and explaining all the details!). Because
of this, I am reticent to support more software going into the
base system. It should be small enough to build itself and
bootstrap the ports tree, with very little else. The more things
are in base, the more things the developers need to worry about
patching across all the different supported versions of FreeBSD.
It's a lot faster to update a port to use a different version. If
you want fast security updates, use ports. Or hire developers to
patch software for you.
--
Chris Nehren
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 908 bytes
Desc: not available
URL: <http://lists.freebsd.org/pipermail/freebsd-security/attachments/20141222/9fa1ea4b/attachment.sig>
More information about the freebsd-security
mailing list