Consider replacing ntpdate calls by 'ntpd -g'

See also bug 322518. I think we want to get rid of ntpdate, and use ntpd everywhere, which would be more consistent.

Adding ubuntu-meta because ntpdate lists it as a dependency, when ntpd should be allowed as an alternative.

Oops, I meant it the other way around: ubuntu-minimal lists ntpdate as a dependency, such that ubuntu-minimal is uninstalled if you try to replace ntpdate with ntpd.

Status changed to 'Confirmed' because the bug affects multiple users.

this is not a bug in ntp (unless one were to advocate to replace the ntpdate command with a wrapper calling ntp which I believe no one is doing). Closing the ntp task.

I think going forward with this ticket instead of the much older bug 61619 is preferable.

ntpdate has been deprecated upstream for a long time as previously pointed out. The NTP code has seen numerous security vulnerabilities and we have to assume that ntpdate is not receiving the same scrutiny anymore when compared to ntpd.

Setting milestone for vivid, hoping that it is not too late, yet.

https://support.ntp.org/bin/view/Dev/DeprecatingNtpdate has some further information

Rofl, thanks for looking into the situation and reversing course on this bug.

I've can confirm what you've seen about ntpdate being deprecated and ntpd recently receiving critical vulnerability fixes.

Quote by r0lf: "The NTP code has seen numerous security vulnerabilities and we have to assume that ntpdate is not receiving the same scrutiny anymore when compared to NTPd."

Sorry r0lf, but that's laughable. Do you really want people to run a fully featured (your wording: vulnerable) NTP daemon just to do s.th. like this (ntpdate -u HOSTNAME >>/var/log/messages 2>&1) one a day within a "/etc/cron.hourly/ntp"?

Don't get me wrong -- I agree with you on the upstream-part of your statement, but I disagree when it comes to bloat systems unnecessarily. Once OS used to be simple, only containing things which their operators needed. Why force them into running daemons the don't really have demand for? I think "ntpd -qg" is the only option, although far from perfect.

https://twitter.com/TRONDELTA/status/546138511284658177

@aquina:

ntpd doesn't have to be shipped with a configuration that will launch it as a daemon. It can easily be used to do ntpdate's job without daemonizing.

Also, the ntpd binary is actually only around 2/3 the size of the ntpdate binary, so I think you may be backwards on which one is bloated.

It would be much better to replace it with systemd-timesyncd calls and drop ntpdate dependency altogether.

@god that was what was done according to https://www.youtube.com/watch?v=ihVibT0Lm0I, and I see you opened a new bug for it here https://bugs.launchpad.net/ubuntu/+source/ubuntu-meta/+bug/1451247

Yes, I thought it would be more clear cause I can't change the title of this bug. Once the patch is applied and updated meta-packages pushed both bugs could be safely closed.

The other bug was closed and now it's just systemd-timesyncd in minimal.

Not a good development in my opinion since it ties everyone more and more firmly to the systemd hegemony. I'm not a systemd hater but I don't think this is a good direction. Nonetheless, I guess it's better than what we currently have which is unmaintained code.

> I'm not a systemd hater

Don't flatter yourself. Since when exactly inability of some users to run "sudo apt install ntpdate" equals to "systemd hegemony"?

@god, be nice, apply logic and be productive or go home. It appears you have some deficiency to understand what I wrote and didn't write.

Bug trackers are for information related to bugs. If you're unable to contribute something meaningful - go whine someplace else: there're forums, twitter, social networks for that.