On Tue, Apr 06, 2004 at 10:26:14PM -0400, user86 wrote:
On Tuesday 06 April 2004 21:49, Phil Mocek wrote:
Have they even published the fact that this bug exists?
Actually, they have mentioned something on their site about this at: http://portal.suse.com/sdb/en/2004/02/pohletz_xntp_drift.html
Yes, that's correct. I overlooked that article when searching for information about the bug. It's titled ``XNTP Recording of System Clock Deviation Is Not Continuous'', which didn't really sound like the problem I was experiencing. Three questions come to mind: 1) How long does it usually take SuSE to put a trivial fix like this in place? The bug was reported at least four months ago, and they published a knowledge base article describing it two months ago. 2) Does SuSE send out any type of notification to its customers when a bug such as this is identified? I realize the bug does not exactly constitute a security threat, but NTP is fairly important nonetheless, and accurate timestamps sure help with intrusion analysis. 3) How could someone who is preparing to install SuSE's XNTP package (from a purchased copy or directly from SuSE's FTP site) discover that the latest release is currently broken, without performing the installation and observing the error logging? (Besides happening upon this thread, of course.) And I'm still wondering how to search the SuSE bug tracking database. Does anyone know? -- Phil Mocek