https://fedoraproject.org/w/api.php?action=feedcontributions&user=Mlichvar&feedformat=atomFedora Project Wiki - User contributions [en]2024-03-28T14:03:46ZUser contributionsMediaWiki 1.39.4https://fedoraproject.org/w/index.php?title=Changes/NtpReplacement&diff=599744Changes/NtpReplacement2021-01-06T16:20:41Z<p>Mlichvar: </p>
<hr />
<div>= ntp replacement =<br />
<br />
== Summary ==<br />
<br />
The `ntp` package is replaced with `ntpsec`.<br />
<br />
== Owner ==<br />
* Name: [[User:mlichvar| Miroslav Lichvar]]<br />
* Email: mlichvar@redhat.com<br />
<br />
== Current status ==<br />
[[Category:ChangeAcceptedF34]]<br />
[[Category:SelfContainedChange]]<br />
<br />
* Targeted release: [[Releases/34 | Fedora 34 ]]<br />
* Last updated: <!-- this is an automatic macro — you don't need to change this line --> {{REVISIONYEAR}}-{{REVISIONMONTH}}-{{REVISIONDAY2}} <br />
* FESCo issue: [https://pagure.io/fesco/issue/2517 #2517]<br />
* Tracker bug: [https://bugzilla.redhat.com/show_bug.cgi?id=1909783 #1909783]<br />
* Release notes tracker: [https://pagure.io/fedora-docs/release-notes/issue/619 #619]<br />
<br />
== Detailed Description ==<br />
<br />
`ntp` is one of the few NTP implementations provided in Fedora. It is not used or installed by default. <br />
<br />
The [https://www.ntp.org/ upstream project] is not in a good shape and it doesn't seem to be improving. The development is slow and happens behind closed doors. There is a significant number of known security issues that have not been fixed yet. Some are exploitable in the default configuration.<br />
<br />
[https://www.ntpsec.org/ ntpsec] is a fork of `ntp` with focus on security. It has removed a lot of code and fixed or avoided most of the security issues in `ntp`. It doesn't support all features, but in typical configurations it can be used as a drop-in replacement for `ntp`.<br />
<br />
There are few packages in Fedora that have a dependency on `ntp`:<br />
* `nagios-plugins-ntp-perl`<br />
* `ntpstat`<br />
<br />
Drivers for hardware reference clocks stay in Fedora in a form of a standalone wrapper in the `ntp-refclock` package. They can be used by other NTP implementations.<br />
<br />
== Benefit to Fedora ==<br />
<br />
This change makes Fedora more secure.<br />
<br />
== Scope ==<br />
* Proposal owners:<br />
<br />
# Package `ntpsec` obsoleting the `ntp` package.<br />
# Retire the `ntp` package.<br />
# Make sure the dependent packages still work.<br />
<br />
* Other developers: N/A (not a System Wide Change)<br />
<br />
* Release engineering: N/A (not needed for this Change)<br />
<br />
* Policies and guidelines: N/A (not a System Wide Change)<br />
<br />
* Trademark approval: N/A (not needed for this Change)<br />
<br />
== Upgrade/compatibility impact ==<br />
<br />
The `ntp` package is replaced automatically with `ntpsec` on upgrade to Fedora 34. If the original `ntpd` and/or `ntp-wait` services were enabled, they are re-enabled in the upgrade. The original configuration file ''/etc/ntp.conf'' and directory ''/etc/ntp'' are reused by `ntpsec`.<br />
<br />
== How To Test ==<br />
* Install `ntpsec`<br />
* Run `ntpdate pool.ntp.org`<br />
* Start the `ntpd` service<br />
* Run `ntpq -p` to verify `ntpd` is polling servers and synchronizing the clock<br />
<br />
== User Experience ==<br />
For most users of `ntp`, the experience is not expected to change significantly. Advanced configurations may need to be modified to work with `ntpsec`. The system log will contain error or warning messages from `ntpd` if unsupported directives or options are present in the configuration. For monitoring, the `ntpq` tool works as before.<br />
<br />
== Dependencies ==<br />
N/A (not a System Wide Change) <br />
<br />
== Contingency Plan ==<br />
<br />
* Contingency mechanism: Unretire `ntp` and remove the obsoletes in `ntpsec`<br />
* Contingency deadline: Fedora 34 Beta<br />
* Blocks release? N/A (not a System Wide Change)<br />
* Blocks product?<br />
<br />
== Documentation ==<br />
N/A (not a System Wide Change)<br />
<br />
== Release Notes ==<br />
<br />
The classic `ntpd` service was formerly provided by the `ntp` package. The `ntp` software has significant security issues and slow development. It has now been replaced with the `ntpsec` package, an actively maintained fork of the `ntp` software. No functional changes are expected for most users. Users should check the system log for errors and warnings from the new `ntpd` service and modify ''/etc/ntp.conf'' as necessary.</div>Mlichvarhttps://fedoraproject.org/w/index.php?title=Changes/NtpReplacement&diff=596628Changes/NtpReplacement2020-12-07T14:05:11Z<p>Mlichvar: </p>
<hr />
<div>= ntp replacement =<br />
<br />
== Summary ==<br />
<br />
The `ntp` package is replaced with `ntpsec`.<br />
<br />
== Owner ==<br />
* Name: [[User:mlichvar| Miroslav Lichvar]]<br />
* Email: mlichvar@redhat.com<br />
<br />
== Current status ==<br />
[[Category:ChangeAnnounced]]<br />
[[Category:SelfContainedChange]]<br />
<br />
* Targeted release: [[Releases/34 | Fedora 34 ]]<br />
* Last updated: <!-- this is an automatic macro — you don't need to change this line --> {{REVISIONYEAR}}-{{REVISIONMONTH}}-{{REVISIONDAY2}} <br />
* FESCo issue: <will be assigned by the Wrangler><br />
* Tracker bug: <will be assigned by the Wrangler><br />
* Release notes tracker: <will be assigned by the Wrangler><br />
<br />
== Detailed Description ==<br />
<br />
`ntp` is one of the few NTP implementations provided in Fedora. It is not used or installed by default. <br />
<br />
The [https://www.ntp.org/ upstream project] is not in a good shape and it doesn't seem to be improving. The development is slow and happens behind closed doors. There is a significant number of known security issues that have not been fixed yet. Some are exploitable in the default configuration.<br />
<br />
[https://www.ntpsec.org/ ntpsec] is a fork of `ntp` with focus on security. It has removed a lot of code and fixed or avoided most of the security issues in `ntp`. It doesn't support all features, but in typical configurations it can be used as a drop-in replacement for `ntp`.<br />
<br />
There are few packages in Fedora that have a dependency on `ntp`:<br />
* `nagios-plugins-ntp-perl`<br />
* `ntpstat`<br />
<br />
== Benefit to Fedora ==<br />
<br />
This change makes Fedora more secure.<br />
<br />
== Scope ==<br />
* Proposal owners:<br />
<br />
# Package `ntpsec` obsoleting the `ntp` package.<br />
# Retire `ntp` package.<br />
# Make sure the dependent packages still work.<br />
<br />
* Other developers: N/A (not a System Wide Change)<br />
<br />
* Release engineering: N/A (not needed for this Change)<br />
<br />
* Policies and guidelines: N/A (not a System Wide Change)<br />
<br />
* Trademark approval: N/A (not needed for this Change)<br />
<br />
== Upgrade/compatibility impact ==<br />
<br />
The `ntp` package is replaced automatically with `ntpsec` on upgrade to Fedora 34. If the original `ntpd` service is enabled, the new `ntpd` service will be enabled and the original ''/etc/ntp.conf'' configuration file will be kept, which will override the new default configuration in ''/etc/ntp.d''.<br />
<br />
== How To Test ==<br />
* Install `ntpsec`<br />
* Run `ntpdate pool.ntp.org`<br />
* Start the `ntpd` service<br />
* Run `ntpq -p` to verify `ntpd` is polling servers and synchronizing the clock<br />
<br />
== User Experience ==<br />
For most users of `ntp` the experience is not expected to change significantly. Advanced configurations may need to be modified to work with `ntpsec`.<br />
<br />
== Dependencies ==<br />
N/A (not a System Wide Change) <br />
<br />
== Contingency Plan ==<br />
<br />
* Contingency mechanism: Unretire `ntp` and remove the obsoletes in `ntpsec`<br />
* Contingency deadline: Fedora 34 Beta<br />
* Blocks release? N/A (not a System Wide Change)<br />
* Blocks product?<br />
<br />
== Documentation ==<br />
N/A (not a System Wide Change)<br />
<br />
== Release Notes ==<br />
<br />
The classic `ntpd` service was formerly provided by the `ntp` package. The `ntp` software has significant security issues and development seems moribund. It has now been replaced with the `ntpsec` package, an actively maintained fork of the `ntp` software. No functional changes are expected for most users.</div>Mlichvarhttps://fedoraproject.org/w/index.php?title=Changes/NtpReplacement&diff=596077Changes/NtpReplacement2020-12-02T15:11:36Z<p>Mlichvar: </p>
<hr />
<div>= ntp replacement =<br />
<br />
== Summary ==<br />
<br />
The `ntp` package is replaced with `ntpsec`.<br />
<br />
== Owner ==<br />
* Name: [[User:mlichvar| Miroslav Lichvar]]<br />
* Email: mlichvar@redhat.com<br />
<br />
== Current status ==<br />
[[Category:ChangeAnnounced]]<br />
[[Category:SelfContainedChange]]<br />
<br />
* Targeted release: [[Releases/34 | Fedora 34 ]]<br />
* Last updated: <!-- this is an automatic macro — you don't need to change this line --> {{REVISIONYEAR}}-{{REVISIONMONTH}}-{{REVISIONDAY2}} <br />
* FESCo issue: <will be assigned by the Wrangler><br />
* Tracker bug: <will be assigned by the Wrangler><br />
* Release notes tracker: <will be assigned by the Wrangler><br />
<br />
== Detailed Description ==<br />
<br />
`ntp` is one of the few NTP implementations provided in Fedora. It is not used or installed by default. <br />
<br />
The [https://www.ntp.org/ upstream project] is not in a good shape and it doesn't seem to be improving. The development is slow and happens behind closed doors. There is a significant number of known security issues that have not been fixed yet. Some are exploitable in the default configuration.<br />
<br />
[https://www.ntpsec.org/ ntpsec] is a fork of `ntp` with focus on security. It has removed a lot of code and fixed or avoided most of the security issues in `ntp`. It doesn't support all features, but in typical configurations it can be used as a drop-in replacement for `ntp`.<br />
<br />
There are few packages in Fedora that have a dependency on `ntp`:<br />
* `nagios-plugins-ntp-perl`<br />
* `ntpstat`<br />
<br />
== Benefit to Fedora ==<br />
<br />
This change makes Fedora more secure.<br />
<br />
== Scope ==<br />
* Proposal owners:<br />
<br />
# Package `ntpsec` obsoleting the `ntp` package.<br />
# Retire `ntp` package.<br />
# Make sure the dependent packages still work.<br />
<br />
* Other developers: N/A (not a System Wide Change)<br />
<br />
* Release engineering: N/A (not needed for this Change)<br />
<br />
* Policies and guidelines: N/A (not a System Wide Change)<br />
<br />
* Trademark approval: N/A (not needed for this Change)<br />
<br />
== Upgrade/compatibility impact ==<br />
<br />
The `ntp` package is replaced automatically on upgrade to Fedora 34. The configuration file ''/etc/ntp.conf'' is saved as to ''/etc/ntp.conf.rpmsave'' and it needs to be renamed to ''/etc/ntp.conf'' to be used by `ntpsec`. Otherwise, `ntpsec` will fall back to the default configuration in ''/etc/ntp.d'' using the ''pool.ntp.org'' servers.<br />
<br />
The `ntpd` service is disabled after the upgrade and needs to be enabled again.<br />
<br />
== How To Test ==<br />
* Install `ntpsec`<br />
* Run `ntpdate pool.ntp.org`<br />
* Start the `ntpd` service<br />
* Run `ntpq -p` to verify `ntpd` is polling servers and synchronizing the clock<br />
<br />
== User Experience ==<br />
For most users of `ntp` the experience is not expected to change significantly. Advanced configurations may need to be modified to work with `ntpsec`.<br />
<br />
== Dependencies ==<br />
N/A (not a System Wide Change) <br />
<br />
== Contingency Plan ==<br />
<br />
* Contingency mechanism: Unretire `ntp` and remove the obsoletes in `ntpsec`<br />
* Contingency deadline: Fedora 34 Beta<br />
* Blocks release? N/A (not a System Wide Change)<br />
* Blocks product?<br />
<br />
== Documentation ==<br />
N/A (not a System Wide Change)<br />
<br />
== Release Notes ==<br />
<br />
The classic `ntpd` service was formerly provided by the `ntp` package. The `ntp` software has significant security issues and development seems moribund. It has now been replaced with the `ntpsec` package, an actively maintained fork of the `ntp` software. No functional changes are expected for most users.</div>Mlichvarhttps://fedoraproject.org/w/index.php?title=Changes/NtpReplacement&diff=596060Changes/NtpReplacement2020-12-02T11:27:39Z<p>Mlichvar: Created page with "= ntp replacement = == Summary == The `ntp` package is replaced with `ntpsec`. == Owner == * Name: Miroslav Lichvar * Email: mlichvar@redhat.com == Curr..."</p>
<hr />
<div>= ntp replacement =<br />
<br />
== Summary ==<br />
<br />
The `ntp` package is replaced with `ntpsec`.<br />
<br />
== Owner ==<br />
* Name: [[User:mlichvar| Miroslav Lichvar]]<br />
* Email: mlichvar@redhat.com<br />
<br />
== Current status ==<br />
[[Category:ChangeReadyForWrangler]]<br />
<br />
* Targeted release: [[Releases/34 | Fedora 34 ]]<br />
* Last updated: <!-- this is an automatic macro — you don't need to change this line --> {{REVISIONYEAR}}-{{REVISIONMONTH}}-{{REVISIONDAY2}} <br />
* FESCo issue: <will be assigned by the Wrangler><br />
* Tracker bug: <will be assigned by the Wrangler><br />
* Release notes tracker: <will be assigned by the Wrangler><br />
<br />
== Detailed Description ==<br />
<br />
`ntp` is one of the few NTP implementations provided in Fedora. It is not used or installed by default. <br />
<br />
The [https://www.ntp.org/ upstream project] is not in a good shape and it doesn't seem to be improving. The development is slow and happens behind closed doors. There is a significant number of known security issues that have not been fixed yet. Some are exploitable in the default configuration.<br />
<br />
[https://www.ntpsec.org/ ntpsec] is a fork of `ntp` with focus on security. It has removed a lot of code and fixed or avoided most of the security issues in `ntp`. It doesn't support all features, but in typical configurations it can be used as a drop-in replacement for `ntp`.<br />
<br />
There are few packages in Fedora that have a dependency on `ntp`:<br />
* `nagios-plugins-ntp-perl`<br />
* `ntpstat`<br />
<br />
== Benefit to Fedora ==<br />
<br />
This change makes Fedora more secure.<br />
<br />
== Scope ==<br />
* Proposal owners:<br />
<br />
# Package `ntpsec` obsoleting the `ntp` package.<br />
# Retire `ntp` package.<br />
# Make sure the dependent packages still work.<br />
<br />
* Other developers: N/A (not a System Wide Change)<br />
<br />
* Release engineering: N/A (not needed for this Change)<br />
<br />
* Policies and guidelines: N/A (not a System Wide Change)<br />
<br />
* Trademark approval: N/A (not needed for this Change)<br />
<br />
== Upgrade/compatibility impact ==<br />
<br />
The `ntp` package is replaced automatically on upgrade to Fedora 34. The configuration file ''/etc/ntp.conf'' is saved as to ''/etc/ntp.conf.rpmsave'' and it needs to be renamed to ''/etc/ntp.conf'' to be used by `ntpsec`. Otherwise, `ntpsec` will fall back to the default configuration in ''/etc/ntp.d'' using the ''pool.ntp.org'' servers.<br />
<br />
The `ntpd` service is disabled after the upgrade and needs to be enabled again.<br />
<br />
== How To Test ==<br />
* Install `ntpsec`<br />
* Run `ntpdate pool.ntp.org`<br />
* Start the `ntpd` service<br />
* Run `ntpq -p` to verify `ntpd` is polling servers and synchronizing the clock<br />
<br />
== User Experience ==<br />
For most users of `ntp` the experience is not expected to change significantly. Advanced configurations may need to be modified to work with `ntpsec`.<br />
<br />
== Dependencies ==<br />
N/A (not a System Wide Change) <br />
<br />
== Contingency Plan ==<br />
<br />
* Contingency mechanism: Unretire `ntp` and remove the obsoletes in `ntpsec`<br />
* Contingency deadline: Fedora 34 Beta<br />
* Blocks release? N/A (not a System Wide Change)<br />
* Blocks product?<br />
<br />
== Documentation ==<br />
N/A (not a System Wide Change)<br />
<br />
== Release Notes ==<br />
<!-- The Fedora Release Notes inform end-users about what is new in the release. Examples of past release notes are here: http://docs.fedoraproject.org/release-notes/ --><br />
<!-- The release notes also help users know how to deal with platform changes such as ABIs/APIs, configuration or data file formats, or upgrade concerns. If there are any such changes involved in this change, indicate them here. A link to upstream documentation will often satisfy this need. This information forms the basis of the release notes edited by the documentation team and shipped with the release. <br />
<br />
Release Notes are not required for initial draft of the Change Proposal but has to be completed by the Change Freeze. <br />
--><br />
TBD</div>Mlichvarhttps://fedoraproject.org/w/index.php?title=Changes/NetworkTimeSecurity&diff=587511Changes/NetworkTimeSecurity2020-09-08T12:31:50Z<p>Mlichvar: </p>
<hr />
<div>= Network Time Security =<br />
<br />
== Summary ==<br />
<br />
Support for the Network Time Security (NTS) authentication mechanism in the NTP client/server (chrony) and installer (anaconda).<br />
<br />
== Owner ==<br />
* Name: [[User:mlichvar| Miroslav Lichvar]], [[User:mkolman| Martin Kolman]]<br />
* Email: mlichvar@redhat.com, mkolman@redhat.com<br />
<br />
== Current status ==<br />
[[Category:ChangeAcceptedF33]]<br />
<br />
[[Category:SelfContainedChange]]<br />
<br />
* Targeted release: [[Releases/33 | Fedora 33 ]] <br />
* Last updated: <!-- this is an automatic macro — you don't need to change this line --> {{REVISIONYEAR}}-{{REVISIONMONTH}}-{{REVISIONDAY2}} <br />
* FESCo issue: [https://pagure.io/fesco/issue/2372 #2372]<br />
* Tracker bug: [https://bugzilla.redhat.com/show_bug.cgi?id=1834855 #1834855]<br />
* Release notes tracker: [https://pagure.io/fedora-docs/release-notes/issue/508 #508]<br />
<br />
== Detailed Description ==<br />
<br />
NTP is a widely used protocol for synchronization of clocks over network. Authentication of NTP packets is important to prevent a Man-in-the-middle (MITM) attacker from taking full control over the client's clock (e.g. force it to jump to a distant future or past). Several different authentication mechanisms have been specified for NTP. The oldest and simplest one uses secret keys, where each client has its own key which needs to be securely distributed to the server and client. This means it is mostly limited to local networks. Autokey is a newer mechanism based on public-key cryptography, but it was shown to be insecure and it is rarely supported on public servers.<br />
<br />
NTS is a new authentication mechanism [https://datatracker.ietf.org/doc/draft-ietf-ntp-using-nts-for-ntp specified by the IETF] for NTP. NTS has an NTS-KE protocol using Transport Layer Security (TLS) to establish the keys and provide the client with cookies which allow the NTP server to not keep any client-specific state. NTP packets are authenticated using Authenticated Encryption with Associated Data (AEAD). NTS is expected to scale well to a large numbers of clients. There are already some public NTP servers with NTS support.<br />
<br />
The default NTP client and server on Fedora is `chrony`. Support for NTS is added in version 4.0. It uses the GnuTLS library for TLS and the Nettle library for AEAD.<br />
<br />
NTS is not enabled by default. It can be enabled on clients by adding the `nts` option to the `server` or `pool` directive in ''/etc/chrony.conf''. For example<br />
<br />
`<br />
server time.example.com iburst nts<br />
`<br />
<br />
There are several issues that may prevent NTS from working correctly:<br />
* Firewalls may block the NTS-KE port.<br />
* ISPs may block or rate limit longer NTP packets as a mitigation for amplification attacks using NTP mode 6 and 7. NTS-KE supports port negotiation and servers can provide an alternative port to avoid this issue.<br />
