Do we need NTP the reference implementation?

Posted Mar 14, 2015 10:13 UTC (Sat) by roblucid (guest, #48964)
In reply to: Do we need NTP the reference implementation? by danc
Parent article: NTP's Fate Hinges On 'Father Time' (InformationWeek)

Stenn, is maintaing the upstream code of the dominant ntpd implementation, run by time servers which sync to hardware clocks and/or other NTP servers.
Working 100hrs a week on it, with little remunaration.

Let's hope that post Heardbleed initiative, to fund the core infrastructure, pitches in, given the stimulus of a deadline. But it is crazy if the project truly has only 1 developer, confident with the code, that means no oversight; suppose organised crime or intelligence arm of a government targetted a lone developer to have subtle errors included for them to exploit?

Do we need NTP the reference implementation?

Posted Mar 14, 2015 19:01 UTC (Sat) by zdzichu (subscriber, #17118) [Link] (1 responses)

You are describing exactly what happened already. Post Heartbleed, Linux Foundation decided that our core infrastructure software needs more attention. For NTP, they've contacted Poul-Henning Kamp and offered to sponsor him to work on NTP.

PHK agreed for little under 3k euro monthly and started to analyse NTP reference code. Having analysed ntp.org code he decided that it is not really maintainable. So he started to write new, secure NTP implementation from scratch. It is progressing steadily.

PHK is quite clear about that: see http://phk.freebsd.dk/time/20140926.html and his talk at FOSDEM this year.

Do we need NTP the reference implementation?

Posted Mar 14, 2015 20:30 UTC (Sat) by madscientist (subscriber, #16861) [Link]

A more comprehensive place to look for status would be http://phk.freebsd.dk/time/index.html