Fedora Developers Discuss Retiring NTP, Deprecating SCP Protocol
Following the successful shipping of Fedora 33, Red Hat developers have begun proposing more changes for future Fedora releases.
Jakub Jelen of Red Hat's Crypto Team today proposed deprecating SCP. Yes, SCP as in Secure Copy, but the deprecation is actually about the SCP protocol and not the tool itself. Jakub has written a patch for the SCP tool to use SFTP internally and would allow using the scp tool as-is with existing behavior albeit is actually done via SFTP rather than the SCP protocol. There are some items missing but otherwise appears to be in good shape. The patch would still support falling back to the SCP protocol if desired/needed.
A Copr repository has been established with the patch against the current Fedora OpenSSH package. More details on this and the feedback being collected can be found from this mailing list thread. Feedback to this possible Fedora change seems positive as long as the SCP command behaves the same and there are no performance issues.
In a separate mailing list discussion, Red Hat's Miroslav Lichvar has proposed retiring NTP. The basis for that is the upstream NTP project isn't moving much with not many contributors while development is happening "behind closed doors" and there are multiple security vulnerabilities that are currently unresolved or only partially addressed. Red Hat Enterprise Linux already dropped the NTP package due to those security issues and now Fedora might follow a similar route. NTPSEC is proposed as the possible NTP replacement.
We'll see if either of these proposals materialize for Fedora 34 or what else comes about in the weeks/months ahead for F34 due out in the spring.
Jakub Jelen of Red Hat's Crypto Team today proposed deprecating SCP. Yes, SCP as in Secure Copy, but the deprecation is actually about the SCP protocol and not the tool itself. Jakub has written a patch for the SCP tool to use SFTP internally and would allow using the scp tool as-is with existing behavior albeit is actually done via SFTP rather than the SCP protocol. There are some items missing but otherwise appears to be in good shape. The patch would still support falling back to the SCP protocol if desired/needed.
A Copr repository has been established with the patch against the current Fedora OpenSSH package. More details on this and the feedback being collected can be found from this mailing list thread. Feedback to this possible Fedora change seems positive as long as the SCP command behaves the same and there are no performance issues.
In a separate mailing list discussion, Red Hat's Miroslav Lichvar has proposed retiring NTP. The basis for that is the upstream NTP project isn't moving much with not many contributors while development is happening "behind closed doors" and there are multiple security vulnerabilities that are currently unresolved or only partially addressed. Red Hat Enterprise Linux already dropped the NTP package due to those security issues and now Fedora might follow a similar route. NTPSEC is proposed as the possible NTP replacement.
We'll see if either of these proposals materialize for Fedora 34 or what else comes about in the weeks/months ahead for F34 due out in the spring.
35 Comments