Hi John,
On Thu, Apr 11, 2019 at 10:33:51AM -0800, John Thurston wrote:
So it might be an idea to drop the "-p 1" completely.
That seems premature. The fact that ntpseq has dropped the parameter
does not make it common or standard.
I expect ntpsec to become standard in the near future. See
https://www.ntpsec.org/FAQ.html#_why_ntpsec why.
I though must admit, that we're still far away from there, at least in
Debian:
https://qa.debian.org/popcon-graph.php?packages=ntpsec%2Cntpsec-ntpdate%2Cntp%2Cntpdate&show_installed=on&want_legend=on&want_ticks=on&from_date=&to_date=&hlght_date=&date_fmt=%25Y-%25m&beenhere=1
But a decline of ntp installations is clearly visible in that graph
(probably due to systemd also providing a time service, though).
And ntpsec is not yet available in a Debian Stable release, but will
be in the upcoming Debian 10 release "buster".
And what also just became clear to me is that only the ntp-announce
mailing list is dead with only a single mail since mid 2015 (c.f.
http://lists.ntp.org/pipermail/announce/), but there seems to be at
least about 1 security update per year:
http://support.ntp.org/bin/view/Main/SecurityNotice
Maybe forking off ntpsec in 2015 was a kinda wakeup call, at least the
amount of security fixes in 2016 was much high than in the years
afterwards.
I don't think it is reasonable to build in a 4x longer delay for
everyone.
I think Xymon should support both variants by using default settings
which work with both implementations.
But maybe it should indeed do that only with a later release, when
ntpsec gained more traction and is available in more stable
distributions.
Kind regards, Axel