Web lists-archives.com

Re: "debian.pool.ntp.org" for Debian derivatives?




Hello Ian et al.,

Am 18.10.18 um 12:40 schrieb Ian Jackson:
> Philipp Hahn writes (""debian.pool.ntp.org" for Debian derivatives?"):
>> Are we (as a Debian derivate) allowed to hard-code and use the
>> "debian.pool.ntp.org" or must we apply for our own pool?
> 
> The NTP pool folks would like you to use your own pool.  So would
> Debian, I'm pretty sure.

Q: So must all Debian derivatives patch NTP and re-compile¹ it as
Debians pool is hard-coded:

> $ apt download ntp
> $ ar p ntp_1%3a4.2.8p10+dfsg-3+deb9u2_amd64.deb | tar xfO data.tar.xz ./etc/ntp.conf | grep ^pool
> pool 0.debian.pool.ntp.org iburst
> pool 1.debian.pool.ntp.org iburst
> pool 2.debian.pool.ntp.org iburst
> pool 3.debian.pool.ntp.org iburst

or only the commercial derivatives?


>> PS: Paying that extra money to ntp.org would certainly not kill use, but
>> adding that money instead to our currently already existing support of
>> Debian-LTS / DebConf sponsoring / ... would probably benefit a lot more
>> Debian (downstream) users and developers.

First of all: We don't what to cheat them or Debian, but the question is
interesting enough as it can have legal questions for all derivatives.

> I wasn't aware that they charged commercial entities in this kind of
> situation but that seems reasonable to me.  IDK how much the charge
> is.  You are getting a service from pool.ntp.org, and as a commercial
> entity you should pay your suppliers.

The question remains, if "Debian" can be our supplier and allow us (and
any other derivatives) to use their pool?

> If the charge is too much, you could always run your own ntp server.

Any sane setup needs at least 4 servers. That is why there is that pool
project so not everyone has to run their own farm of NTP servers around
the world themselves.

> If you continue to use the Debian pool to avoid paying them, then you
> are using their facilities without permission.
...
> TBH I doubt they would get you prosecuted or sue you - because they're
> not that kind of people and wouldn't want to harm the free software
> community = but I hope you will agree that you should act legally!

Normally I tell our customers to ask their Internet providers for their
preferred NTP servers, as they usually run their own farm, which are
then close to their customers (network wise). Many routers have a
built-in NTP server anyway. This normally improves the accuracy and
reduces network traffic as with the pool you can get servers from the
other end of the world. Lucky you if you get that information from your
provider via DHCP (option nntp-server).

Even if your provider does not run its own farm, you can still
re-configure your servers to use at least the pool for your continent or
country, which hopefully are closer by network vise, too.

As an end-user you are not bound by that pool.ntp.org rule and can
configure whatever server you like.

But not as a software or Operating System vendors: I MUST NOT use
'pool.ntp.org'.

So my question is more like "is it okay to not change Debians default
NTP server selection", so the initial setup and those lazy enough to not
change the default get a sane time?

Philipp


¹: not a big deal for us, but we try to stay as closely to Debian as we can.