* Computers with no RTC (e.g. some ARM boards), or RTC that is too far from the real time, will fail to verify TLS certificates. It is possible to disable the time checks before the first update of the clock by adding `nocerttimecheck 1` to ''/etc/chrony.conf'', but it has an impact on security.<br />
<br />
== Benefit to Fedora ==<br />
<br />
This change enables Fedora users to securely synchronize the system clock to local or public NTP servers.<br />
<br />
== Scope ==<br />
* Proposal owners:<br />
<br />
# Update `chrony` to 4.0 and enable the NTS support (adding dependency on GnuTLS)<br />
# Add NTS support to the NTP settings in anaconda<br />
<br />
* Other developers: N/A (not a System Wide Change)<br />
<br />
* Release engineering: N/A (not needed for this Change)<br />
<br />
* Policies and guidelines: N/A (not a System Wide Change)<br />
<br />
* Trademark approval: N/A (not needed for this Change)<br />
<br />
== Upgrade/compatibility impact ==<br />
<br />
There is no impact as NTS is not enabled by default.<br />
<br />
== How To Test ==<br />
<br />
Client NTS is enabled in ''/etc/chrony.conf'' by adding the `nts` option to the `server` or `pool` directive. For example:<br />
<br />
server nts.sth1.ntp.se iburst nts<br />
server time.cloudflare.com iburst nts<br />
<br />
The installer needs to be tested that it enables NTS in ''/etc/chrony.conf'' as expected.<br />
<br />
The `chronyc -N sources` command can be used to verify that the NTP servers are responding. The `chronyc -N authdata` command can be used to verify that the servers are authenticated with NTS. For example:<br />
<br />
# chronyc -N sources<br />
MS Name/IP address Stratum Poll Reach LastRx Last sample <br />
===============================================================================<br />
^- nts.sth1.ntp.se 1 2 377 4 +1241us[+1241us] +/- 1500ms<br />
^* time.cloudflare.com 3 6 377 47 -28us[ -44us] +/- 11ms<br />
<br />
# chronyc -N authdata<br />
Name/IP address Mode KeyID Type KLen Last Atmp NAK Cook CLen<br />
=========================================================================<br />
nts.sth1.ntp.se NTS 1 15 256 139 0 0 8 100<br />
time.cloudflare.com NTS 1 15 256 141 0 0 8 100<br />
<br />
== User Experience ==<br />
<br />
Client NTS can be enabled in the NTP settings in the installer.<br />
<br />
Client and server NTS can be enabled by editing ''/etc/chrony.conf'' as documented in the `chrony.conf` man page.<br />
<br />
== Dependencies ==<br />
N/A (not a System Wide Change) <br />
<br />
== Contingency Plan ==<br />
<br />
* Contingency mechanism: N/A (not a System Wide Change)<br />
* Contingency deadline: N/A (not a System Wide Change)<br />
* Blocks release? N/A (not a System Wide Change)<br />
* Blocks product?<br />
<br />
== Documentation ==<br />
N/A (not a System Wide Change) <br />
<br />
== Release Notes ==<br />
<!-- The Fedora Release Notes inform end-users about what is new in the release. Examples of past release notes are here: http://docs.fedoraproject.org/release-notes/ --><br />
<!-- The release notes also help users know how to deal with platform changes such as ABIs/APIs, configuration or data file formats, or upgrade concerns. If there are any such changes involved in this change, indicate them here. A link to upstream documentation will often satisfy this need. This information forms the basis of the release notes edited by the documentation team and shipped with the release. <br />
<br />
Release Notes are not required for initial draft of the Change Proposal but has to be completed by the Change Freeze. <br />
--><br />
TBD</div>Mlichvarhttps://fedoraproject.org/w/index.php?title=Changes/NetworkTimeSecurity&diff=586407Changes/NetworkTimeSecurity2020-08-26T10:17:19Z<p>Mlichvar: </p>
<hr />
<div>= Network Time Security =<br />
<br />
== Summary ==<br />
<br />
Support for the Network Time Security (NTS) authentication mechanism in the NTP client/server (chrony) and installer (anaconda).<br />
<br />
== Owner ==<br />
* Name: [[User:mlichvar| Miroslav Lichvar]], [[User:mkolman| Martin Kolman]]<br />
* Email: mlichvar@redhat.com, mkolman@redhat.com<br />
<br />
== Current status ==<br />
[[Category:ChangeAcceptedF33]]<br />
<br />
[[Category:SelfContainedChange]]<br />
<br />
* Targeted release: [[Releases/33 | Fedora 33 ]] <br />
* Last updated: <!-- this is an automatic macro — you don't need to change this line --> {{REVISIONYEAR}}-{{REVISIONMONTH}}-{{REVISIONDAY2}} <br />
* FESCo issue: [https://pagure.io/fesco/issue/2372 #2372]<br />
* Tracker bug: [https://bugzilla.redhat.com/show_bug.cgi?id=1834855 #1834855]<br />
* Release notes tracker: [https://pagure.io/fedora-docs/release-notes/issue/508 #508]<br />
<br />
== Detailed Description ==<br />
<br />
NTP is a widely used protocol for synchronization of clocks over network. Authentication of NTP packets is important to prevent a Man-in-the-middle (MITM) attacker from taking full control over the client's clock (e.g. force it to jump to a distant future or past). Several different authentication mechanisms have been specified for NTP. The oldest and simplest one uses secret keys, where each client has its own key which needs to be securely distributed to the server and client. This means it is mostly limited to local networks. Autokey is a newer mechanism based on public-key cryptography, but it was shown to be insecure and it is rarely supported on public servers.<br />
<br />
NTS is a new authentication mechanism [https://datatracker.ietf.org/doc/draft-ietf-ntp-using-nts-for-ntp specified by the IETF] for NTP. NTS has an NTS-KE protocol using Transport Layer Security (TLS) to establish the keys and provide the client with cookies which allow the NTP server to not keep any client-specific state. NTP packets are authenticated using Authenticated Encryption with Associated Data (AEAD). NTS is expected to scale well to a large numbers of clients. There are already some public NTP servers with NTS support.<br />
<br />
The default NTP client and server on Fedora is `chrony`. Support for NTS is added in version 4.0. It uses the GnuTLS library for TLS and the Nettle library for AEAD.<br />
<br />
NTS is not enabled by default. It can be enabled on clients by adding the `nts` option to the `server` or `pool` directive in ''/etc/chrony.conf''. For example<br />
<br />
`<br />
server time.example.com iburst nts<br />
`<br />
<br />
There are several issues that may prevent NTS from working correctly:<br />
* Firewalls may block the NTS-KE port.<br />
* ISPs may block or rate limit longer NTP packets as a mitigation for amplification attacks using NTP mode 6 and 7. NTS-KE supports port negotiation and servers can provide an alternative port to avoid this issue.<br />
* Computers with no RTC (e.g. some ARM boards), or RTC that is too far from the real time, will fail to verify TLS certificates. It is possible to disable the time checks before the first update of the clock by adding `nocerttimecheck 1` to ''/etc/chrony.conf'', but it has an impact on security.<br />
<br />
== Benefit to Fedora ==<br />
<br />
This change enables Fedora users to securely synchronize the system clock to local or public NTP servers.<br />
<br />
== Scope ==<br />
* Proposal owners:<br />
<br />
# Update `chrony` to 4.0 and enable the NTS support (adding dependency on GnuTLS)<br />
# Add NTS support to the NTP settings in anaconda<br />
<br />
* Other developers: N/A (not a System Wide Change)<br />
<br />
* Release engineering: N/A (not needed for this Change)<br />
<br />
* Policies and guidelines: N/A (not a System Wide Change)<br />
<br />
* Trademark approval: N/A (not needed for this Change)<br />
<br />
== Upgrade/compatibility impact ==<br />
<br />
There is no impact as NTS is not enabled by default.<br />
<br />
== How To Test ==<br />
<br />
Client NTS is enabled in ''/etc/chrony.conf'' by adding the `nts` option to the `server` or `pool` directive. Some public servers don't use the standard NTS-KE port (4460) yet and need their port to be specified with the `ntsport` option (and also the port allowed by selinux). For example:<br />
<br />
server nts.sth1.ntp.se iburst nts<br />
server time.cloudflare.com iburst nts ntsport 1234<br />
<br />
The installer needs to be tested that it enables NTS in ''/etc/chrony.conf'' as expected.<br />
<br />
The `chronyc -N sources` command can be used to verify that the NTP servers are responding. The `chronyc -N authdata` command can be used to verify that the servers are authenticated with NTS. For example:<br />
<br />
# chronyc -N sources<br />
MS Name/IP address Stratum Poll Reach LastRx Last sample <br />
===============================================================================<br />
^- nts.sth1.ntp.se 1 2 377 4 +1241us[+1241us] +/- 1500ms<br />
^* time.cloudflare.com 3 6 377 47 -28us[ -44us] +/- 11ms<br />
# chronyc -N authdata<br />
Name/IP address Mode KeyID Type KLen Last Atmp NAK Cook CLen<br />
=========================================================================<br />
nts.sth1.ntp.se NTS 1 15 256 139 0 0 8 100<br />
time.cloudflare.com NTS 1 15 256 141 0 0 8 100<br />
<br />
== User Experience ==<br />
<br />
Client NTS can be enabled in the NTP settings in the installer.<br />
<br />
Client and server NTS can be enabled by editing ''/etc/chrony.conf'' as documented in the `chrony.conf` man page.<br />
<br />
== Dependencies ==<br />
N/A (not a System Wide Change) <br />
<br />
== Contingency Plan ==<br />
<br />
* Contingency mechanism: N/A (not a System Wide Change)<br />
* Contingency deadline: N/A (not a System Wide Change)<br />
* Blocks release? N/A (not a System Wide Change)<br />
* Blocks product?<br />
<br />
== Documentation ==<br />
N/A (not a System Wide Change) <br />
<br />
== Release Notes ==<br />
<!-- The Fedora Release Notes inform end-users about what is new in the release. Examples of past release notes are here: http://docs.fedoraproject.org/release-notes/ --><br />
<!-- The release notes also help users know how to deal with platform changes such as ABIs/APIs, configuration or data file formats, or upgrade concerns. If there are any such changes involved in this change, indicate them here. A link to upstream documentation will often satisfy this need. This information forms the basis of the release notes edited by the documentation team and shipped with the release. <br />
<br />
Release Notes are not required for initial draft of the Change Proposal but has to be completed by the Change Freeze. <br />
--><br />
TBD</div>Mlichvarhttps://fedoraproject.org/w/index.php?title=Changes/NetworkTimeSecurity&diff=575285Changes/NetworkTimeSecurity2020-05-05T09:40:01Z<p>Mlichvar: </p>
<hr />
<div>= Network Time Security =<br />
<br />
== Summary ==<br />
<br />
Support for the Network Time Security (NTS) authentication mechanism in the NTP client/server (chrony) and installer (anaconda).<br />
<br />
== Owner ==<br />
* Name: [[User:mlichvar| Miroslav Lichvar]], [[User:mkolman| Martin Kolman]]<br />
* Email: mlichvar@redhat.com, mkolman@redhat.com<br />
<br />
== Current status ==<br />
[[Category:ChangeReadyForFesco]]<br />
<br />
[[Category:SelfContainedChange]]<br />
<br />
* Targeted release: [[Releases/33 | Fedora 33 ]] <br />
* Last updated: <!-- this is an automatic macro — you don't need to change this line --> {{REVISIONYEAR}}-{{REVISIONMONTH}}-{{REVISIONDAY2}} <br />
* FESCo issue: [https://pagure.io/fesco/issue/2372 #2372]<br />
* Tracker bug: <will be assigned by the Wrangler><br />
* Release notes tracker: <will be assigned by the Wrangler><br />
<br />
== Detailed Description ==<br />
<br />
NTP is a widely used protocol for synchronization of clocks over network. Authentication of NTP packets is important to prevent a Man-in-the-middle (MITM) attacker from taking full control over the client's clock (e.g. force it to jump to a distant future or past). Several different authentication mechanisms have been specified for NTP. The oldest and simplest one uses secret keys, where each client has its own key which needs to be securely distributed to the server and client. This means it is mostly limited to local networks. Autokey is a newer mechanism based on public-key cryptography, but it was shown to be insecure and it is rarely supported on public servers.<br />
<br />
NTS is a new authentication mechanism [https://datatracker.ietf.org/doc/draft-ietf-ntp-using-nts-for-ntp specified by the IETF] for NTP. NTS has an NTS-KE protocol using Transport Layer Security (TLS) to establish the keys and provide the client with cookies which allow the NTP server to not keep any client-specific state. NTP packets are authenticated using Authenticated Encryption with Associated Data (AEAD). NTS is expected to scale well to a large numbers of clients. There are already some public NTP servers with NTS support.<br />
<br />
The default NTP client and server on Fedora is `chrony`. Support for NTS is added in version 4.0. It uses the GnuTLS library for TLS and the Nettle library for AEAD.<br />
<br />
NTS is not enabled by default. It can be enabled on clients by adding the `nts` option to the `server` or `pool` directive in ''/etc/chrony.conf''. Until a standard NTS-KE port is assigned for NTS by IANA and used by NTP servers, the port needs to be specified with the `ntsport` option. For example<br />
<br />
`<br />
server time.example.com iburst nts ntsport 12123<br />
`<br />
<br />
There are several issues that may prevent NTS from working correctly:<br />
* Firewalls may block the NTS-KE port.<br />
* ISPs may block or rate limit longer NTP packets as a mitigation for amplification attacks using NTP mode 6 and 7. NTS-KE supports port negotiation and an alternative port could be used to avoid this issue.<br />
* Computers with no RTC (e.g. some ARM boards), or RTC that is too far from the real time, will fail to verify TLS certificates. It is possible to disable the time checks before the first update of the clock by adding `nocerttimecheck 1` to ''/etc/chrony.conf'', but it has an impact on security.<br />
<br />
== Benefit to Fedora ==<br />
<br />
This change enables Fedora users to securely synchronize the system clock to local or public NTP servers.<br />
<br />
== Scope ==<br />
* Proposal owners:<br />
<br />
# Update `chrony` to 4.0 and enable the NTS support (adding dependency on GnuTLS)<br />
# Add NTS support to the NTP settings in anaconda<br />
<br />
* Other developers: N/A (not a System Wide Change)<br />
<br />
* Release engineering: N/A (not needed for this Change)<br />
<br />
* Policies and guidelines: N/A (not a System Wide Change)<br />
<br />
* Trademark approval: N/A (not needed for this Change)<br />
<br />
== Upgrade/compatibility impact ==<br />
<br />
There is no impact as NTS is not enabled by default.<br />
<br />
== How To Test ==<br />
<br />
Client NTS is enabled in ''/etc/chrony.conf'' by adding the `nts` option to the `server` or `pool` directive, e.g.<br />
<br />
server time.cloudflare.com nts ntsport 1234 iburst<br />
server nts.ntp.se nts ntsport 3443<br />
<br />
The installer needs to be tested that it enables NTS in ''/etc/chrony.conf'' as expected.<br />
<br />
The `chronyc -N sources` command can be used to verify that NTP sources are responding. The `chronyc ntpdata` command can be used to verify that the NTP sources are authenticated. For example:<br />
<br />
# chronyc -N sources<br />
MS Name/IP address Stratum Poll Reach LastRx Last sample <br />
===============================================================================<br />
^* time.cloudflare.com 3 6 377 28 -115us[ -111us] +/- 13ms<br />
^+ nts.ntp.se 2 6 377 27 +212us[ +212us] +/- 22ms<br />
# chronyc ntpdata | grep Auth<br />
Authenticated : Yes<br />
Authenticated : Yes<br />
<br />
== User Experience ==<br />
<br />
Client NTS can be enabled in the NTP settings in the installer.<br />
<br />
Client and server NTS can be enabled by editing ''/etc/chrony.conf'' as documented in the `chrony.conf` man page.<br />
<br />
== Dependencies ==<br />
N/A (not a System Wide Change) <br />
<br />
== Contingency Plan ==<br />
<br />
* Contingency mechanism: N/A (not a System Wide Change)<br />
* Contingency deadline: N/A (not a System Wide Change)<br />
* Blocks release? N/A (not a System Wide Change)<br />
* Blocks product?<br />
<br />
== Documentation ==<br />
N/A (not a System Wide Change) <br />
<br />
== Release Notes ==<br />
<!-- The Fedora Release Notes inform end-users about what is new in the release. Examples of past release notes are here: http://docs.fedoraproject.org/release-notes/ --><br />
<!-- The release notes also help users know how to deal with platform changes such as ABIs/APIs, configuration or data file formats, or upgrade concerns. If there are any such changes involved in this change, indicate them here. A link to upstream documentation will often satisfy this need. This information forms the basis of the release notes edited by the documentation team and shipped with the release. <br />
<br />
Release Notes are not required for initial draft of the Change Proposal but has to be completed by the Change Freeze. <br />
--><br />
TBD</div>Mlichvarhttps://fedoraproject.org/w/index.php?title=Changes/NetworkTimeSecurity&diff=570780Changes/NetworkTimeSecurity2020-04-06T09:54:28Z<p>Mlichvar: </p>
<hr />
<div>= Network Time Security =<br />
<br />
== Summary ==<br />
<br />
Support for the Network Time Security (NTS) authentication mechanism in the NTP client/server (chrony) and installer (anaconda).<br />
<br />
== Owner ==<br />
* Name: [[User:mlichvar| Miroslav Lichvar]], [[User:mkolman| Martin Kolman]]<br />
* Email: mlichvar@redhat.com, mkolman@redhat.com<br />
<br />
== Current status ==<br />
[[Category:ChangeReadyForWrangler]]<br />
<br />
[[Category:SelfContainedChange]]<br />
<br />
* Targeted release: [[Releases/33 | Fedora 33 ]] <br />
* Last updated: <!-- this is an automatic macro — you don't need to change this line --> {{REVISIONYEAR}}-{{REVISIONMONTH}}-{{REVISIONDAY2}} <br />
* FESCo issue: <will be assigned by the Wrangler><br />
* Tracker bug: <will be assigned by the Wrangler><br />
* Release notes tracker: <will be assigned by the Wrangler><br />
<br />
== Detailed Description ==<br />
<br />
NTP is a widely used protocol for synchronization of clocks over network. Authentication of NTP packets is important to prevent a Man-in-the-middle (MITM) attacker from taking full control over the client's clock (e.g. force it to jump to a distant future or past). Several different authentication mechanisms have been specified for NTP. The oldest and simplest one uses secret keys, where each client has its own key which needs to be securely distributed to the server and client. This means it is mostly limited to local networks. Autokey is a newer mechanism based on public-key cryptography, but it was shown to be insecure and it is rarely supported on public servers.<br />
<br />
NTS is a new authentication mechanism [https://datatracker.ietf.org/doc/draft-ietf-ntp-using-nts-for-ntp specified by the IETF] for NTP. NTS has an NTS-KE protocol using Transport Layer Security (TLS) to establish the keys and provide the client with cookies which allow the NTP server to not keep any client-specific state. NTP packets are authenticated using Authenticated Encryption with Associated Data (AEAD). NTS is expected to scale well to a large numbers of clients. There are already some public NTP servers with NTS support.<br />
<br />
The default NTP client and server on Fedora is `chrony`. Support for NTS is added in version 4.0. It uses the GnuTLS library for TLS and the Nettle library for AEAD.<br />
<br />
NTS authentication can be enabled on the client by adding the `nts` option to the `server` or `pool` directive in ''/etc/chrony.conf''. Until a standard port is assigned for NTS by IANA, the port may need to be specified with the `ntsport` option. For example<br />
<br />
`<br />
server time.example.com iburst nts ntsport 12123<br />
`<br />
<br />
