Hi, IOhannes m zmölnig <umlaeute@debian.org> (2023-08-01): > one thing that has been bothering me for ages is the use of hardcoded > NTP-servers in the installer. > > Since NTP can obviously easily be abused for DDoS reflection attacks, > many ISPs block the use of arbitrary NTP-servers, and instead provide an > internal NTP server, which is typically announced via DHCP (in > environments that use DHCP for setting up networking). > > Of course my university ids among these "ISPs", which means that for the > last decade all of my Debian installations that i did on premises > stalled (for a while) when the installer tries to get the network time > (for which i think it queries *.debian.pool.ntp.org, but i haven't > actually checked). A quick look suggests 0.debian.pool.ntp.org. > it would be nice if the installer would *prefer* any NTP servers > announced via DHCP (and use the debian.pool as a fallback). It appears clock-setup could use netcfg/dhcp_ntp_servers… but netcfg seems to have stopped setting it when stateless DHCPv6 support was merged (fac74c749661da41ef4b89b89c9fd76dd42e7bc6). The 1.90 release is dated 2012 so that'd be consistent with the decade you mentioned. Cheers, -- Cyril Brulebois (kibi@debian.org) <https://debamax.com/> D-I release manager -- Release team member -- Freelance Consultant
Attachment:
signature.asc
Description: PGP signature