When using NTS-enabled NTP sources, any NTP source that is not trusted and reachable over a trusted network should be disabled. This includes servers provided by DHCP. They should be disabled by adding `PEERNTP=no` to ''/etc/sysconfig/network''.<br />
<br />
We can consider changing the default ''/etc/chrony.conf'' to use some trusted public NTP servers with NTS support. There are public servers provided by [https://www.cloudflare.com/time/ Cloudflare] and [https://www.netnod.se/time-and-frequency/how-to-use-nts Netnod]. Both would be ok with Fedora using their servers by default (after some testing and coordination). There is also a possibility that pool.ntp.org will support NTS, although it is not very clear how useful would NTS be in this case as the servers are owned by individual contributors instead of a single trusted entity and attackers can easily join the pool (some mitigations have been proposed on the pool mailing list).<br />
<br />
Potential issues with enabling NTS by default:<br />
* Firewalls may block the NTS-KE port.<br />
* ISPs may block or rate limit longer NTP packets as a mitigation for amplification attacks using NTP mode 6 and 7. NTS-KE supports port negotiation and an alternative port could be used to avoid this issue.<br />
* Computers with no RTC (e.g. some ARM boards), or RTC that is too far from the real time, will fail to verify TLS certificates. An option could be added to disable the time checks before the first update of the clock. This would have an impact on security.<br />
<br />
== Benefit to Fedora ==<br />
<br />
This change enables Fedora users to securely synchronize the system clock to local or public NTP servers.<br />
<br />
TBD: This change also makes the default configuration of the NTP client secure.<br />
<br />
== Scope ==<br />
* Proposal owners:<br />
<br />
# Update `chrony` to 4.0 and enable the NTS support (adding dependency on GnuTLS)<br />
# TBD: Modify the default ''/etc/chrony.conf'' to use public servers with NTS support<br />
# Add an NTS option to the NTP settings in anaconda<br />
<br />
* Other developers: N/A (not a System Wide Change)<br />
<br />
* Release engineering: N/A (not needed for this Change)<br />
<br />
* Policies and guidelines: N/A (not a System Wide Change)<br />
<br />
* Trademark approval: N/A (not needed for this Change)<br />
<br />
== Upgrade/compatibility impact ==<br />
<br />
Fedora systems updated from a previous version will use the new ''/etc/chrony.conf'' automatically if the installed file was not modified. If it was modified, the users will need to update the file manually or rename ''/etc/chrony.conf.rpmnew'' to ''/etc/chrony.conf'' in order to enable NTS.<br />
<br />
== How To Test ==<br />
<br />
If the default configuration is modified for this Change, it needs to be tested that it works correctly on most systems where the previous default configuration using pool.ntp.org servers worked.<br />
<br />
The installer needs to be tested that it enables NTS in ''/etc/chrony.conf'' as expected and that it adds `PEERNTP=no` to ''/etc/sysconfig/network''.<br />
<br />
The `chronyc -N sources` command can be used to verify that NTP sources are responding. The `chronyc ntpdata` command can be used to verify that the NTP sources are authenticated. For example:<br />
<br />
# chronyc -N sources<br />
MS Name/IP address Stratum Poll Reach LastRx Last sample <br />
===============================================================================<br />
^* time.cloudflare.com 3 6 377 28 -115us[ -111us] +/- 13ms<br />
^+ nts.ntp.se 2 6 377 27 +212us[ +212us] +/- 22ms<br />
# chronyc ntpdata | grep Auth<br />
Authenticated : Yes<br />
Authenticated : Yes<br />
<br />
== User Experience ==<br />
<br />
Client NTS can be enabled in the NTP settings in the installer.<br />
<br />
Client and server NTS can be enabled by editing ''/etc/chrony.conf'' as documented in the `chrony.conf` man page.<br />
<br />
== Dependencies ==<br />
N/A (not a System Wide Change) <br />
<br />
== Contingency Plan ==<br />
<br />
* Contingency mechanism: N/A (not a System Wide Change)<br />
* Contingency deadline: N/A (not a System Wide Change)<br />
* Blocks release? N/A (not a System Wide Change)<br />
* Blocks product?<br />
<br />
== Documentation ==<br />
N/A (not a System Wide Change) <br />
<br />
== Release Notes ==<br />
<!-- The Fedora Release Notes inform end-users about what is new in the release. Examples of past release notes are here: http://docs.fedoraproject.org/release-notes/ --><br />
<!-- The release notes also help users know how to deal with platform changes such as ABIs/APIs, configuration or data file formats, or upgrade concerns. If there are any such changes involved in this change, indicate them here. A link to upstream documentation will often satisfy this need. This information forms the basis of the release notes edited by the documentation team and shipped with the release. <br />
<br />
Release Notes are not required for initial draft of the Change Proposal but has to be completed by the Change Freeze. <br />
--><br />
TBD</div>Mlichvarhttps://fedoraproject.org/w/index.php?title=Changes/NetworkTimeSecurity&diff=570004Changes/NetworkTimeSecurity2020-04-01T15:08:32Z<p>Mlichvar: </p>
<hr />
<div>= Network Time Security =<br />
<br />
== Summary ==<br />
<br />
Support the Network Time Security (NTS) authentication mechanism for the Network Time Protocol (NTP).<br />
<br />
== Owner ==<br />
* Name: [[User:mlichvar| Miroslav Lichvar]], [[User:mkolman| Martin Kolman]]<br />
* Email: mlichvar@redhat.com, mkolman@redhat.com<br />
<br />
== Current status ==<br />
[[Category:ChangePageIncomplete]]<br />
<br />
[[Category:SelfContainedChange]]<br />
<br />
* Targeted release: [[Releases/33 | Fedora 33 ]] <br />
* Last updated: <!-- this is an automatic macro — you don't need to change this line --> {{REVISIONYEAR}}-{{REVISIONMONTH}}-{{REVISIONDAY2}} <br />
* FESCo issue: <will be assigned by the Wrangler><br />
* Tracker bug: <will be assigned by the Wrangler><br />
* Release notes tracker: <will be assigned by the Wrangler><br />
<br />
== Detailed Description ==<br />
<br />
NTP is a widely used protocol for synchronization of clocks over network. Authentication of NTP packets is important to prevent a Man-in-the-middle (MITM) attacker from taking control over an NTP client (e.g. force it to jump to a distant future or past). Several different authentication mechanisms have been specified for NTP. The oldest and simplest one uses secret keys, where each client has its own key which needs to be securely distributed to the server and client. This means it is mostly limited to local networks. Autokey is a newer mechanism based on public-key cryptography, but it was shown to be insecure and it is rarely supported on public servers.<br />
<br />
NTS is a new authentication mechanism [https://datatracker.ietf.org/doc/draft-ietf-ntp-using-nts-for-ntp specified by the IETF] for NTP. NTS has an NTS-KE protocol using Transport Layer Security (TLS) to establish the keys and provide the client with cookies, which allows the NTP server to not keep any client-specific state. NTP packets are authenticated using Authenticated Encryption with Associated Data (AEAD). NTS is expected to scale well to a large numbers of clients. There are already some public NTP servers with NTS support.<br />
<br />
The default NTP client and server on Fedora is `chrony`. Support for NTS is added in version 4.0. It uses the GnuTLS library for TLS and the Nettle library for AEAD.<br />
<br />
NTS authentication can be enabled on the client by adding the `nts` option to the `server` or `pool` directive in ''/etc/chrony.conf''. Until a standard port is assigned for NTS by IANA, the port may need to be specified with the `ntsport` option. For example<br />
<br />
`<br />
server foo.example.com iburst nts ntsport 12123<br />
`<br />
<br />
When using NTS-enabled NTP sources, any NTP source that is not trusted and reachable only over trusted network should be disabled. This includes servers provided by DHCP. They should be disabled by adding `PEERNTP=no` to ''/etc/sysconfig/network''.<br />
<br />
We can consider changing the default ''/etc/chrony.conf'' to use some trusted public NTP servers with NTS support. There are public servers provided by [https://www.cloudflare.com/time/ Cloudflare] and [https://www.netnod.se/time-and-frequency/how-to-use-nts Netnod]. Both would be ok with Fedora using their servers by default (after some testing and coordination). There is also a possibility that pool.ntp.org will support NTS, although it is not very clear how useful would NTS be in this case as the servers are owned by individual contributors instead of a single trusted entity and attackers can easily join the pool (some mitigations have been proposed on the pool mailing list).<br />
<br />
Potential issues with enabling NTS by default:<br />
* firewalls may block the NTS-KE port<br />
* ISPs may block or rate limit longer NTP packets as a mitigation for amplification attacks using NTP mode 6 and 7 (NTS-KE supports port negotiation and an alternative port could be used to avoid this issue)<br />
* computers with no RTC (or RTC that is too far from the real time) will fail to verify TLS certificates<br />
<br />
== Benefit to Fedora ==<br />
<br />
This change enables Fedora users to securely synchronize the system clock to local or public NTP servers.<br />
<br />
TBD: This change also makes the default configuration of the NTP client secure.<br />
<br />
== Scope ==<br />
* Proposal owners:<br />
<br />
# Update `chrony` to 4.0 and enable the NTS support (adding dependency on GnuTLS)<br />
# TBD: Modify the default ''/etc/chrony.conf'' to use public servers with NTS support<br />
# Add an NTS option to the NTP settings in anaconda<br />
<br />
* Other developers: N/A (not a System Wide Change)<br />
<br />
* Release engineering: N/A (not needed for this Change)<br />
<br />
* Policies and guidelines: N/A (not a System Wide Change)<br />
<br />
* Trademark approval: N/A (not needed for this Change)<br />
<br />
== Upgrade/compatibility impact ==<br />
<br />
Fedora systems updated from a previous version will use the new ''/etc/chrony.conf'' automatically if the installed file was not modified. If it was modified, the users will need to update the file manually or rename ''/etc/chrony.conf.rpmnew'' to ''/etc/chrony.conf'' in order to enable NTS.<br />
<br />
== How To Test ==<br />
<br />
If the default configuration is modified for this Change, it needs to be tested that it works correctly on most systems where the previous default configuration using pool.ntp.org servers worked.<br />
<br />
The installer needs to be tested that it enables NTS in ''/etc/chrony.conf'' as expected and that it adds `PEERNTP=no` to ''/etc/sysconfig/network''.<br />
<br />
The `chronyc -N sources` command can be used to verify that NTP sources are responding and the `chronyc ntpdata` command shows which sources are authenticated. For example<br />
<br />
# chronyc -N sources<br />
MS Name/IP address Stratum Poll Reach LastRx Last sample <br />
===============================================================================<br />
^* time.cloudflare.com 3 6 377 28 -115us[ -111us] +/- 13ms<br />
^+ nts.ntp.se 2 6 377 27 +212us[ +212us] +/- 22ms<br />
# chronyc ntpdata | grep Auth<br />
Authenticated : Yes<br />
Authenticated : Yes<br />
<br />
== User Experience ==<br />
<br />
NTS can be enabled in the NTP settings in the installer.<br />
<br />
NTS can be also enabled on NTP clients and servers by editing ''/etc/chrony.conf'' as documented in the `chrony.conf` man page.<br />
<br />
== Dependencies ==<br />
N/A (not a System Wide Change) <br />
<br />
== Contingency Plan ==<br />
<br />
* Contingency mechanism: N/A (not a System Wide Change)<br />
* Contingency deadline: N/A (not a System Wide Change)<br />
* Blocks release? N/A (not a System Wide Change)<br />
* Blocks product?<br />
<br />
== Documentation ==<br />
N/A (not a System Wide Change) <br />
<br />
== Release Notes ==<br />
<!-- The Fedora Release Notes inform end-users about what is new in the release. Examples of past release notes are here: http://docs.fedoraproject.org/release-notes/ --><br />
<!-- The release notes also help users know how to deal with platform changes such as ABIs/APIs, configuration or data file formats, or upgrade concerns. If there are any such changes involved in this change, indicate them here. A link to upstream documentation will often satisfy this need. This information forms the basis of the release notes edited by the documentation team and shipped with the release. <br />
<br />
Release Notes are not required for initial draft of the Change Proposal but has to be completed by the Change Freeze. <br />
--><br />
TBD</div>Mlichvarhttps://fedoraproject.org/w/index.php?title=Changes/NetworkTimeSecurity&diff=569979Changes/NetworkTimeSecurity2020-04-01T08:09:14Z<p>Mlichvar: </p>
<hr />
<div>= Network Time Security =<br />
<br />
== Summary ==<br />
<br />
Support the Network Time Security (NTS) authentication mechanism for the Network Time Protocol (NTP).<br />
<br />
== Owner ==<br />
<!-- <br />
For change proposals to qualify as self-contained, owners of all affected packages need to be included here. Alternatively, a SIG can be listed as an owner if it owns all affected packages. <br />
This should link to your home wiki page so we know who you are. <br />
--><br />
* Name: [[User:mlichvar| Miroslav Lichvar]]<br />
* Email: mlichvar@redhat.com<br />
<br />
== Current status ==<br />
[[Category:ChangePageIncomplete]]<br />
<br />
[[Category:SelfContainedChange]]<br />
<br />
* Targeted release: [[Releases/33 | Fedora 33 ]] <br />
* Last updated: <!-- this is an automatic macro — you don't need to change this line --> {{REVISIONYEAR}}-{{REVISIONMONTH}}-{{REVISIONDAY2}} <br />
* FESCo issue: <will be assigned by the Wrangler><br />
* Tracker bug: <will be assigned by the Wrangler><br />
* Release notes tracker: <will be assigned by the Wrangler><br />
<br />
== Detailed Description ==<br />
<br />
NTP is a widely used protocol for synchronization of clocks over network. Authentication of NTP packets is important to prevent a Man-in-the-middle (MITM) attacker from taking control over an NTP client (e.g. force it to jump to a distant future or past). Several different authentication mechanisms have been specified for NTP. The oldest and simplest one uses secret keys, where each client has its own key which needs to be securely distributed to the server and client. This means it is mostly limited to local networks. Autokey is a newer mechanism based on public-key cryptography, but it was shown to be insecure and it is rarely supported on public servers.<br />
<br />
NTS is a new authentication mechanism [https://datatracker.ietf.org/doc/draft-ietf-ntp-using-nts-for-ntp specified by the IETF] for NTP. NTS has an NTS-KE protocol using Transport Layer Security (TLS) to establish the keys and provide the client with cookies, which allows the NTP server to not keep any client-specific state. NTP packets are authenticated using Authenticated Encryption with Associated Data (AEAD). NTS is expected to scale well to a large numbers of clients. There are already some public NTP servers with NTS support.<br />
<br />
The default NTP client and server on Fedora is `chrony`. Support for NTS is added in version 4.0. It uses the GnuTLS library for TLS and the Nettle library for AEAD.<br />
<br />
NTS authentication can be enabled on the client by adding the `nts` option to the `server` or `pool` directive in ''/etc/chrony.conf''. Until a standard port is assigned for NTS by IANA, the port may need to be specified with the `ntsport` option. For example<br />
<br />
`<br />
server foo.example.com iburst nts ntsport 12123<br />
`<br />
<br />
When using NTS-enabled NTP sources, any NTP source that is not trusted and reachable only over trusted network should be disabled. This includes servers provided by DHCP. They should be disabled by adding `PEERNTP=no` to ''/etc/sysconfig/network''.<br />
<br />
We can consider changing the default ''/etc/chrony.conf'' to use some trusted public NTP servers with NTS support. There are public servers provided by [https://www.cloudflare.com/time/ Cloudflare] and [https://www.netnod.se/time-and-frequency/how-to-use-nts Netnod]. Both would be ok with Fedora using their servers by default (after some testing and coordination). There is also a possibility that pool.ntp.org will support NTS (although is not very clear how much would NTS help in this case as there is a large number of individual contributors instead of a single trusted entity and attackers could easily join the pool).<br />
<br />
Potential issues with enabling NTS by default:<br />
* firewalls may block the NTS-KE port<br />
* ISPs may block or rate limit longer NTP packets as a mitigation for amplification attacks using NTP mode 6 and 7 (NTS-KE supports port negotiation and an alternative port could be used to avoid this issue)<br />
* computers with no RTC (or RTC that is too far from the real time) will fail to verify TLS certificates<br />
<br />
== Benefit to Fedora ==<br />
<br />
This change enables Fedora users to securely synchronize the system clock to local or public NTP servers.<br />
<br />
TBD: This change also makes the default configuration of the NTP client secure.<br />
<br />
== Scope ==<br />
* Proposal owners:<br />
<br />
# Update `chrony` to 4.0 and enable the NTS support (adding dependency on GnuTLS)<br />
# TBD: Modify the default ''/etc/chrony.conf'' to use a public server with NTS support<br />
# TBD: Add support for enabling NTS to the installer<br />
<br />
* Other developers: N/A (not a System Wide Change)<br />
<br />
* Release engineering: N/A (not needed for this Change)<br />
<br />
* Policies and guidelines: N/A (not a System Wide Change)<br />
<br />
* Trademark approval: N/A (not needed for this Change)<br />
<br />
== Upgrade/compatibility impact ==<br />
<br />
Fedora systems updated from a previous version will use the new ''/etc/chrony.conf'' automatically if the installed file was not modified. If it was modified, the users will need to update the file manually or rename ''/etc/chrony.conf.rpmnew'' to ''/etc/chrony.conf'' in order to enable NTS.<br />
<br />
== How To Test ==<br />
<br />
If the default configuration is modified for this Change, it needs to be tested that it works correctly on most systems where the previous default configuration using pool.ntp.org servers worked.<br />
<br />
If the installer was modified to support NTS, it should be tested that the generated configuration file is correct and that it disables NTP servers from DHCP in ''/etc/sysconfig/network''.<br />
<br />
The `chronyc -N sources` command can be used to verify that NTP sources are responding and the `chronyc ntpdata` command shows which sources are authenticated. For example<br />
<br />
# chronyc -N sources<br />
MS Name/IP address Stratum Poll Reach LastRx Last sample <br />
===============================================================================<br />
^* time.cloudflare.com 3 6 377 28 -115us[ -111us] +/- 13ms<br />
^+ nts.ntp.se 2 6 377 27 +212us[ +212us] +/- 22ms<br />
# chronyc ntpdata | grep Auth<br />
Authenticated : Yes<br />
Authenticated : Yes<br />
<br />
== User Experience ==<br />
<br />
NTS can be enabled on NTP clients and servers. The directives and options are documented in the `chrony.conf` man page.<br />
<br />
If the installer was modified to support NTS, a new checkbox or dialog will be visible to the user during installation.<br />
<br />
== Dependencies ==<br />
N/A (not a System Wide Change) <br />
<br />
== Contingency Plan ==<br />
<br />
* Contingency mechanism: N/A (not a System Wide Change)<br />
* Contingency deadline: N/A (not a System Wide Change)<br />
* Blocks release? N/A (not a System Wide Change)<br />
* Blocks product?<br />
<br />
== Documentation ==<br />
N/A (not a System Wide Change) <br />
<br />
== Release Notes ==<br />
<!-- The Fedora Release Notes inform end-users about what is new in the release. Examples of past release notes are here: http://docs.fedoraproject.org/release-notes/ --><br />
<!-- The release notes also help users know how to deal with platform changes such as ABIs/APIs, configuration or data file formats, or upgrade concerns. If there are any such changes involved in this change, indicate them here. A link to upstream documentation will often satisfy this need. This information forms the basis of the release notes edited by the documentation team and shipped with the release. <br />
<br />
Release Notes are not required for initial draft of the Change Proposal but has to be completed by the Change Freeze. <br />
--><br />
TBD</div>Mlichvarhttps://fedoraproject.org/w/index.php?title=Changes/NetworkTimeSecurity&diff=569978Changes/NetworkTimeSecurity2020-04-01T07:54:02Z<p>Mlichvar: </p>
<hr />
<div>= Network Time Security =<br />
<br />
== Summary ==<br />
<br />
Support the Network Time Security (NTS) authentication mechanism for the Network Time Protocol (NTP).<br />
<br />
== Owner ==<br />
<!-- <br />
For change proposals to qualify as self-contained, owners of all affected packages need to be included here. Alternatively, a SIG can be listed as an owner if it owns all affected packages. <br />
This should link to your home wiki page so we know who you are. <br />
--><br />
* Name: [[User:mlichvar| Miroslav Lichvar]]<br />
* Email: mlichvar@redhat.com<br />
<br />
== Current status ==<br />
[[Category:ChangePageIncomplete]]<br />
<br />
[[Category:SelfContainedChange]]<br />
<br />
* Targeted release: [[Releases/33 | Fedora 33 ]] <br />
* Last updated: <!-- this is an automatic macro — you don't need to change this line --> {{REVISIONYEAR}}-{{REVISIONMONTH}}-{{REVISIONDAY2}} <br />
* FESCo issue: <will be assigned by the Wrangler><br />
* Tracker bug: <will be assigned by the Wrangler><br />
* Release notes tracker: <will be assigned by the Wrangler><br />
<br />
== Detailed Description ==<br />
<br />
NTP is a widely used protocol for synchronization of clocks over network. Authentication of NTP packets is important to prevent a Man-in-the-middle (MITM) attacker from taking control over an NTP client (e.g. force it to jump to a distant future or past). Several different authentication mechanisms have been specified for NTP. The oldest and simplest one uses secret keys, where each client has its own key which needs to be securely distributed to the server and client. This means it is mostly limited to local networks. Autokey is a newer mechanism based on public-key cryptography, but it was shown to be insecure and it is rarely supported on public servers.<br />
<br />
NTS is a new authentication mechanism [https://datatracker.ietf.org/doc/draft-ietf-ntp-using-nts-for-ntp specified by the IETF] for NTP. NTS has an NTS-KE protocol using Transport Layer Security (TLS) to establish the keys and provide the client with cookies, which allows the NTP server to not keep any client-specific state. NTP packets are authenticated using Authenticated Encryption with Associated Data (AEAD). NTS is expected to scale well to a large numbers of clients. There are already some public NTP servers with NTS support.<br />
<br />
The default NTP client and server on Fedora is `chrony`. Support for NTS is added in version 4.0. It uses the GnuTLS library for TLS and the Nettle library for AEAD.<br />
<br />
NTS authentication can be enabled on the client by adding the `nts` option to the `server` or `pool` directive in ''/etc/chrony.conf''. Until a standard port is assigned for NTS by IANA, the port may need to be specified with the `ntsport` option. For example<br />
<br />
`<br />
server foo.example.com iburst nts ntsport 12123<br />
`<br />
<br />
When using NTS-enabled NTP sources, any NTP source that is not trusted and reachable only over trusted network should be disabled. This includes servers provided by DHCP. They should be disabled by adding `PEERNTP=no` to ''/etc/sysconfig/network''.<br />
<br />
We can consider changing the default ''/etc/chrony.conf'' to use some trusted public NTP servers with NTS support. There are public servers provided by [https://www.cloudflare.com/time/ Cloudflare] and [https://www.netnod.se/time-and-frequency/how-to-use-nts Netnod]. Both would be ok with Fedora using their servers by default (after some testing and coordination).<br />
<br />
Potential issues with enabling NTS by default:<br />
* firewalls may block the NTS-KE port<br />
* ISPs may block or rate limit longer NTP packets as a mitigation for amplification attacks using NTP mode 6 and 7 (NTS-KE supports port negotiation and an alternative port could be used to avoid this issue)<br />
* computers with no RTC (or RTC that is too far from the real time) will fail to verify TLS certificates<br />
<br />
== Benefit to Fedora ==<br />
<br />
This change enables Fedora users to securely synchronize the system clock to local or public NTP servers.<br />
<br />
TBD: This change also makes the default configuration of the NTP client secure.<br />
<br />
== Scope ==<br />
* Proposal owners:<br />
<br />
# Update `chrony` to 4.0 and enable the NTS support (adding dependency on GnuTLS)<br />
# TBD: Modify the default ''/etc/chrony.conf'' to use a public server with NTS support<br />
# TBD: Add support for enabling NTS to the installer<br />
<br />
* Other developers: N/A (not a System Wide Change)<br />
<br />
* Release engineering: N/A (not needed for this Change)<br />
<br />
* Policies and guidelines: N/A (not a System Wide Change)<br />
<br />
* Trademark approval: N/A (not needed for this Change)<br />
<br />
== Upgrade/compatibility impact ==<br />
<br />
Fedora systems updated from a previous version will use the new ''/etc/chrony.conf'' automatically if the installed file was not modified. If it was modified, the users will need to update the file manually or rename ''/etc/chrony.conf.rpmnew'' to ''/etc/chrony.conf'' in order to enable NTS.<br />
<br />
== How To Test ==<br />
<br />
If the default configuration is modified for this Change, it needs to be tested that it works correctly on most systems where the previous default configuration using pool.ntp.org servers worked.<br />
<br />
If the installer was modified to support NTS, it should be tested that the generated configuration file is correct and that it disables NTP servers from DHCP in ''/etc/sysconfig/network''.<br />
<br />
The `chronyc -N sources` command can be used to verify that NTP sources are responding and the `chronyc ntpdata` command shows which sources are authenticated. For example<br />
<br />
# chronyc -N sources<br />
MS Name/IP address Stratum Poll Reach LastRx Last sample <br />
===============================================================================<br />
^* time.cloudflare.com 3 6 377 28 -115us[ -111us] +/- 13ms<br />
^+ nts.ntp.se 2 6 377 27 +212us[ +212us] +/- 22ms<br />
# chronyc ntpdata | grep Auth<br />
Authenticated : Yes<br />
Authenticated : Yes<br />
<br />
== User Experience ==<br />
<br />
NTS can be enabled on NTP clients and servers. The directives and options are documented in the `chrony.conf` man page.<br />
<br />
If the installer was modified to support NTS, a new checkbox or dialog will be visible to the user during installation.<br />
<br />
== Dependencies ==<br />
N/A (not a System Wide Change) <br />
<br />
== Contingency Plan ==<br />
<br />
* Contingency mechanism: N/A (not a System Wide Change)<br />
* Contingency deadline: N/A (not a System Wide Change)<br />
* Blocks release? N/A (not a System Wide Change)<br />
* Blocks product?<br />
<br />
== Documentation ==<br />
N/A (not a System Wide Change) <br />
<br />
== Release Notes ==<br />
<!-- The Fedora Release Notes inform end-users about what is new in the release. Examples of past release notes are here: http://docs.fedoraproject.org/release-notes/ --><br />
<!-- The release notes also help users know how to deal with platform changes such as ABIs/APIs, configuration or data file formats, or upgrade concerns. If there are any such changes involved in this change, indicate them here. A link to upstream documentation will often satisfy this need. This information forms the basis of the release notes edited by the documentation team and shipped with the release. <br />
<br />
Release Notes are not required for initial draft of the Change Proposal but has to be completed by the Change Freeze. <br />
--><br />
TBD</div>Mlichvarhttps://fedoraproject.org/w/index.php?title=Changes/NetworkTimeSecurity&diff=569905Changes/NetworkTimeSecurity2020-03-31T15:04:20Z<p>Mlichvar: Created page with "= Network Time Security = == Summary == Support the Network Time Security (NTS) authentication mechanism for the Network Time Protocol (NTP). == Owner == <!-- For change p..."</p>
<hr />
<div>= Network Time Security =<br />
<br />
== Summary ==<br />
<br />
Support the Network Time Security (NTS) authentication mechanism for the Network Time Protocol (NTP).<br />
<br />
== Owner ==<br />
<!-- <br />
For change proposals to qualify as self-contained, owners of all affected packages need to be included here. Alternatively, a SIG can be listed as an owner if it owns all affected packages. <br />
This should link to your home wiki page so we know who you are. <br />
--><br />
* Name: [[User:mlichvar| Miroslav Lichvar]]<br />
* Email: mlichvar@redhat.com<br />
<br />
== Current status ==<br />
[[Category:ChangePageIncomplete]]<br />
<br />
[[Category:SelfContainedChange]]<br />
<br />
* Targeted release: [[Releases/33 | Fedora 33 ]] <br />
* Last updated: <!-- this is an automatic macro — you don't need to change this line --> {{REVISIONYEAR}}-{{REVISIONMONTH}}-{{REVISIONDAY2}} <br />
* FESCo issue: <will be assigned by the Wrangler><br />
* Tracker bug: <will be assigned by the Wrangler><br />
* Release notes tracker: <will be assigned by the Wrangler><br />
<br />
== Detailed Description ==<br />
<br />
NTP is a widely used protocol for synchronization of clocks over network. Authentication of NTP packets is important to prevent a Man-in-the-middle (MITM) attacker from taking control over an NTP client (e.g. force it to jump to a distant future or past). Several different authentication mechanisms have been specified for NTP. The oldest and simplest one uses secret keys, where each client has its own key which needs to be securely distributed to the server and client. This means it is mostly limited to local networks. Autokey is a newer mechanism based on public-key cryptography, but it was shown to be insecure and it is rarely supported on public servers.<br />
<br />
NTS is a new authentication mechanism [https://datatracker.ietf.org/doc/draft-ietf-ntp-using-nts-for-ntp specified by the IETF] for NTP. NTS has an NTS-KE protocol using Transport Layer Security (TLS) to establish the keys and provide the client with cookies, which allows the NTP server to not keep any client-specific state. NTP packets are authenticated using Authenticated Encryption with Associated Data (AEAD). NTS is expected to scale well to a large numbers of clients. There are already some public NTP servers with NTS support.<br />
<br />
The default NTP client and server on Fedora is `chrony`. Support for NTS is added in version 4.0. It uses the GnuTLS library for TLS and the Nettle library for AEAD.<br />
<br />
NTS authentication can be enabled on the client by adding the `nts` option to the `server` or `pool` directive in ''/etc/chrony.conf''. Until a standard port is assigned for NTS by IANA, the port may need to be specified with the `ntsport` option. For example<br />
<br />
`<br />
server foo.example.com iburst nts ntsport 12123<br />
`<br />
<br />
A special care must be taken when mixing authenticated and non-authenticated NTP sources, e.g. servers from the pool.ntp.org project, or local NTP servers provided by DHCP if they are not disabled by adding `PEERNTP=no` to ''/etc/sysconfig/network''. To prevent the attacker from making a large adjustment of the clock by modifying responses from (a majority of) the non-authenticated sources, the `require` and `trust` options must be specified for the authenticated sources. This way, the non-authenticated sources will be used only when they agree with authenticated sources and can contribute to the stability and accuracy of the synchronization.<br />
<br />
The default ''/etc/chrony.conf'' can be modified to use trusted public NTP servers with NTS support. There are public servers provided by [https://www.cloudflare.com/time/ Cloudflare] and [https://www.netnod.se/time-and-frequency/how-to-use-nts Netnod]. Both would be ok with Fedora using their servers by default (with some testing and coordination). Another possibility for Fedora is to consider running its own NTP servers. <br />
<br />
== Benefit to Fedora ==<br />
<br />
This change enables Fedora users to securely synchronize the system clock to local or public NTP servers.<br />
<br />
TBD: This change also makes the default configuration of the NTP client secure.<br />
<br />
== Scope ==<br />
* Proposal owners:<br />
<br />
# Update `chrony` to 4.0 and enable the NTS support (adding dependency on GnuTLS)<br />
# TBD: Modify the ''/etc/chrony.conf'' to use a public server with NTS support<br />
# TBD: Add support for configuring NTS to the installer<br />
<br />
* Other developers: N/A (not a System Wide Change)<br />
<br />
* Release engineering: N/A (not needed for this Change)<br />
<br />
* Policies and guidelines: N/A (not a System Wide Change)<br />
<br />
* Trademark approval: N/A (not needed for this Change)<br />
<br />
== Upgrade/compatibility impact ==<br />
<br />
Fedora systems updated from a previous version will use the new ''/etc/chrony.conf'' automatically if the installed file was not modified. If it was modified, the users will need to update the file manually or rename ''/etc/chrony.conf.rpmnew'' to ''/etc/chrony.conf'' in order to enable NTS.<br />
<br />
== How To Test ==<br />
<br />
If the default configuration is modified for this Change, it needs to be tested that it works correctly on most systems where the previous configuration worked. The NTS-KE port may be blocked in firewalls. Large NTP packets on the port 123 may be blocked or rate-limited by ISPs. (NTS-KE supports port negotiation and an alternative port could be used to avoid this issue.)<br />
<br />
If the installer was modified to support NTS, it needs to be tested that the generated configuration file is correct.<br />
<br />
The `chronyc -N sources` command can be used to verify that NTP sources are responding and the `chronyc ntpdata` command shows which sources are authenticated. For example<br />
<br />
# chronyc -N sources<br />
MS Name/IP address Stratum Poll Reach LastRx Last sample <br />
===============================================================================<br />
^* time.cloudflare.com 3 6 377 28 -115us[ -111us] +/- 13ms<br />
^+ nts.ntp.se 2 6 377 27 +212us[ +212us] +/- 22ms<br />
# chronyc ntpdata | grep Auth<br />
Authenticated : Yes<br />
Authenticated : Yes<br />
<br />
== User Experience ==<br />
<br />
NTS can be enabled on NTP clients and servers. The directives and options are documented in the `chrony.conf` man page.<br />
<br />
If the installer was modified to support NTS, a new checkbox or dialog will be visible to the user during installation.<br />
<br />
== Dependencies ==<br />
N/A (not a System Wide Change) <br />
<br />
== Contingency Plan ==<br />
<br />
* Contingency mechanism: N/A (not a System Wide Change)<br />
* Contingency deadline: N/A (not a System Wide Change)<br />
* Blocks release? N/A (not a System Wide Change)<br />
* Blocks product?<br />
<br />
== Documentation ==<br />
N/A (not a System Wide Change) <br />
<br />
== Release Notes ==<br />
<!-- The Fedora Release Notes inform end-users about what is new in the release. Examples of past release notes are here: http://docs.fedoraproject.org/release-notes/ --><br />
<!-- The release notes also help users know how to deal with platform changes such as ABIs/APIs, configuration or data file formats, or upgrade concerns. If there are any such changes involved in this change, indicate them here. A link to upstream documentation will often satisfy this need. This information forms the basis of the release notes edited by the documentation team and shipped with the release. <br />
<br />
Release Notes are not required for initial draft of the Change Proposal but has to be completed by the Change Freeze. <br />
--><br />
TBD</div>Mlichvarhttps://fedoraproject.org/w/index.php?title=Features/ChronyDefaultNTP&diff=246810Features/ChronyDefaultNTP2011-07-22T16:48:46Z<p>Mlichvar: </p>
<hr />
<div>= Chrony default NTP client =<br />
<br />
== Summary ==<br />
Make chrony the default NTP client.<br />
<br />
== Owner ==<br />
* Name: [[User:mlichvar| Miroslav Lichvar]]<br />
<br />
<!-- Include you email address that you can be reached should people want to contact you about helping with your feature, status is requested, or technical issues need to be resolved--><br />
* Email: mlichvar@redhat.com<br />
<br />
== Current status ==<br />
* Targeted release: [[Releases/16 | Fedora 16 ]]<br />
* Last updated: 2011-07-22<br />
* Percentage of completion: 100%<br />
<br />
== Detailed Description ==<br />
Chrony is an NTP client and server designed to work well without permanent<br />
network connection. It uses different algorithms to discipline the<br />
clock which gives chrony several advantages over ntp:<br />
* works well even with irregular polling of NTP servers, useful for laptops or systems without permanent network connection<br />
* much faster synchronization, it usually needs only minutes instead of hours to minimize the time and frequency error, useful for systems not running 24/7<br />
* larger range for frequency correction (100000 ppm vs 500 ppm), useful for systems running in virtual machines which may have quickly drifting clocks<br />
* after the initial synchronization the clock is never stepped, this is good for applications which need system time to be monotonic<br />
* better response to rapid changes in the clock frequency, useful for systems running in virtual machines<br />
* better stability with temporary asymmetric delays, e.g. when the link is saturated by a large download<br />
<br />
An extensive comparison of ntp and chrony done in a simulator is [http://mlichvar.fedorapeople.org/clknetsim/chrony_ntp here]. Note that current Linux kernels are compiled with SHIFT_PLL=2.<br />
<br />
Using chrony over ntp has also other advantages:<br />
* smaller memory footprint (1.3MB vs 6MB resident size)<br />
* no unnecessary process wakeups, this is good for powersaving. The ntpd process normally wakes up every second. We apply a patch which reduces the number of wakeups significantly, but upstream is not interested in fixing it ([http://bugs.ntp.org/show_bug.cgi?id=802 ntp bug #802]).<br />
<br />
There are also some disadvantages:<br />
* ntp may still perform better in some conditions, but the differences are quite small (see the [http://mlichvar.fedorapeople.org/clknetsim/chrony_ntp simulations])<br />
* chrony corrects the offset by the adjtime() function which means there may be extra short term frequency errors up to 500 ppm<br />
* advanced NTP features like Autokey authentication are not supported<br />
<br />
== Benefit to Fedora ==<br />
Better timekeeping on systems not running 24/7 or without permanent internet connection or with low quality/unstable clocks (virtual machines). Once the clock is synchronized, applications are not upset by backward time jumps.<br />
<br />
== Scope ==<br />
* system-config-date needs to be patched to support both packages and remove the dependency on ntp. The supported options supported by system-config-date are identical in ntp.conf and chrony.conf, so it's just a matter of finding out which one is installed/enabled and select the correct path and service name. A patch is available ([https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=616385 bug #616385]).<br />
* gnome-settings-daemon needs to be patched to support enabling and disabling chrony service. A patch is available ([https://bugzilla.redhat.com/show_bug.cgi?id=723212 bug #723212]).<br />
* comps needs to be modified to install chrony by default and mark ntp as an optional package<br />
<br />
== How To Test ==<br />
* make fresh installation, or install chrony and uninstall ntp<br />
* start NTP in system-config-date and let it run for few minutes<br />
* check "chronyc tracking" output. The Reference ID field should be a valid NTP server (not 0.0.0.0), System time should be close to zero (less than few milliseconds).<br />
* make sure it works also after reboot, suspend and reconnecting to a network.<br />
<br />
== Dependencies ==<br />
<br />
system-config-date<br />
gnome-settings-daemon<br />
comps<br />
<br />
== Contingency Plan ==<br />
<br />
Switching the optional/default types for the ntp and chrony packages in the<br />
comps will revert to installing ntp by default. system-config-date can still<br />
support both packages and doesn't need to depend on any of the two packages.<br />
<br />
== Documentation ==<br />
* [http://chrony.tuxfamily.org/ http://chrony.tuxfamily.org/]<br />
<br />
== Release Notes ==<br />
* Fedora now installs chrony as the default NTP client.<br />
<br />
== Comments and Discussion ==<br />
* See [[Talk:Features/ChronyDefaultNTP]] <!-- This adds a link to the "discussion" tab associated with your page. This provides the ability to have ongoing comments or conversation without bogging down the main feature page --><br />
<br />
<br />
[[Category:FeatureAcceptedF16]]<br />
<!-- When your feature page is completed and ready for review --><br />
<!-- remove Category:FeaturePageIncomplete and change it to Category:FeatureReadyForWrangler --><br />
<!-- After review, the feature wrangler will move your page to Category:FeatureReadyForFesco... if it still needs more work it will move back to Category:FeaturePageIncomplete--></div>Mlichvarhttps://fedoraproject.org/w/index.php?title=Features/ChronyDefaultNTP&diff=246779Features/ChronyDefaultNTP2011-07-22T13:50:48Z<p>Mlichvar: </p>
<hr />
<div>= Chrony default NTP client =<br />
<br />
== Summary ==<br />
Make chrony the default NTP client.<br />
<br />
== Owner ==<br />
* Name: [[User:mlichvar| Miroslav Lichvar]]<br />
<br />
<!-- Include you email address that you can be reached should people want to contact you about helping with your feature, status is requested, or technical issues need to be resolved--><br />
* Email: mlichvar@redhat.com<br />
<br />
== Current status ==<br />
* Targeted release: [[Releases/16 | Fedora 16 ]]<br />
* Last updated: 2011-07-21<br />
* Percentage of completion: 66%<br />
<br />
== Detailed Description ==<br />
Chrony is an NTP client and server designed to work well without permanent<br />
network connection. It uses different algorithms to discipline the<br />
clock which gives chrony several advantages over ntp:<br />
* works well even with irregular polling of NTP servers, useful for laptops or systems without permanent network connection<br />
* much faster synchronization, it usually needs only minutes instead of hours to minimize the time and frequency error, useful for systems not running 24/7<br />
* larger range for frequency correction (100000 ppm vs 500 ppm), useful for systems running in virtual machines which may have quickly drifting clocks<br />
* after the initial synchronization the clock is never stepped, this is good for applications which need system time to be monotonic<br />
* better response to rapid changes in the clock frequency, useful for systems running in virtual machines<br />
* better stability with temporary asymmetric delays, e.g. when the link is saturated by a large download<br />
<br />
An extensive comparison of ntp and chrony done in a simulator is [http://mlichvar.fedorapeople.org/clknetsim/chrony_ntp here]. Note that current Linux kernels are compiled with SHIFT_PLL=2.<br />
<br />
Using chrony over ntp has also other advantages:<br />
* smaller memory footprint (1.3MB vs 6MB resident size)<br />
* no unnecessary process wakeups, this is good for powersaving. The ntpd process normally wakes up every second. We apply a patch which reduces the number of wakeups significantly, but upstream is not interested in fixing it ([http://bugs.ntp.org/show_bug.cgi?id=802 ntp bug #802]).<br />
<br />
There are also some disadvantages:<br />
* ntp may still perform better in some conditions, but the differences are quite small (see the [http://mlichvar.fedorapeople.org/clknetsim/chrony_ntp simulations])<br />
* chrony corrects the offset by the adjtime() function which means there may be extra short term frequency errors up to 500 ppm<br />
* advanced NTP features like Autokey authentication are not supported<br />
<br />
== Benefit to Fedora ==<br />
Better timekeeping on systems not running 24/7 or without permanent internet connection or with low quality/unstable clocks (virtual machines). Once the clock is synchronized, applications are not upset by backward time jumps.<br />
<br />
== Scope ==<br />
* system-config-date needs to be patched to support both packages and remove the dependency on ntp. The supported options supported by system-config-date are identical in ntp.conf and chrony.conf, so it's just a matter of finding out which one is installed/enabled and select the correct path and service name. A patch is available ([https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=616385 bug #616385]).<br />
* gnome-settings-daemon needs to be patched to support enabling and disabling chrony service. A patch is available ([https://bugzilla.redhat.com/show_bug.cgi?id=723212 bug #723212]).<br />
* comps needs to be modified to install chrony by default and mark ntp as an optional package<br />
<br />
== How To Test ==<br />
* make fresh installation, or install chrony and uninstall ntp<br />
* start NTP in system-config-date and let it run for few minutes<br />
* check "chronyc tracking" output. The Reference ID field should be a valid NTP server (not 0.0.0.0), System time should be close to zero (less than few milliseconds).<br />
* make sure it works also after reboot, suspend and reconnecting to a network.<br />
<br />
== Dependencies ==<br />
<br />
system-config-date<br />
gnome-settings-daemon<br />
comps<br />
<br />
== Contingency Plan ==<br />
<br />
Switching the optional/default types for the ntp and chrony packages in the<br />
comps will revert to installing ntp by default. system-config-date can still<br />
support both packages and doesn't need to depend on any of the two packages.<br />
<br />
== Documentation ==<br />
* [http://chrony.tuxfamily.org/ http://chrony.tuxfamily.org/]<br />
<br />
== Release Notes ==<br />
* Fedora now installs chrony as the default NTP client.<br />
<br />
== Comments and Discussion ==<br />
* See [[Talk:Features/ChronyDefaultNTP]] <!-- This adds a link to the "discussion" tab associated with your page. This provides the ability to have ongoing comments or conversation without bogging down the main feature page --><br />
<br />
<br />
[[Category:FeatureAcceptedF16]]<br />
<!-- When your feature page is completed and ready for review --><br />
<!-- remove Category:FeaturePageIncomplete and change it to Category:FeatureReadyForWrangler --><br />
<!-- After review, the feature wrangler will move your page to Category:FeatureReadyForFesco... if it still needs more work it will move back to Category:FeaturePageIncomplete--></div>Mlichvarhttps://fedoraproject.org/w/index.php?title=Features/ChronyDefaultNTP&diff=246346Features/ChronyDefaultNTP2011-07-19T12:33:28Z<p>Mlichvar: </p>
<hr />
<div>= Chrony default NTP client =<br />
<br />
== Summary ==<br />
Make chrony the default NTP client.<br />
<br />
== Owner ==<br />
* Name: [[User:mlichvar| Miroslav Lichvar]]<br />
<br />
<!-- Include you email address that you can be reached should people want to contact you about helping with your feature, status is requested, or technical issues need to be resolved--><br />
* Email: mlichvar@redhat.com<br />
<br />
== Current status ==<br />
* Targeted release: [[Releases/16 | Fedora 16 ]]<br />
* Last updated: 2011-07-19<br />
* Percentage of completion: 0%<br />
<br />
== Detailed Description ==<br />
Chrony is an NTP client and server designed to work well without permanent<br />
network connection. It uses different algorithms to discipline the<br />
clock which gives chrony several advantages over ntp: <br />
* periodic polling of servers is not required which allows it to work well even with large periods of time without network connection<br />
* much faster synchronization, it usually needs only minutes instead of hours to minimize the time and frequency error<br />
* larger range for frequency correction (100000 ppm vs 500 ppm), this is useful for systems running in virtual machines which may have unstable and quickly drifting clocks<br />
* after the initial synchronization the clock is never stepped, this is good for applications which need system time to be monotonic<br />
* better response to rapid changes in the clock frequency<br />
* better stability with temporary asymmetric delays, e.g. when the link is saturated by a large download<br />
<br />
An extensive comparison of ntp and chrony done in a simulator is [http://mlichvar.fedorapeople.org/clknetsim/chrony_ntp here]. Note that current Linux kernels are compiled with SHIFT_PLL=2.<br />
<br />
Using chrony over ntp has also other advantages:<br />
* smaller memory footprint (1.3MB vs 6MB resident size)<br />
* no unnecessary process wakeups, this is good for powersaving. The ntpd process normally wakes up every second. We apply a patch which reduces the number of wakeups significantly, but upstream is not interested in fixing it ([http://bugs.ntp.org/show_bug.cgi?id=802 ntp bug #802]).<br />
<br />
There are also some disadvantages:<br />
* ntp may still perform better in some conditions, but the differences are quite small (see the [http://mlichvar.fedorapeople.org/clknetsim/chrony_ntp simulations])<br />
* chrony corrects the offset by the adjtime() function which means there are short term frequency errors up to 500 ppm<br />
* advanced NTP features like Autokey authentication are not supported<br />
<br />
== Benefit to Fedora ==<br />
Better timekeeping on systems not running 24/7 or without permanent internet connection or with low quality/unstable clocks (virtual machines). Once the clock is synchronized, applications are not upset by backward time jumps.<br />
<br />
== Scope ==<br />
* system-config-date needs to be patched to support both packages and remove the dependency on ntp. The supported options supported by system-config-date are identical in ntp.conf and chrony.conf, so it's just a matter of finding out which one is installed/enabled and select the correct path and service name. A patch is available ([https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=616385 bug #616385]).<br />
* gnome-settings-daemon needs to be patched to support enabling and disabling chrony service. A patch is available ([https://bugzilla.redhat.com/show_bug.cgi?id=723212 bug #723212]).<br />
* comps needs to be modified to install chrony by default and mark ntp as an optional package<br />
<br />
== How To Test ==<br />
* make fresh installation, or install chrony and uninstall ntp<br />
* start NTP in system-config-date and let it run for few minutes<br />
* check "chronyc tracking" output. The Reference ID field should be a valid NTP server (not 0.0.0.0), System time should be close to zero (less than few milliseconds).<br />
* make sure it works also after reboot, suspend and reconnecting to a network.<br />
<br />
== Dependencies ==<br />
<br />
system-config-date<br />
gnome-settings-daemon<br />
comps<br />
<br />
== Contingency Plan ==<br />
<br />
Switching the optional/default types for the ntp and chrony packages in the<br />
comps will revert to installing ntp by default. system-config-date can still<br />
support both packages and doesn't need to depend on any of the two packages.<br />
<br />
== Documentation ==<br />
* [http://chrony.tuxfamily.org/ http://chrony.tuxfamily.org/]<br />
<br />
== Release Notes ==<br />
* Fedora now installs chrony as the default NTP client. The ntp package is still supported. The users are encouraged to install ntp and uninstall chrony if it suits their needs better.<br />
<br />
== Comments and Discussion ==<br />
* See [[Talk:Features/ChronyDefaultNTP]] <!-- This adds a link to the "discussion" tab associated with your page. This provides the ability to have ongoing comments or conversation without bogging down the main feature page --><br />
<br />
<br />
[[Category:FeatureReadyForFesco]]<br />
<!-- When your feature page is completed and ready for review --><br />
<!-- remove Category:FeaturePageIncomplete and change it to Category:FeatureReadyForWrangler --><br />
<!-- After review, the feature wrangler will move your page to Category:FeatureReadyForFesco... if it still needs more work it will move back to Category:FeaturePageIncomplete--></div>Mlichvarhttps://fedoraproject.org/w/index.php?title=Features/ChronyDefaultNTP&diff=246344Features/ChronyDefaultNTP2011-07-19T12:31:18Z<p>Mlichvar: </p>
<hr />
<div>= Chrony default NTP client =<br />
<br />
== Summary ==<br />
Make chrony the default NTP client.<br />
<br />
== Owner ==<br />
* Name: [[User:mlichvar| Miroslav Lichvar]]<br />
<br />
<!-- Include you email address that you can be reached should people want to contact you about helping with your feature, status is requested, or technical issues need to be resolved--><br />
* Email: mlichvar@redhat.com<br />
<br />
== Current status ==<br />
* Targeted release: [[Releases/16 | Fedora 16 ]]<br />
* Last updated: 2011-07-19<br />
* Percentage of completion: 0%<br />
<br />
== Detailed Description ==<br />
Chrony is an NTP client and server designed to work well without permanent<br />
network connection. It uses different algorithms to discipline the<br />
clock which gives chrony several advantages over ntp: <br />
* periodic polling of servers is not required which allows it to work well even with large periods of time without network connection<br />
* much faster synchronization, it usually needs only minutes instead of hours to minimize the time and frequency error<br />
* larger range for frequency correction (100000 ppm vs 500 ppm), this is useful for systems running in virtual machines which may have unstable and quickly drifting clocks<br />
* after the initial synchronization the clock is never stepped, this is good for applications which need system time to be monotonic<br />
* better response to rapid changes in the clock frequency<br />
* better stability with temporary asymmetric delays, e.g. when the link is saturated by a large download<br />
<br />
An extensive comparison of ntp and chrony done in a simulator is [http://mlichvar.fedorapeople.org/clknetsim/chrony_ntp here]. Note that current Linux kernels are compiled with SHIFT_PLL=2.<br />
<br />
Using chrony over ntp has also other advantages:<br />
* smaller memory footprint (1.3MB vs 6MB resident size)<br />
* no unnecessary process wakeups, this is good for powersaving. The ntpd process normally wakes up every second. We apply a patch which reduces the number of wakeups significantly, but upstream is not interested in fixing it ([http://bugs.ntp.org/show_bug.cgi?id=802 ntp bug #802]).<br />
<br />
There are also some disadvantages:<br />
* ntp may still perform better in some conditions, but the differences are quite small (see the [http://mlichvar.fedorapeople.org/clknetsim/chrony_ntp simulations])<br />
* chrony corrects the offset by the adjtime() function which means there are short term frequency errors up to 500 ppm<br />
* advanced NTP features like Autokey authentication are not supported<br />
<br />
== Benefit to Fedora ==<br />
Better timekeeping on systems not running 24/7 or without permanent internet connection or with low quality/unstable clocks (virtual machines). Once the clock is synchronized, applications are not upset by backward time jumps.<br />
<br />
== Scope ==<br />
* system-config-date needs to be patched to support both packages and remove the dependency on ntp. The supported options supported by system-config-date are identical in ntp.conf and chrony.conf, so it's just a matter of finding out which one is installed/enabled and select the correct path and service name. A patch is available ([https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=616385 bug #616385]).<br />
* gnome-settings-daemon needs to be patched to support enabling and disabling chrony service (https://bugzilla.redhat.com/show_bug.cgi?id=723212 bug #723212).<br />
* comps needs to be modified to install chrony by default and mark ntp as an optional package<br />
<br />
== How To Test ==<br />
* make fresh installation, or install chrony and uninstall ntp<br />
* start NTP in system-config-date and let it run for few minutes<br />
* check "chronyc tracking" output. The Reference ID field should be a valid NTP server (not 0.0.0.0), System time should be close to zero (less than few milliseconds).<br />
* make sure it works also after reboot, suspend and reconnecting to a network.<br />
<br />
== Dependencies ==<br />
<br />
system-config-date<br />
gnome-settings-daemon<br />
comps<br />
<br />
== Contingency Plan ==<br />
<br />
Switching the optional/default types for the ntp and chrony packages in the<br />
comps will revert to installing ntp by default. system-config-date can still<br />
support both packages and doesn't need to depend on any of the two packages.<br />
<br />
== Documentation ==<br />
* [http://chrony.tuxfamily.org/ http://chrony.tuxfamily.org/]<br />
<br />
== Release Notes ==<br />
* Fedora now installs chrony as the default NTP client. The ntp package is still supported. The users are encouraged to install ntp and uninstall chrony if it suits their needs better.<br />
<br />
== Comments and Discussion ==<br />
* See [[Talk:Features/ChronyDefaultNTP]] <!-- This adds a link to the "discussion" tab associated with your page. This provides the ability to have ongoing comments or conversation without bogging down the main feature page --><br />
<br />
<br />
[[Category:FeatureReadyForFesco]]<br />
<!-- When your feature page is completed and ready for review --><br />
<!-- remove Category:FeaturePageIncomplete and change it to Category:FeatureReadyForWrangler --><br />
<!-- After review, the feature wrangler will move your page to Category:FeatureReadyForFesco... if it still needs more work it will move back to Category:FeaturePageIncomplete--></div>Mlichvarhttps://fedoraproject.org/w/index.php?title=Features/ChronyDefaultNTP&diff=245162Features/ChronyDefaultNTP2011-07-11T16:46:31Z<p>Mlichvar: </p>
<hr />
<div>= Chrony default NTP client =<br />
<br />
== Summary ==<br />
Make chrony the default NTP client.<br />
<br />
== Owner ==<br />
* Name: [[User:mlichvar| Miroslav Lichvar]]<br />
<br />
<!-- Include you email address that you can be reached should people want to contact you about helping with your feature, status is requested, or technical issues need to be resolved--><br />
* Email: mlichvar@redhat.com<br />
<br />
== Current status ==<br />
* Targeted release: [[Releases/16 | Fedora 16 ]]<br />
* Last updated: 2011-07-11<br />
* Percentage of completion: 0%<br />
<br />
== Detailed Description ==<br />
Chrony is an NTP client and server designed to work well without permanent<br />
network connection. It uses different algorithms to discipline the<br />
clock which gives chrony several advantages over ntp: <br />
* periodic polling of servers is not required which allows it to work well even with large periods of time without network connection<br />
* much faster synchronization, it usually needs only minutes instead of hours to minimize the time and frequency error<br />
* larger range for frequency correction (100000 ppm vs 500 ppm), this is useful for systems running in virtual machines which may have unstable and quickly drifting clocks<br />
* after the initial synchronization the clock is never stepped, this is good for applications which need system time to be monotonic<br />
* better response to rapid changes in the clock frequency<br />
* better stability with temporary asymmetric delays, e.g. when the link is saturated by a large download<br />
<br />
An extensive comparison of ntp and chrony done in a simulator is [http://mlichvar.fedorapeople.org/clknetsim/chrony_ntp here]. Note that current Linux kernels are compiled with SHIFT_PLL=2.<br />
<br />
Using chrony over ntp has also other advantages:<br />
* smaller memory footprint (1.3MB vs 6MB resident size)<br />
* no unnecessary process wakeups, this is good for powersaving. The ntpd process normally wakes up every second. We apply a patch which reduces the number of wakeups significantly, but upstream is not interested in fixing it ([http://bugs.ntp.org/show_bug.cgi?id=802 ntp bug #802]).<br />
<br />
There are also some disadvantages:<br />
* ntp may still perform better in some conditions, but the differences are quite small (see the [http://mlichvar.fedorapeople.org/clknetsim/chrony_ntp simulations])<br />
* chrony corrects the offset by the adjtime() function which means there are short term frequency errors up to 500 ppm<br />
* advanced NTP features like Autokey authentication are not supported<br />
<br />
== Benefit to Fedora ==<br />
Better timekeeping on systems not running 24/7 or without permanent internet connection or with low quality/unstable clocks (virtual machines). Once the clock is synchronized, applications are not upset by backward time jumps.<br />
<br />
== Scope ==<br />
* system-config-date needs to be patched to support both packages and remove the dependency on ntp. The supported options supported by system-config-date are identical in ntp.conf and chrony.conf, so it's just a matter of finding out which one is installed/enabled and select the correct path and service name. A patch is available ([https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=616385 bug #616385]).<br />
* comps needs to be modified to install chrony by default and mark ntp as an optional package<br />
<br />
== How To Test ==<br />
* make fresh installation, or install chrony and uninstall ntp<br />
* start NTP in system-config-date and let it run for few minutes<br />
* check "chronyc tracking" output. The Reference ID field should be a valid NTP server (not 0.0.0.0), System time should be close to zero (less than few milliseconds).<br />
* make sure it works also after reboot, suspend and reconnecting to a network.<br />
<br />
== Dependencies ==<br />
<br />
system-config-date<br />
comps<br />
<br />
== Contingency Plan ==<br />
<br />
Switching the optional/default types for the ntp and chrony packages in the<br />
comps will revert to installing ntp by default. system-config-date can still<br />
support both packages and doesn't need to depend on any of the two packages.<br />
<br />
== Documentation ==<br />
* [http://chrony.tuxfamily.org/ http://chrony.tuxfamily.org/]<br />
<br />
== Release Notes ==<br />
* Fedora now installs chrony as the default NTP client. The ntp package is still supported. The users are encouraged to install ntp and uninstall chrony if it suits their needs better.<br />
<br />
== Comments and Discussion ==<br />
* See [[Talk:Features/ChronyDefaultNTP]] <!-- This adds a link to the "discussion" tab associated with your page. This provides the ability to have ongoing comments or conversation without bogging down the main feature page --><br />
<br />
<br />
[[Category:FeatureReadyForWrangler]]<br />
<!-- When your feature page is completed and ready for review --><br />
<!-- remove Category:FeaturePageIncomplete and change it to Category:FeatureReadyForWrangler --><br />
<!-- After review, the feature wrangler will move your page to Category:FeatureReadyForFesco... if it still needs more work it will move back to Category:FeaturePageIncomplete--></div>Mlichvarhttps://fedoraproject.org/w/index.php?title=Features/ChronyDefaultNTP&diff=245159Features/ChronyDefaultNTP2011-07-11T16:31:22Z<p>Mlichvar: </p>
<hr />
<div>= Chrony default NTP client =<br />
<br />
== Summary ==<br />
Make chrony the default NTP client.<br />
<br />
== Owner ==<br />
* Name: [[User:mlichvar| Miroslav Lichvar]]<br />
<br />
<!-- Include you email address that you can be reached should people want to contact you about helping with your feature, status is requested, or technical issues need to be resolved--><br />
* Email: mlichvar@redhat.com<br />
<br />
== Current status ==<br />
* Targeted release: [[Releases/16 | Fedora 16 ]]<br />
* Last updated: 2011-07-11<br />
* Percentage of completion: 0%<br />
<br />
== Detailed Description ==<br />
Chrony is an NTP client and server designed to work well without permanent<br />
network connection. It uses different algorithms to discipline the<br />
clock which gives chrony several advantages over ntp: <br />
* periodic polling of servers is not required which allows it to work well even with large periods of time without network connection<br />
* much faster synchronization, it usually needs only minutes instead of hours to minimize the time and frequency error<br />
* larger range for frequency correction (100000 ppm vs 500 ppm), this is useful for systems running in virtual machines which may have unstable and quickly drifting clocks<br />
* after the initial synchronization the clock is never stepped, this is good for applications which need system time to be monotonic<br />
* better response to rapid changes in the clock frequency<br />
* better stability with temporary asymmetric delays, e.g. when the link is saturated by a large download<br />
<br />
An extensive comparison of ntp and chrony done in a simulator is [http://mlichvar.fedorapeople.org/clknetsim/chrony_ntp here]. Note that current Linux kernels are compiled with SHIFT_PLL=2.<br />
<br />
Using chrony over ntp has also other advantages:<br />
* smaller memory footprint (1.3MB vs 6MB resident size)<br />
* no unnecessary process wakeups, this is good for powersaving. The ntpd process normally wakes up every second. We apply a patch which reduces the number of wakeups significantly, but upstream is not interested in fixing it ([http://bugs.ntp.org/show_bug.cgi?id=802 ntp bug #802]).<br />
<br />
There are also some disadvantages:<br />
* ntp may still perform better in some conditions, but the differences are quite small (see the [http://mlichvar.fedorapeople.org/clknetsim/chrony_ntp simulations])<br />
* advanced NTP features like Autokey authentication are not supported<br />
<br />
== Benefit to Fedora ==<br />
Better timekeeping on systems not running 24/7 or without permanent internet connection or with low quality/unstable clocks (virtual machines). Once the clock is synchronized, applications are not upset by backward time jumps.<br />
<br />
== Scope ==<br />
* system-config-date needs to be patched to support both packages and remove the dependency on ntp. The supported options supported by system-config-date are identical in ntp.conf and chrony.conf, so it's just a matter of finding out which one is installed/enabled and select the correct path and service name. A patch is available ([https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=616385 bug #616385]).<br />
* comps needs to be modified to install chrony by default and mark ntp as an optional package<br />
<br />
== How To Test ==<br />
* make fresh installation, or install chrony and uninstall ntp<br />
* start NTP in system-config-date and let it run for few minutes<br />
* check "chronyc tracking" output. The Reference ID field should be a valid NTP server (not 0.0.0.0), System time should be close to zero (less than few milliseconds).<br />
* make sure it works also after reboot, suspend and reconnecting to a network.<br />
<br />
== Dependencies ==<br />
<br />
system-config-date<br />
comps<br />
<br />
== Contingency Plan ==<br />
<br />
Switching the optional/default types for the ntp and chrony packages in the<br />
comps will revert to installing ntp by default. system-config-date can still<br />
support both packages and doesn't need to depend on any of the two packages.<br />
<br />
== Documentation ==<br />
* [http://chrony.tuxfamily.org/ http://chrony.tuxfamily.org/]<br />
<br />
== Release Notes ==<br />
* Fedora now installs chrony as the default NTP client. The ntp package is still supported. The users are encouraged to install ntp and uninstall chrony if it suits their needs better.<br />
<br />
== Comments and Discussion ==<br />
* See [[Talk:Features/ChronyDefaultNTP]] <!-- This adds a link to the "discussion" tab associated with your page. This provides the ability to have ongoing comments or conversation without bogging down the main feature page --><br />
<br />
<br />
[[Category:FeatureReadyForWrangler]]<br />
<!-- When your feature page is completed and ready for review --><br />
<!-- remove Category:FeaturePageIncomplete and change it to Category:FeatureReadyForWrangler --><br />
<!-- After review, the feature wrangler will move your page to Category:FeatureReadyForFesco... if it still needs more work it will move back to Category:FeaturePageIncomplete--></div>Mlichvarhttps://fedoraproject.org/w/index.php?title=Features/ChronyDefaultNTP&diff=245151Features/ChronyDefaultNTP2011-07-11T16:15:11Z<p>Mlichvar: </p>
<hr />
<div>= Chrony default NTP client =<br />
<br />
== Summary ==<br />
Make chrony the default NTP client.<br />
<br />
== Owner ==<br />
* Name: [[User:mlichvar| Miroslav Lichvar]]<br />
<br />
<!-- Include you email address that you can be reached should people want to contact you about helping with your feature, status is requested, or technical issues need to be resolved--><br />
* Email: mlichvar@redhat.com<br />
<br />
== Current status ==<br />
* Targeted release: [[Releases/16 | Fedora 16 ]]<br />
* Last updated: 2011-07-11<br />
* Percentage of completion: 0%<br />
<br />
== Detailed Description ==<br />
Chrony is an NTP client and server designed to work well without permanent<br />
network connection. It uses different algorithms to discipline the<br />
clock which gives chrony several advantages over ntp: <br />
* periodic polling of servers is not required which allows it to work well even with large periods of time without network connection<br />
* much faster synchronization, it usually needs only minutes instead of hours to minimize the time and frequency error<br />
* larger range for frequency correction (100000 ppm vs 500 ppm), this is useful for systems running in virtual machines which may have unstable and quickly drifting clocks<br />
* after the initial synchronization the clock is never stepped, this is good for applications which need system time to be monotonous<br />
* better response to rapid changes in the clock frequency<br />
* better stability with temporary asymmetric delays, e.g. when the link is saturated by a large download<br />
<br />
An extensive comparison of ntp and chrony done in a simulator is [http://mlichvar.fedorapeople.org/clknetsim/chrony_ntp here]. Note that current Linux kernels are compiled with SHIFT_PLL=2.<br />
<br />
Using chrony over ntp has also other advantages:<br />
* smaller memory footprint (1.3MB vs 6MB resident size)<br />
* no unnecessary process wakeups, this is good for powersaving. The ntpd process normally wakes up every second. We apply a patch which reduces the number of wakeups significantly, but upstream is not interested in fixing it ([http://bugs.ntp.org/show_bug.cgi?id=802 ntp bug #802]).<br />
<br />
There are also some disadvantages:<br />
* ntp may still performs better in the conditions which it was optimized for, i.e. systems with high quality oscillators and noisy networks, but the difference is quite small (see the [http://mlichvar.fedorapeople.org/clknetsim/chrony_ntp simulations])<br />
* advanced NTP features like Autokey authentication are not supported<br />
<br />
== Benefit to Fedora ==<br />
Better timekeeping on systems not running 24/7 or without permanent internet connection or with low quality/unstable clocks (virtual machines). Once the clock is synchronized, applications are not upset by backward time jumps.<br />
<br />
== Scope ==<br />
* system-config-date needs to be patched to support both packages and remove the dependency on ntp. The supported options supported by system-config-date are identical in ntp.conf and chrony.conf, so it's just a matter of finding out which one is installed/enabled and select the correct path and service name. A patch is available ([https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=616385 bug #616385]).<br />
* comps needs to be modified to install chrony by default and mark ntp as an optional package<br />
<br />
== How To Test ==<br />
* make fresh installation, or install chrony and uninstall ntp<br />
* start NTP in system-config-date and let it run for few minutes<br />
* check "chronyc tracking" output. The Reference ID field should be a valid NTP server (not 0.0.0.0), System time should be close to zero (less than few milliseconds).<br />
* make sure it works also after reboot, suspend and reconnecting to a network.<br />
<br />
== Dependencies ==<br />
<br />
system-config-date<br />
comps<br />
<br />
== Contingency Plan ==<br />
<br />
Switching the optional/default types for the ntp and chrony packages in the<br />
comps will revert to installing ntp by default. system-config-date can still<br />
support both packages and doesn't need to depend on any of the two packages.<br />
<br />
== Documentation ==<br />
* [http://chrony.tuxfamily.org/ http://chrony.tuxfamily.org/]<br />
<br />
== Release Notes ==<br />
* Fedora now installs chrony as the default NTP client. The ntp package is still supported. The users are encouraged to install ntp and uninstall chrony if it suits their needs better.<br />
<br />
== Comments and Discussion ==<br />
* See [[Talk:Features/ChronyDefaultNTP]] <!-- This adds a link to the "discussion" tab associated with your page. This provides the ability to have ongoing comments or conversation without bogging down the main feature page --><br />
<br />
<br />
[[Category:FeatureReadyForWrangler]]<br />
<!-- When your feature page is completed and ready for review --><br />
<!-- remove Category:FeaturePageIncomplete and change it to Category:FeatureReadyForWrangler --><br />
<!-- After review, the feature wrangler will move your page to Category:FeatureReadyForFesco... if it still needs more work it will move back to Category:FeaturePageIncomplete--></div>Mlichvarhttps://fedoraproject.org/w/index.php?title=Features/ChronyDefaultNTP&diff=245140Features/ChronyDefaultNTP2011-07-11T15:25:01Z<p>Mlichvar: Created page with "= Chrony default NTP client = == Summary == Make chrony the default NTP client. == Owner == * Name: Miroslav Lichvar <!-- Include you email address that you..."</p>
<hr />
<div>= Chrony default NTP client =<br />
<br />
== Summary ==<br />
Make chrony the default NTP client.<br />
<br />
== Owner ==<br />
* Name: [[User:mlichvar| Miroslav Lichvar]]<br />
<br />
<!-- Include you email address that you can be reached should people want to contact you about helping with your feature, status is requested, or technical issues need to be resolved--><br />
* Email: mlichvar@redhat.com<br />
<br />
== Current status ==<br />
* Targeted release: [[Releases/16 | Fedora 16 ]]<br />
* Last updated: 2011-07-11<br />
* Percentage of completion: 0%<br />
<br />
== Detailed Description ==<br />
Chrony is an NTP client and server designed to work well without permanent<br />
network connection. It uses different algorithms to discipline the<br />
clock which gives chrony several advantages over ntp: <br />
* periodic polling of servers is not required which allows it to work well even with large periods of time without network connection<br />
* much faster synchronization, it usually needs only minutes instead of hours to minimize the time and frequency error<br />
* larger range for frequency correction, 100000 ppm vs 500 ppm, this is useful for systems running in virtual machines which may have unstable and quickly drifting clocks<br />
* after the initial synchronization the clock is never stepped, this is good for applications which need system time to be monotonous<br />
* better response to rapid changes in the clock frequency<br />
* better stability with temporary asymmetric delays, e.g. when the link is saturated by a large download<br />
<br />
An extensive comparison of ntp and chrony done in a simulator is [http://mlichvar.fedorapeople.org/clknetsim/chrony_ntp here]. Note that current Linux kernels are compiled with SHIFT_PLL=2.<br />
<br />
Using chrony over ntp has also other advantages:<br />
* smaller memory footprint (1.3MB vs 6MB resident size)<br />
* no unnecessary process wakeups, this is good for powersaving. The ntpd process normally wakes up every second. We apply a patch which reduces the number of wakeups significantly, but upstream is not interested in fixing it ([http://bugs.ntp.org/show_bug.cgi?id=802 ntp bug #802]).<br />
<br />
There are also some disadvantages:<br />
* ntp may still performs better in the conditions which it was optimized for, i.e. systems with high quality oscillators and noisy networks, but the difference is quite small (see the [http://mlichvar.fedorapeople.org/clknetsim/chrony_ntp simulations])<br />
* advanced NTP features like Autokey authentication are not supported<br />
<br />
== Benefit to Fedora ==<br />
Better timekeeping on systems not running 24/7 or without permanent internet connection or with low quality/unstable clocks (virtual machines). Once the clock is synchronized, applications are not upset by backward time jumps.<br />
<br />
== Scope ==<br />
* system-config-date needs to be patched to support both packages and remove the dependency on ntp. The supported options supported by system-config-date are identical in ntp.conf and chrony.conf, so it's just a matter of finding out which one is installed/enabled and select the correct path and service name. A patch is available ([https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=616385 bug #616385]).<br />
* comps needs to be modified to install chrony by default and mark ntp as an optional package<br />
<br />
== How To Test ==<br />
* make fresh installation, or install chrony and uninstall ntp<br />
* start NTP in system-config-date and let it run for few minutes<br />
* check "chronyc tracking" output. The Reference ID field should be a valid NTP server (not 0.0.0.0), System time should be close to zero (less than few milliseconds).<br />
* make sure it works also after reboot, suspend and reconnecting to a network.<br />
<br />
== Dependencies ==<br />
<br />
system-config-date<br />
comps<br />
<br />
== Contingency Plan ==<br />
<br />
Switching the optional/default types for the ntp and chrony packages in the<br />
comps will revert to installing ntp by default. system-config-date can still<br />
support both packages and doesn't need to depend on any of the two packages.<br />
<br />
== Documentation ==<br />
* [http://chrony.tuxfamily.org/ http://chrony.tuxfamily.org/]<br />
<br />
== Release Notes ==<br />
* Fedora now installs chrony as the default NTP client. The ntp package is still supported. The users are encouraged to install ntp and uninstall chrony if it suits their needs better.<br />
<br />
== Comments and Discussion ==<br />
* See [[Talk:Features/ChronyDefaultNTP]] <!-- This adds a link to the "discussion" tab associated with your page. This provides the ability to have ongoing comments or conversation without bogging down the main feature page --><br />
<br />
<br />
[[Category:FeaturePageIncomplete]]<br />
<!-- When your feature page is completed and ready for review --><br />
<!-- remove Category:FeaturePageIncomplete and change it to Category:FeatureReadyForWrangler --><br />
<!-- After review, the feature wrangler will move your page to Category:FeatureReadyForFesco... if it still needs more work it will move back to Category:FeaturePageIncomplete--></div>Mlichvarhttps://fedoraproject.org/w/index.php?title=Upstream_release_monitoring&diff=163090Upstream release monitoring2010-04-01T11:10:35Z<p>Mlichvar: </p>
<hr />
<div>= Fedora Upstream Release Monitoring =<br />
<br />
== General Information ==<br />
This page is about a service for package maintainers to get notified in case rawhide does not contain the latest upstream release of their packages. In case upstream appears to be newer that the package currently in rawhide, a new bug like [[rhbug:512412|bug 512412]] is filed.<br />
<br />
== History ==<br />
[[User:Ecik|Michał Bentkowski]] wrote a software called FEver to track new upstream releases. Unluckily, he became unresponsive and the complete code of his software was lost. Currently a new tool is developed to fill the loss.<br />
<br />
== Software ==<br />
The worked-on replacement for FEver is available at a [http://fedorapeople.org/gitweb?p=till/public_git/cnucnu.git;a=summary fedorapeople public git repository].<br />
<br />
== The Basics ==<br />
=== How To Enable Version Checking for My Packages? ===<br />
It is fairly simple. All you need to do is to add your package to the list at the end of this page, in the [[#PackagesList|List Of Packages]] section. Also you can add your package name to Check My Package Section and someone will eventually add your package to the list of packages.<br />
<br />
=== What Is The Format Of The List? ===<br />
It contains three fields: <code><package name></code>, <code><version regex></code> and <code><url></code>.<br />
* <code><package name></code> - the name of your package<br />
* <code><version regex></code> - The regular expression used to find the upstream versions of a package. An example is <code>\b<package name>[-_]([^-/_\s]+?)(?i)(?:[-_](?:src|source))?\.(?:tar|t[bglx]z|tbz2|zip)\b</code>, which usually works for packages distributed by sourceforge. An alias for this regular expression is <code>DEFAULT</code>. An alternative value for the package name can be set using a colon: <code>DEFAULT:foo</code>, e.g. if the tarball is called <code>pam-mount-1.33.tar.bz2</code>, but the Fedora package is <code>pam_mount</code>. <br />
* <code><url></code> - contains an URL, where the upstream publishes release tarballs or mentions the latest version. For packages from sourceforge, <code>https://sourceforge.net/projects/<package name>/files/</code> with the above example regular expression often works. An alias for this URL is <code>SF-DEFAULT</code>. This alias will be updated in case future changes to sourceforge require a change. The name override works here, too.<br />
<br />
{{Anchor|HowToMakeRegex}}<br />
<br />
=== How can I develop a regex? ===<br />
<code>cnucnu --shell</code> can be used to interactively develop a regular expression. If your package is hosted at sourceforge, run it and try <code>name <package-name></code>, then it will show you the results for the default sourceforge URL and regular expression. If this does not work for your package or if your package is not hosted at sourceforge, you will be prompted for a URL and a regular expression.<br />
<br />
Here is an example session for bugzilla:<br />
<br />
<pre><br />
$ bin/cnucnu --shell<br />
None None URL:> http://ftp.mozilla.org/pub/mozilla.org/webtools/<br />
None http://ftp.mozilla.org/pub/mozilla.org/webtools/ Regex:> bugzilla-(.*?).tar.gz<br />
Versions: ['2.22.1', '2.22.1', '2.22.2', '2.22.2', '2.22.3', '2.22.3', '2.22.4', '2.22.4', '2.22.5', '2.22.5', '2.22.6', '2.22.6', '2.22.7', '2.22.7', '3.0.1', '3.0.1', '3.0.2', '3.0.2', '3.0.3', '3.0.3', '3.0.4', '3.0.4', '3.0.5', '3.0.5', '3.0.6', '3.0.6', '3.0.8', '3.0.8', '3.0', '3.0', '3.0rc1', '3.0rc1', '3.1.1', '3.1.1', '3.1.2', '3.1.2', '3.1.3', '3.1.3', '3.1.4', '3.1.4', '3.2.2', '3.2.2', '3.2.3', '3.2.3', '3.2.4', '3.2.4', '3.2', '3.2', '3.2rc1', '3.2rc1', '3.2rc2', '3.2rc2', '3.3.1', '3.3.1', '3.3.3', '3.3.3', '3.3.4', '3.3.4', '3.4rc1', '3.4rc1', 'LATEST', 'LATEST', 'STABLE', 'STABLE', 'submit-0.5', 'submit-0.5', 'submit-0.6', 'submit-0.6']<br />
Latest: 3.4rc1<br />
bugzilla-(.*?).tar.gz http://ftp.mozilla.org/pub/mozilla.org/webtools/ Regex:><br />
</pre><br />
<br />
It looks pretty good, but as you can see there are records like <code>'submit-0.5</code>' or <code>'STABLE'</code>, which are not good version strings. To improve it, you can make a simple change. Version always start with a number, so let's try to put it into the regex:<br />
<pre><br />
bugzilla-(.*?).tar.gz http://ftp.mozilla.org/pub/mozilla.org/webtools/ Regex:> bugzilla-([0-9.]*?).tar.gz<br />
Versions: ['2.22.1', '2.22.1', '2.22.2', '2.22.2', '2.22.3', '2.22.3', '2.22.4', '2.22.4', '2.22.5', '2.22.5', '2.22.6', '2.22.6', '2.22.7', '2.22.7', '3.0.1', '3.0.1', '3.0.2', '3.0.2', '3.0.3', '3.0.3', '3.0.4', '3.0.4', '3.0.5', '3.0.5', '3.0.6', '3.0.6', '3.0.8', '3.0.8', '3.0', '3.0', '3.1.1', '3.1.1', '3.1.2', '3.1.2', '3.1.3', '3.1.3', '3.1.4', '3.1.4', '3.2.2', '3.2.2', '3.2.3', '3.2.3', '3.2.4', '3.2.4', '3.2', '3.2', '3.3.1', '3.3.1', '3.3.3', '3.3.3', '3.3.4', '3.3.4']<br />
Latest: 3.3.4<br />
bugzilla-([0-9.]*?).tar.gz http://ftp.mozilla.org/pub/mozilla.org/webtools/ Regex:><br />
</pre><br />
Now it looks much better. Another way to check <code>bugzilla</code> version is to use the download site. You can use a heading: '''Stable Release (2.22.1)'''. Example:<br />
<pre><br />
$ bin/cnucnu --shell<br />
None None URL:> http://www.bugzilla.org/download/<br />
None http://www.bugzilla.org/download/ Regex:> Stable Release \((.*?)\)<br />
Versions: ['3.2.4', '3.0.8']<br />
Latest: 3.2.4<br />
Stable Release \((.*?)\) http://www.bugzilla.org/download/ Regex:><br />
</pre><br />
{{Admon/warning | Don't forget to escape <code>(</code> and <code>)</code> chars! | You need to escape <code>(</code> and <code>)</code> chars because they are used on the page. Unescaped parenthesis are used by regex parser as grouping chars. So if you don't escape parenthesis, they will be included in version string (and this is unwanted). Read [http://docs.python.org/lib/re-syntax.html Regular Expressions Syntax] for more information.}}<br />
<br />
{{Anchor|fever-check}}<br />
<br />
{{Anchor|feedback}}<br />
<br />
== Feedback ==<br />
If you have any questions or suggestions, you can contact [[User:till|Till Maas]].<br />
<br />
{{Anchor|CheckMyPackage}}<br />
== Check My Package, please! ==<br />
If you have no time to create your regex or you simple don't understand how to create it, you can add your package's name below and I will add your package to [[#PackagesList|List Of Packages]] section. It would be nice, if you added URL aside of your package name.<br />
<pre><br />
* PKGNAME URL<br />
* clutter* http://www.clutter-project.org/sources/ (may need subdirectory handling)<br />
* gtk-murrine-engine http://ftp.gnome.org/pub/GNOME/sources/murrine/ (may need subdirectory handling)<br />
</pre><br />
<br />
<br />
It would be terrific to monitor these, but many of their upstreams have bad release practices (archives without versions, stealth replace-in-place, or even multiple raw files outside an archive)<br />
<pre><br />
* adf-accanthis-fonts<br />
* andika-fonts<br />
* apanov-edrip-fonts<br />
* apanov-heuristica-fonts<br />
* bitstream-vera-fonts<br />
* charis-fonts<br />
* dejavu-fonts<br />
* ecolier-court-fonts<br />
* edrip-fonts<br />
* gfs-ambrosia-fonts<br />
* gfs-artemisia-fonts<br />
* gfs-baskerville-fonts<br />
* gfs-bodoni-classic-fonts<br />
* gfs-bodoni-fonts<br />
* gfs-complutum-fonts<br />
* gfs-decker-fonts<br />
* gfs-didot-classic-fonts<br />
* gfs-didot-fonts<br />
* gfs-eustace-fonts<br />
* gfs-fleischman-fonts<br />
* gfs-garaldus-fonts<br />
* gfs-gazis-fonts<br />
* gfs-jackson-fonts<br />
* gfs-neohellenic-fonts<br />
* gfs-nicefore-fonts<br />
* gfs-olga-fonts<br />
* gfs-porson-fonts<br />
* gfs-pyrsos-fonts<br />
* gfs-solomos-fonts<br />
* gfs-theokritos-fonts<br />
* google-droid-fonts<br />
* senamirmir-washra-fonts<br />
* sil-andika-fonts<br />
* sil-charis-compact-fonts<br />
* sil-charis-fonts<br />
* stix-fonts <br />
* xgridfit<br />
* yanone-kaffeesatz-fonts<br />
</pre><br />
<br />
{{Anchor|PackagesList}}<br />
<br />
== List Of Packages ==<br />
=== A - M ===<br />
<pre><br />
* a2ps Current.Version.is.([0-9a-z.]+) http://www.inf.enst.fr/~demaille/a2ps/<br />
* abcde abcde[_-](.*?)(?:\.orig)\.tar\. http://ftp.debian.org/debian/pool/main/a/abcde/<br />
* abook abook-(0.*?).tar.gz http://abook.sourceforge.net/<br />
* adjtimex adjtimex_(.*?)\.orig\.tar http://ftp.debian.org/debian/pool/main/a/adjtimex/<br />
* aircrack-ng aircrack-ng-([0-9][0-9.]*?).tar.gz http://download.aircrack-ng.org/<br />
* alltray DEFAULT https://edge.launchpad.net/alltray/old-maintenance<br />
* alsa-firmware alsa-firmware-(\d+\.\d+\.\d+)\.tar.bz2 ftp://ftp.alsa-project.org/pub/firmware/<br />
* alsa-plugins alsa-plugins-(\d+\.\d+\.\d+)\.tar.bz2 ftp://ftp.alsa-project.org/pub/plugins/<br />
* alsa-tools alsa-tools-(\d+\.\d+\.\d+)\.tar.bz2 ftp://ftp.alsa-project.org/pub/tools/<br />
* altermime altermime-(.*?).tar.gz http://www.pldaniels.com/altermime/<br />
* anjuta anjuta-([0-9.]*).tar.bz2 http://ftp.acc.umu.se/pub/GNOME/sources/anjuta/2.25/<br />
* anki anki-(.*?).tgz http://code.google.com/p/anki/downloads/list<br />
* apache-commons-math commons-exec-([0-9\.]*?)-src\.tar\.gz http://www.apache.org/dist/commons/exec/source/<br />
* apache-commons-math commons-math-([0-9\.]*?)-src\.tar\.gz http://www.apache.org/dist/commons/math/source/<br />
* archimedes archimedes-(.*?).tar.gz GNU-DEFAULT<br />
* aria2 >aria2-(.*?).tar.bz2< http://sourceforge.net/project/showfiles.php?group_id=159897&package_id=179690<br />
* astyle astyle_(.*?)_linux.tar.gz http://sourceforge.net/projects/astyle/files/<br />
* atlascpp Atlas-C\+\+-([0-9\.]*?).tar.gz http://sourceforge.net/project/showfiles.php?group_id=11799&package_id=132539<br />
* auto-nng auto-nng.v(.*?).tar.gz http://www.auto-nng.org/files/downloads/<br />
* awstats awstats-(.*?).tar.gz http://sourceforge.net/project/showfiles.php?group_id=13764&package_id=11481<br />
* bcrypt bcrypt-(.*?).tar.gz http://sourceforge.net/project/showfiles.php?group_id=62194&package_id=58722<br />
* beep beep-([0-9\.]+).tar.gz http://www.johnath.com/beep/<br />
* bibus bibus-(.*?).tar.gz http://sourceforge.net/projects/bibus-biblio/files/<br />
* bison DEFAULT GNU-DEFAULT<br />
* bleachbit DEFAULT http://bleachbit-project.appspot.com/download/source/<br />
* blender blender-(.[^-]*?)\.tar\.gz http://download.blender.org/source/<br />
* blktrace blktrace-([0-9\.].*?).tar.bz2 http://brick.kernel.dk/snaps/<br />
* bodr bodr-(.*?).tar.bz2 http://sourceforge.net/project/showfiles.php?group_id=189199&package_id=221528<br />
* bouml bouml_(.*?).tar.gz http://bouml.free.fr/download.html<br />
* bouml-doc doc(.*?).tar.gz http://bouml.free.fr/documentation.html<br />
* bti bti-(.*?).tar.bz2 http://www.kernel.org/pub/linux/kernel/people/gregkh/bti/<br />
* btrfs-progs btrfs-progs-(.*?).tar.bz2 http://www.kernel.org/pub/linux/kernel/people/mason/btrfs/<br />
* bygfoot DEFAULT SF-DEFAULT<br />
* bzr DEFAULT http://wiki.bazaar.canonical.com/SourceDownloads<br />
* bzrtools bzrtools-(.*?).tar.gz http://bazaar-vcs.org/BzrTools<br />
* c2050 c2050-(.*?).tar.gz http://www.prato.linux.it/~mnencia/lexmark2050/files/<br />
* ccache DEFAULT http://samba.org/ftp/ccache/<br />
* clutter DEFAULT http://www.clutter-project.org/sources/clutter/1.0/<br />
* CCfits CCfits-([0-9].*?).tar.gz http://heasarc.gsfc.nasa.gov/fitsio/CCfits/<br />
* cd-discid DEFAULT http://linukz.org/cd-discid.shtml<br />
* cdlabelgen cdlabelgen-(.*?).tgz http://www.aczoom.com/tools/cdinsert/<br />
* centerim centerim-(.*?).tar.gz http://www.centerim.org/download/releases/<br />
* checkgmail checkgmail-(.*?).tar.bz2 http://sourceforge.net/project/showfiles.php?group_id=137480&package_id=151051<br />
* chemical-mime-data chemical-mime-data-(.*?).tar.gz http://sourceforge.net/project/showfiles.php?group_id=159685&package_id=179318<br />
* chemtool chemtool-([.0-9]*?).tar.gz http://ruby.chemie.uni-freiburg.de/~martin/chemtool/chemtool.html<br />
* cmospwd cmospwd-([0-9\.]*?).tar.bz2 http://www.cgsecurity.org/wiki/CmosPwd<br />
* colordiff DEFAULT http://colordiff.sourceforge.net/<br />
* conduit conduit-(.*?)\.tar\.gz http://ftp.gnome.org/pub/GNOME/sources/conduit/0.3/<br />
* coreutils coreutils-(.*?).tar.gz GNU-DEFAULT<br />
* corkscrew corkscrew-(.*?).tar.gz http://www.agroman.net/corkscrew/<br />
* cowsay cowsay-(.*?).tar.gz http://www.nog.net/~tony/warez/cowsay.shtml<br />
* cpl cpl-(.*?).tar.gz http://www.eso.org/sci/data-processing/software/cpl/download.html<br />
* cppcheck cppcheck-(.*?)\.tar\.bz2 http://sourceforge.net/projects/cppcheck/files/<br />
* crm114 crm114-(.*?)-Blame.*?.tar.gz http://crm114.sourceforge.net/tarballs/<br />
* crossvc crossvc-(.*?)\-generic-src\.tgz http://crossvc.com/index.php?menu_id=5&lang=en<br />
* cssed cssed-([0-9].*?)\.tar.gz http://sourceforge.net/project/showfiles.php?group_id=95078&package_id=101269<br />
* cstream cstream-([0-9\.]+)\.tar\.gz http://www.cons.org/cracauer/download/<br />
* ctorrent ctorrent-dnh(.*?).tar.gz http://www.rahul.net/dholmes/ctorrent/<br />
* cups cups-(\d\.\d\.\d)-source\.tar\.bz2 http://www.cups.org/software.php<br />
* cvs2cl Revision:\s*([^\s$]+) http://www.red-bean.com/cvs2cl/cvs2cl.pl<br />
* cvsps DEFAULT http://www.cobite.com/cvsps/<br />
* cyphesis cyphesis-([0-9\.]*?).tar.gz http://sourceforge.net/project/showfiles.php?group_id=11799&package_id=130618<br />
* dbench dbench-(.*?)\.tar http://samba.org/ftp/tridge/dbench/<br />
* dblatex >dblatex-(.*?).tar.bz2< http://sourceforge.net/project/showfiles.php?group_id=72607&package_id=72489<br />
* dclib dclib-(.*?).tar.bz2 http://sourceforge.net/projects/wxdcgui/files<br />
* debootstrap debootstrap_(.*?).tar.gz http://ftp.debian.org/debian/pool/main/d/debootstrap/<br />
* decibel-audio-player decibel-audio-player-([0-9]+\..+?).tar.gz http://decibel.silent-blade.org/index.php?n=Main.Download<br />
* detox DEFAULT SF-DEFAULT<br />
* diffstat diffstat-(.*?).tgz ftp://invisible-island.net/diffstat/<br />
* dkms DEFAULT http://linux.dell.com/dkms/<br />
* doodle doodle-(.*?).tar.gz http://gnunet.org/doodle/<br />
* dopewars dopewars-(.*?)\.tar\.gz http://sourceforge.net/projects/dopewars/files/<br />
* dos2unix DEFAULT http://www.xs4all.nl/~waterlan/dos2unix.html<br />
* ds9 source/ds9\.(.*?).tar.gz http://hea-www.harvard.edu/RD/ds9/<br />
* dvb-apps linuxtv-dvb-apps-(\S+?)\.t http://www.linuxtv.org/downloads/<br />
* dvdauthor DEFAULT SF-DEFAULT<br />
* dx The latest released version is (.*?)\. Check http://www.opendx.org/download.html<br />
* e2fsprogs e2fsprogs-([0-9\.]*?).tar.gz http://sourceforge.net/projects/e2fsprogs/files/e2fsprogs/<br />
* e2tools e2tools-([0-9\.]+)\.tar\.gz http://home.earthlink.net/~k_sheff/sw/e2tools/<br />
* ed2k_hash ed2k_hash-(.*?).tar.gz http://sourceforge.net/project/showfiles.php?group_id=59235&package_id=55264<br />
* efte efte-(.*?)\.tar\.bz2 http://sourceforge.net/projects/efte/files/<br />
* ekg2 ekg2-(0.*?).tar.gz http://ekg2.org/download.php<br />
* ekg ekg-(.{3,5}?).tar.gz http://ekg.chmurka.net/download.php<br />
* emacs-auctex auctex-([0-9.]*)\.[tz][ai][rp] http://ftp.gnu.org/pub/gnu/auctex/<br />
* emacs-common-ess ess-(.*?).tgz http://stat.ethz.ch/ESS/downloads/ess/<br />
* emacs-common-muse muse-(.*?).tar.gz http://download.gna.org/muse-el/<br />
* emacs-vm vm-([^v]*?).tgz http://download.savannah.nongnu.org/releases/viewmail/<br />
* ember ember-([0-9\.]*?).tar.bz2 http://sourceforge.net/project/showfiles.php?group_id=11799&package_id=142898<br />
* ember-media ember-media-([0-9\.]*?).tar.bz2 http://sourceforge.net/project/showfiles.php?group_id=11799&package_id=142898<br />
* epdfview epdfview-([0-9\.]+)\.tar\.bz2 http://trac.emma-soft.com/epdfview/wiki/Download<br />
* epydoc epydoc-([0-9.]+)\.tar\.gz http://sourceforge.net/projects/epydoc/files/<br />
* eris eris-([0-9\.]*?).tar.gz http://sourceforge.net/project/showfiles.php?group_id=11799&package_id=133109<br />
* etoys DEFAULT http://download.sugarlabs.org/sources/sucrose/glucose/etoys/<br />
* exaile DEFAULT http://www.exaile.org/downloads<br />
* ext3grep ext3grep-(.*?).tar.gz http://code.google.com/p/ext3grep/downloads/list<br />
* Falcon Falcon-(.*?).tar.gz http://www.falconpl.org/index.ftd?page_id=official_download<br />
* fbreader fbreader-sources-(.*?).tgz http://fbreader.org/downloads.php<br />
* fdupes fdupes-(.*?).tar.gz http://netdial.caribe.net/~adrian2/programs/<br />
* fetchlog fetchlog-(.*?).tar.gz http://sourceforge.net/project/showfiles.php?group_id=51728&package_id=45670<br />
* ffsb ffsb-([0-9\.]*?).tar.gz http://sourceforge.net/project/showfiles.php?group_id=114842&package_id=124391<br />
* fftw fftw-([0-9\.]*?).tar.gz http://www.fftw.org/download.html<br />
* fio fio-([0-9\.]*?).tar.bz2 http://brick.kernel.dk/snaps/<br />
* firehol firehol-(.*?)\.tar\.bz2 http://sourceforge.net/projects/firehol/files/<br />
* freedroidrpg freedroidrpg-(.*?).tar.bz2 http://sourceforge.net/project/showfiles.php?group_id=54521&package_id=58238<br />
* fs_mark DEFAULT SF-DEFAULT:fsmark<br />
* f-spot DEFAULT http://ftp.gnome.org/pub/gnome/sources/f-spot/0.6/<br />
* funtools funtools-(.*?).tar.gz http://www.cfa.harvard.edu/~john/funtools/<br />
* fusecompress <a href="/tex/fusecompress/tarball/([0-9.]*)" http://github.com/tex/fusecompress/downloads<br />
* g2clib g2clib-([0-9.]*).tar http://www.nco.ncep.noaa.gov/pmb/codes/GRIB2/<br />
* gajim gajim-(.*?).tar.gz http://gajim.org/downloads/<br />
* gausssum GaussSum-(.*?)\.tar\.gz http://sourceforge.net/projects/gausssum/files/<br />
* gengetopt gengetopt-(.*?).tar.gz GNU-DEFAULT<br />
* gentoo DEFAULT SF-DEFAULT<br />
* gg2 gg2-(.*?).tar.bz2 http://sourceforge.net/project/showfiles.php?group_id=76206&package_id=76860<br />
* ghasher ghasher-(.*?)\.tar\. http://asgaard.homelinux.org/code/ghasher/<br />
* gifsicle gifsicle-(.*?).tar.gz http://www.lcdf.org/gifsicle/<br />
* giggle giggle-(.*?).tar.gz http://ftp.imendio.com/pub/imendio/giggle/src/<br />
* gimmage gimmage-([0-9.]*)\.[tz][ai][rp] http://download.berlios.de/gimmage/<br />
* git-cola cola-(.*?).tar.gz http://cola.tuxfamily.org/releases/<br />
* git git-([0-9.]+?).tar.bz2 http://kernel.org/pub/software/scm/git/<br />
* gkrellm DEFAULT http://www.gkrellm.net/<br />
* gkrellm-volume DEFAULT http://gkrellm.luon.net/volume.php<br />
* glade3 Glade (.*?) </b><b> released! http://glade.gnome.org/<br />
* glpk glpk-([0-9]+\..+?).tar.gz GNU-DEFAULT<br />
* gmediaserver gmediaserver-(.*?).tar.gz http://download.savannah.gnu.org/releases/gmediaserver/<br />
* gnome-applet-netspeed netspeed_applet-(.*?).tar.gz http://www.wh-hms.uni-ulm.de/~mfcn/netspeed/packages/<br />
* gnome-applet-timer DEFAULT:timer-applet SF-DEFAULT:timerapplet<br />
* gnome-password-generator gnome-password-generator-(.*?).tar.gz http://sourceforge.net/project/showfiles.php?group_id=104020&package_id=111794<br />
* gnome-subtitles gnome-subtitles-(.*?).tar.gz http://sourceforge.net/projects/gnome-subtitles/files/gnome-subtitles/<br />
* gnomeradio gnomeradio-(.*?).tar.gz http://www.wh-hms.uni-ulm.de/~mfcn/gnomeradio/packages/<br />
* gnote /browse/gnote/tag/\?id=([0-9.]+) http://git.gnome.org/cgit/gnote/refs/<br />
* gnugo gnugo-(.*?)\.tar\.gz GNU-DEFAULT<br />
* gnu-smalltalk smalltalk-(.*?)\.tar\.gz http://ftp.gnu.org/gnu/smalltalk<br />
* gnubik DEFAULT GNU-DEFAULT<br />
* gnupg gnupg-(1.*?)\.tar\. ftp://ftp.gnupg.org/gcrypt/gnupg/<br />
* gnupg2 gnupg-(2.*?)\.tar\. ftp://ftp.gnupg.org/gcrypt/gnupg/<br />
* gnustep-make gnustep-make-(.*?).tar.gz ftp://ftp.gnustep.org/pub/gnustep/core/<br />
* goffice04 goffice-(.*?).tar.bz2 http://ftp.gnome.org/pub/GNOME/sources/goffice/0.4/<br />
* goffice goffice-(.*?).tar.bz2 http://ftp.gnome.org/pub/GNOME/sources/goffice/0.6/<br />
* google-gadgets google-gadgets-for-linux-(.*?).tar http://code.google.com/p/google-gadgets-for-linux/downloads/list<br />
* gpscorrelate DEFAULT http://www.freefoote.com/linux_gpscorr.html<br />
* gromacs DEFAULT ftp://ftp.gromacs.org/pub/gromacs/<br />
* grub2 grub-(.*?).tar.gz ftp://alpha.gnu.org/gnu/grub/<br />
* gscan2pdf-(.*?).tar.gz http://sourceforge.net/project/showfiles.php?group_id=174140&package_id=199621<br />
* gtk-murrine-engine murrine-([0-9.]*)\.[tz][ai][rp] http://ftp.gnome.org/pub/GNOME/sources/murrine/0.90/<br />
* gtraffic DEFAULT http://fsckyou.info/gtraffic/<br />
* gtranslator DEFAULT SF_DEFAULT<br />
* guilt guilt-([0-9\.]*?).tar.bz2 http://www.kernel.org/pub/linux/kernel/people/jsipek/guilt/<br />
* gwsmhg gwsmhg-(.*?).tar.gz http://sourceforge.net/projects/gwsmhg/files/<br />
* gxine gxine-(.*?).tar.bz2 http://sourceforge.net/project/showfiles.php?group_id=9655&package_id=67526<br />
* gyachi gyachi-(.*?).tar.gz http://sourceforge.net/project/showfiles.php?group_id=158490&package_id=177556<br />
* hping3 hping3-(.*?).tar.gz http://www.hping.org/download.php<br />
* hplip hplip-([^ ]*).tar.gz http://sourceforge.net/project/showfiles.php?group_id=149981&package_id=165777<br />
* html-xml-utils html-xml-utils-(.*?).tar.gz http://www.w3.org/Tools/HTML-XML-utils/<br />
* httrack httrack-(.*?).tar.gz http://www.httrack.com/page/2/en/index.html<br />
* icecream icecc-(.*?).tar.bz2 http://ftp.suse.com/pub/projects/icecream/<br />
* id3v2 id3v2-([0-9\.]+)\.tar\.gz http://downloads.sourceforge.net/id3v2/<br />
* ImageMagick ImageMagick-([0-9]\.[0-9]\.[0-9]-.*?[0-9]).tar.bz2 ftp://ftp.imagemagick.org/pub/ImageMagick/<br />
* inadyn inadyn.v(.*?).zip http://www.inatech.eu/inadyn/readme.html<br />
* inkscape Latest.stable.version:.(.*)< http://www.inkscape.org/<br />
* iptables iptables-([0-9]\.[0-9]\.[0-9]).tar.bz2 http://www.iptables.org/projects/iptables/files/<br />
* ipvsadm ipvsadm-([0-9.]*?).tar.gz http://www.linuxvirtualserver.org/software/kernel-2.6/<br />
* ipython ipython-(.*?).tar.gz http://ipython.scipy.org/dist/<br />
* isync isync-(.*?).tar.gz http://sourceforge.net/project/showfiles.php?group_id=69662&package_id=68687<br />
* java_cup Source.code.\(CUP.(.*)\) http://www.cs.princeton.edu/~appel/modern/java/CUP/<br />
* javasqlite ["/]javasqlite-(.*?)\.tar http://www.ch-werner.de/javasqlite/overview-summary.html<br />
* jmol jmol-(.*?)-full.tar.gz https://sourceforge.net/projects/jmol/files/Jmol/<br />
* jna-posix ([0-9]+\.[0-9]+)/ http://svn.codehaus.org/jruby-contrib/tags/jna-posix/<br />
* joda-time joda-time-([0-9]+\..+?)-src.tar.gz http://sourceforge.net/project/showfiles.php?group_id=97367&package_id=104212<br />
* joni ([0-9]+\.[0-9\.]+)/ http://svn.codehaus.org/jruby/joni/tags/<br />
* jvyamlb jvyamlb-src-([0-9]+\..+?).tar.gz http://code.google.com/p/jvyamlb/downloads/list<br />
* kchmviewer DEFAULT SF-DEFAULT<br />
* kdesvn kdesvn-(.*)\.tar\.bz2 http://kdesvn.alwins-world.de/downloads/<br />
* kdiff3 kdiff3-(.*?).tar.gz http://sourceforge.net/project/showfiles.php?group_id=58666&package_id=54597<br />
* keepalived keepalived-([0-9.]*?)\.tar\.gz http://www.keepalived.org/software/<br />
* keychain DEFAULT http://www.funtoo.org/archive/keychain/<br />
* kid3 DEFAULT SF-DEFAULT<br />
* kile Latest available stable version for KDE3: <a href="download.php">(.*?)</a>\. http://kile.sourceforge.net/<br />
* komparator komparator-(.*?).tar.bz2 http://sourceforge.net/project/showfiles.php?group_id=156901&package_id=175196<br />
* koules koules(.*?)-src.tar.gz http://www.ucw.cz/~hubicka/koules/English/distribution.html<br />
* krename the last stable release is: <.*?> (.*?) </a> http://www.krename.net/<br />
* ksshaskpass (?i)\(\s*ksshaskpass\s+([^)]+)\s*\) http://www.kde-apps.org/content/show.php?content=50971<br />
* latencytop latencytop-([0-9\.]+)\.tar\.gz http://www.latencytop.org/download.php<br />
* latex2rtf latex2rtf-(.*?)\.tar\.gz http://sourceforge.net/projects/latex2rtf/files/<br />
* ldtp ldtp-([0-9.]*).tar.gz http://ldtp.freedesktop.org/wiki/Download<br />
* libbs2b libbs2b-([0-9.]*).tar.lzma http://sourceforge.net/projects/bs2b/files/<br />
* libedit libedit-[0-9]+-([0-9]+\..+?).tar.gz http://www.thrysoee.dk/editline/<br />
* libEMF libEMF-(.*?).tar.gz http://sourceforge.net/project/showfiles.php?group_id=141853&package_id=160078<br />
* libfplll libfplll-([0-9]+\..+?).tar.gz http://perso.ens-lyon.fr/damien.stehle/english.html<br />
* libgadu w wersji ([0-9\.]*) http://toxygen.net/libgadu/<br />
* libgdl gdl-(.*?).tar.gz http://ftp.acc.umu.se/pub/GNOME/sources/gdl/0.7/<br />
* libgee Libgee (.*?) released http://live.gnome.org/Libgee<br />
* libinfinity libinfinity-(.*?).tar.gz http://releases.0x539.de/libinfinity/<br />
* libical >libical-(.*?).tar.gz< https://sourceforge.net/project/showfiles.php?group_id=16077&package_id=64368<br />
* libint DEFAULT http://www.files.chem.vt.edu/chem-dept/valeev/software/libint/download.html<br />
* libjpeg jpegsrc.v([0-9][az]).tar.gz http://www.ijg.org/files/<br />
* libmodelfile libmodelfile-([0-9\.]*?).tar.gz http://sourceforge.net/project/showfiles.php?group_id=11799&package_id=132225<br />
* libmodplug DEFAULT http://sourceforge.net/projects/modplug-xmms/files/<br />
* libpcap libpcap-(.*?)\.tar\. http://www.tcpdump.org/release/<br />
* libpng libpng-(.*?).tar.gz ftp://ftp.simplesystems.org/pub/libpng/png/src/<br />
* libsamplerate libsamplerate-(.*?).tar.gz http://www.mega-nerd.com/SRC/download.html<br />
* libtasn1 libtasn1-(.*?).tar.gz ftp://ftp.gnutls.org/pub/gnutls/libtasn1/<br />
* libtlen libtlen-(.*?).tar.gz http://sourceforge.net/project/showfiles.php?group_id=62830&package_id=62542<br />
* libtorrent libtorrent-(.*?)tar.gz http://libtorrent.rakshasa.no/downloads/<br />
* libutempter libutempter-(.*?)\.tar ftp://ftp.altlinux.org/pub/people/ldv/utempter<br />
* libwfut libwfut-([0-9\.]*?).tar.gz http://sourceforge.net/project/showfiles.php?group_id=11799&package_id=225151<br />
* libxdg-basedir libxdg-basedir-([0-9\.]+)\.tar\.gz http://n.ethz.ch/~nevillm/download/libxdg-basedir/<br />
* libyubikey libyubikey-(.*?).tar.gz http://code.google.com/p/yubico-c/downloads/list/<br />
* lightning lightning-(.*?)\.tar\.gz GNU-DEFAULT<br />
* linbox linbox-(.*?).tar.gz http://www.linalg.org/download.html<br />
* lingot lingot-(.*?).tar.gz http://savannah.nongnu.org/files/?group=lingot<br />
* logserial logserial-(.*?).tar.gz http://www.ibiblio.org/pub/Linux/system/serial/<br />
* lsnipes lsnipes-([0-9\.]+)\.tgz http://www.ugcs.caltech.edu/~boultonj/snipes/<br />
* lua-filesystem luafilesystem-(.*?).tar.gz http://luaforge.net/frs/?group_id=66<br />
* luma luma-(.*?).tar.bz2 http://sourceforge.net/project/showfiles.php?group_id=89105&package_id=93393<br />
* lxsplit lxsplit-(.*?).tar.gz http://sourceforge.net/project/showfiles.php?group_id=216042&package_id=260824<br />
* lzip <a href="/projects/[^/]*/releases/[0-9]*">([0-9.]*)</a> FM-DEFAULT<br />
* madwimax DEFAULT http://code.google.com/p/madwimax/downloads/list<br />
* mailman DEFAULT GNU-DEFAULT<br />
* manaworld tmw-([0-9\.]*?).tar.gz http://sourceforge.net/project/showfiles.php?group_id=106790&package_id=115181<br />
* maximus maximus-(.*?).tar.gz https://launchpad.net/maximus<br />
* mercator mercator-([0-9\.]*?).tar.gz http://sourceforge.net/project/showfiles.php?group_id=11799&package_id=130617<br />
* mercurial mercurial-(.*?).tar.gz http://www.selenic.com/mercurial/release<br />
* min12xxw min12xxw-(.*?).tar.gz http://hinterbergen.de/mala/min12xxw/<br />
* mingw32-libltdl libtool-([0-9\.]+)[a-z]?\.tar\.(gz|lzma|xz) http://ftp.gnu.org/gnu/libtool/<br />
* mingw32-libp11 libp11-(.*?).tar.gz http://www.opensc-project.org/files/libp11/<br />
* mingw32-nsis nsis-(.*?)-src.tar.bz2 http://nsis.sourceforge.net/Download<br />
* mingw32-opensc opensc-(.*?).tar.gz http://www.opensc-project.org/files/opensc/<br />
* Miro [M|m]iro-(*.?).tar.gz http://ftp.osuosl.org/pub/pculture.org/miro/src/<br />
* mkvtoolnix mkvtoolnix-([.0-9]*?).tar.bz2 http://www.bunkus.org/videotools/mkvtoolnix/sources/<br />
* mod_wsgi mod_wsgi-([.0-9]*?).tar.gz http://code.google.com/p/modwsgi/downloads/list<br />
* monotone (0\.[0-9]+) http://monotone.ca/downloads/<br />
* mozilla-adblockplus ([\d\.]+) https://hg.adblockplus.org/adblockplus/raw-file/tip/version<br />
* mozilla-noscript v (\d+\.\d+\.\d+\.\d+) http://noscript.net/changelog<br />
* mrepo DEFAULT http://dag.wieers.com/home-made/mrepo/<br />
* muParser Version...([0-9]\.[0-9.]*).*muparser http://sourceforge.net/projects/muparser/files/<br />
* museek+ museek\+-(.*?).tar.bz2 http://sourceforge.net/project/showfiles.php?group_id=169682&package_id=193550<br />
* mysqltuner tarball/v([\w.-]+) http://github.com/rackerhacker/MySQLTuner-perl/downloads<br />
* mysql-connector-java mysql-connector-java-(.*?).tar.gz http://dev.mysql.com/downloads/connector/j/<br />
</pre><br />
<br />
=== N - Z ===<br />
<pre><br />
* ncftp ncftp-([0-9.]*?)-src.tar.bz2 ftp://ftp.ncftp.com/ncftp/<br />
* netmask DEFAULT http://ftp.debian.org/debian/pool/main/n/netmask/<br />
* newsx newsx-(.*?).tar.gz ftp://ftp.kvaleberg.com/pub/<br />
* nicotine+ DEFAULT SF-DEFAULT<br />
* nilfs-utils nilfs-utils-(.*?).tar.bz2 http://www.nilfs.org/download/<br />
* nget nget-([^+%& ]*?).tar.gz http://sourceforge.net/project/showfiles.php?group_id=3121&package_id=34721<br />
* nted nted-([0-9.]+).tar.gz http://vsr.informatik.tu-chemnitz.de/staff/jan/nted/sources/<br />
* nickle nickle-(.*?).tar.gz http://nickle.org/release/<br />
* obexftp DEFAULT http://sourceforge.net/projects/openobex/files/<br />
* octave DEFAULT ftp://ftp.octave.org/pub/octave<br />
* octave-forge octave-forge-bundle-(.*?).tar.gz http://sourceforge.net/projects/octave/files/<br />
* odt2txt odt2txt-(.*?).tar.gz http://stosberg.net/odt2txt/<br />
* openarena download.php.list[0-9.]*.>([0-9.]*)< http://openarena.ws/download.php<br />
* openbabel openbabel-([0-9].*?)\.tar\.gz http://sourceforge.net/project/showfiles.php?group_id=40728&package_id=32894<br />
* opencdk opencdk-(.*?).tar.gz ftp://ftp.gnutls.org/pub/gnutls/opencdk/<br />
* opengrok opengrok-(.*?)-src.tar.gz http://opensolaris.org/os/project/opengrok/<br />
* openswan-2.4.(.*?).tar.gz ftp://ftp.openswan.org/openswan/<br />
* optipng DEFAULT SF-DEFAULT<br />
* osmo DEFAULT http://prdownloads.sourceforge.net/osmo-pim<br />
* osslsigncode osslsigncode-([0-9.]*?).tar.gz http://sourceforge.net/projects/osslsigncode/files/<br />
* ovaldi ovaldi-(.*?)-src.tar.bz2 http://sourceforge.net/project/showfiles.php?group_id=215469&package_id=259971<br />
* p7zip p7zip_([0-9.]*?)_src_all.tar.bz2 http://sourceforge.net/projects/p7zip/files/<br />
* parted parted-(.*?)\.tar\. GNU-DEFAULT<br />
* patch patch-(.*?)\.tar\. GNU-DEFAULT<br />
* pam_mount DEFAULT SF-DEFAULT:pam-mount<br />
* pbm2l7k lexmark7000linux-(.*?).tar.gz http://www.ibiblio.org/pub/linux/hardware/drivers/<br />
* pdfchain pdfchain-(.*?)\.tar\.gz http://sourceforge.net/projects/pdfchain/files/<br />
* pdfmerge >pdfmerge-(.*?).tar.gz< http://sourceforge.net/project/showfiles.php?group_id=90404&package_id=95036<br />
* perl-Ace AcePerl-(.*?)\.tar\.gz http://www.cpan.org/modules/by-module/Ace/<br />
* perl-Acme-PlayCode Acme-PlayCode-(.*?)\.tar\.gz http://www.cpan.org/modules/by-module/Acme/<br />
* perl-Algorithm-FastPermute Algorithm-FastPermute-(.*?)\.tar\.gz http://www.cpan.org/modules/by-module/Algorithm/<br />
* perl-Algorithm-Permute Algorithm-Permute-([^</]*) http://search.cpan.org/search%3fmodule=Algorithm::Permute<br />
* perl-Archive-Tar Archive-Tar-(.*?)\.tar\.gz http://www.cpan.org/modules/by-module/Archive/<br />
* perl-Archive-Zip Archive-Zip-(.*?)\.tar\.gz http://www.cpan.org/modules/by-module/Archive/<br />
* perl-Authen-Captcha Authen-Captcha-([^</]*) http://search.cpan.org/search%3fmodule=Authen::Captcha<br />
* perl-AutoXS-Header AutoXS-Header-(.*?)\.tar\.gz http://www.cpan.org/modules/by-module/AutoXS/<br />
* perl-BSD-Resource BSD-Resource-(.*?)\.tar\.gz http://www.cpan.org/modules/by-module/BSD/<br />
* perl-bioperl BioPerl-([0-9].*?)\.tar\.bz2 http://bioperl.org/DIST/<br />
* perl-bioperl-run BioPerl-[r|R]un-([0-9].*?)\.tar\.bz2 http://bioperl.org/DIST/<br />
* perl-Bit-Vector Bit-Vector-(.*?)\.tar\.gz http://www.cpan.org/modules/by-module/Bit/<br />
* perl-Business-ISBN Business-ISBN-(.*?)\.tar\.gz http://www.cpan.org/modules/by-module/Business/<br />
* perl-Business-ISBN-Data Business-ISBN-Data-(.*?)\.tar\.gz http://www.cpan.org/modules/by-module/Business/<br />
* perl-Capture-Tiny Capture-Tiny-([^</]*) http://search.cpan.org/search%3fmodule=Capture::Tiny<br />
* perl-Carp-Clan Carp-Clan-(.*?)\.tar\.gz http://www.cpan.org/modules/by-module/Carp/<br />
* perl-Class-Adapter Class-Adapter-(.*?)\.tar\.gz http://www.cpan.org/modules/by-module/Class/<br />
* perl-Class-Unload Class-Unload-(.*?)\.tar\.gz http://www.cpan.org/modules/by-module/Class/<br />
* perl-Class-XSAccessor Class-XSAccessor-(.*?)\.tar\.gz http://www.cpan.org/modules/by-module/Class/<br />
* perl-Class-XSAccessor-Array Class-XSAccessor-Array-(.*?)\.tar\.gz http://www.cpan.org/modules/by-module/Class/<br />
* perl-Compress-Bzip2 Compress-Bzip2-(.*?)\.tar\.gz http://www.cpan.org/modules/by-module/Compress/<br />
* perl-Compress-Raw-Bzip2 Compress-Raw-Bzip2-(.*?)\.tar\.gz http://www.cpan.org/modules/by-module/Compress/<br />
* perl-Compress-Raw-Zlib Compress-Raw-Zlib-(.*?)\.tar\.gz http://www.cpan.org/modules/by-module/Compress/<br />
* perl-Compress-Zlib Compress-Zlib-(.*?)\.tar\.gz http://www.cpan.org/modules/by-module/Compress/<br />
* perl-Config-General Config-General-(.*?)\.tar\.gz http://www.cpan.org/modules/by-module/Config/<br />
* perl-Convert-ASN1 Convert-ASN1-(.*?)\.tar\.gz http://www.cpan.org/modules/by-module/Convert/<br />
* perl-Crypt-OpenSSL-AES Crypt-OpenSSL-AES-(.*?)\.tar\.gz http://www.cpan.org/modules/by-module/Crypt/<br />
* perl-Crypt-OpenSSL-Bignum Crypt-OpenSSL-Bignum-(.*?)\.tar\.gz http://www.cpan.org/modules/by-module/Crypt/<br />
* perl-Crypt-OpenSSL-DSA Crypt-OpenSSL-DSA-(.*?)\.tar\.gz http://www.cpan.org/modules/by-module/Crypt/<br />
* perl-Crypt-OpenSSL-PKCS10 Crypt-OpenSSL-PKCS10-(.*?)\.tar\.gz http://www.cpan.org/modules/by-module/Crypt/<br />
* perl-Crypt-OpenSSL-Random Crypt-OpenSSL-Random-(.*?)\.tar\.gz http://www.cpan.org/modules/by-module/Crypt/<br />
* perl-Crypt-OpenSSL-RSA Crypt-OpenSSL-RSA-(.*?)\.tar\.gz http://www.cpan.org/modules/by-module/Crypt/<br />
* perl-Crypt-OpenSSL-X509 Crypt-OpenSSL-X509-(.*?)\.tar\.gz http://www.cpan.org/modules/by-module/Crypt/<br />
* perl-Crypt-SSLeay Crypt-SSLeay-(.*?)\.tar\.gz http://www.cpan.org/modules/by-module/Crypt/<br />
* perl-DBD-CSV DBD-CSV-(.*?)\.tar\.gz http://www.cpan.org/modules/by-module/DBD/<br />
* perl-DBD-MySQL DBD-MySQL-(.*?)\.tar\.gz http://www.cpan.org/modules/by-module/DBD/<br />
* perl-DBD-Pg DBD-Pg-(.*?)\.tar\.gz http://www.cpan.org/modules/by-module/DBD/<br />
* perl-DBD-SQLite DBD-SQLite-(.*?)\.tar\.gz http://www.cpan.org/modules/by-module/DBD/<br />
* perl-DBI DBI-(.*?)\.tar\.gz http://www.cpan.org/modules/by-module/DBI/<br />
* perl-Data-Dumper-Names Data-Dumper-Names-(.*?)\.tar\.gz http://www.cpan.org/modules/by-module/Data/<br />
* perl-Date-Calc Date-Calc-(.*?)\.tar\.gz http://www.cpan.org/modules/by-module/Date/<br />
* perl-Font-TTF Font-TTF-(\S+?)\.tar http://search.cpan.org/dist/Font-TTF/<br />
* perl-HTML-Encoding HTML-Encoding-(.*?)\.tar\.gz http://www.cpan.org/modules/by-module/HTML/<br />
* perl-HTML-Template-Pro HTML-Template-Pro-([^</]*) http://search.cpan.org/search%3fmodule=HTML::Template::Pro<br />
* perl-Module-Signature Module-Signature-(.*?)\.tar\.gz http://www.cpan.org/modules/by-module/Module/<br />
* perl-Net-Patricia \b\/Net-Patricia[-_]([^-\s]+?)\.(?:tar|t[bglx]z|tbz2|zip)\b http://search.cpan.org/dist/Net-Patricia/<br />
* perl-Net-Whois Net-Whois-(.*?)\.tar\.gz http://search.cpan.org/dist/Net-Whois/<br />
* perl-Net-Whois-IP Net-Whois-IP-(.*?)\.tar\.gz http://search.cpan.org/dist/Net-Whois-IP/<br />
* perl-Object-MultiType Object-MultiType-([^</]*) http://search.cpan.org/search%3fmodule=Object::MultiType<br />
* perl-PDF-API2 PDF-API2-(.*?)\.tar\.gz http://search.cpan.org/dist/PDF-API2/<br />
* perl-Set-IntSpan Set-IntSpan-(.*?)\.tar\.gz http://www.cpan.org/modules/by-module/Set/<br />
* perl-SGML-Parser-OpenSP SGML-Parser-OpenSP-(.*?)\.tar\. http://www.cpan.org/modules/by-module/SGML/<br />
* perl-String-Random String-Random-([^</]*) http://search.cpan.org/search%3fmodule=String::Random<br />
* perl-TAP-Harness-Archive TAP-Harness-Archive-([^</]*) http://search.cpan.org/search%3fmodule=TAP::Harness::Archive<br />
* perl-Term-ReadLine-Gnu Term-ReadLine-Gnu-([^</]*) http://search.cpan.org/search%3fmodule=Term::ReadLine::Gnu<br />
* perl-Test-Mock-LWP Test-Mock-LWP-([^</]*) http://search.cpan.org/search%3fmodule=Test::Mock::LWP<br />
* perl-Test-WWW-Selenium Test-WWW-Selenium-([^</]*) http://search.cpan.org/search%3fmodule=Test::WWW::Selenium<br />
* perl-Text-Iconv Text-Iconv-(.*?)\.tar\.gz http://www.cpan.org/modules/by-module/Text/<br />
* perl-XML-Atom-SimpleFeed XML-Atom-SimpleFeed-([^</]*) http://search.cpan.org/search%3fmodule=XML::Atom::SimpleFeed<br />
* perl-XML-Smart XML-Smart-([^</]*) http://search.cpan.org/search%3fmodule=XML::Smart<br />
* perltidy Perl-Tidy-(\S+?)\.(?:t|zip) SF-DEFAULT<br />
* pg_top DEFAULT http://pgfoundry.org/frs/?group_id=1000300<br />
* php-pdepend-PHP-Depend <title>PHP_Depend\s([\d\.]+)+\s\((?:stable|beta)\)</title> http://pear.pdepend.org/feed.xml<br />
* php-pear-Console-Color Console_Color-(.*?).tgz http://pear.php.net/package/Console_Color/download<br />
* php-pear-DB DB-(.*?).tgz http://pear.php.net/package/DB/download<br />
* php-pear-PHP-CodeSniffer PHP_CodeSniffer-(\d+\.\d+\.\d+)\.tgz http://pear.php.net/package/PHP_CodeSniffer/download/<br />
* php-pear-PhpDocumentor PhpDocumentor-(\d+\.\d+\.\d+)\.tgz http://pear.php.net/package/PhpDocumentor/download<br />
* php-pear PEAR-(\d+\.\d+\.\d+)\.tgz http://pear.php.net/package/PEAR/download<br />
* php-pecl-apc APC-(\d+\.\d+\.\d+)\.tgz http://pecl.php.net/package/APC<br />
* php-pecl-geoip geoip-(\d+\.\d+\.\d+)\.tgz http://pecl.php.net/package/GEOIP<br />
* php-pecl-lzf LZF-(\d+\.\d+\.\d+)\.tgz http://pecl.php.net/package/lzf<br />
* php-phpmd-PHP-PMD <title>PHP_PMD\s([\d\.]+)+\s\((?:stable|beta|alpha)\)</title> http://pear.phpmd.org/feed.xml<br />
* php-phpunit-File-Iterator <title>File_Iterator\s([\d\.]+)+\s\(stable\)</title> http://pear.phpunit.de/feed.xml<br />
* php-phpunit-phpcpd <title>phpcpd\s([\d\.]+)+\s\(stable\)</title> http://pear.phpunit.de/feed.xml <br />
* php-phpunit-phploc <title>phploc\s([\d\.]+)+\s\(stable\)</title> http://pear.phpunit.de/feed.xml <br />
* php php-(\d+\.\d+\.\d+)\.tar.bz2 http://www.php.net/downloads.php<br />
* pianobooster pianobooster-src-([0-9.]*).tar.gz http://sourceforge.net/projects/pianobooster/files/<br />
* picard picard-(.*?).tar.gz http://musicbrainz.org/doc/PicardDownload<br />
* pida PIDA-(.*?).tar.gz http://pida.co.uk/files/releases/<br />
* pidgin-latex pidgin-latex-(.*?)\.tar\.bz2 http://sourceforge.net/projects/pidgin-latex/files/<br />
* pidgin-libnotify >pidgin-libnotify-(.*?).tar.gz< http://sourceforge.net/project/showfiles.php?group_id=144907&package_id=237412<br />
* pokerth PokerTH-(.*?)\.tar\.bz2 http://sourceforge.net/projects/pokerth/files/<br />
* polipo polipo-([0-9]\.[0-9.]*?).tar.gz http://freehaven.net/~chrisd/polipo/<br />
* pondus DEFAULT http://www.ephys.de/software/pondus/download.htm<br />
* potrace potrace-(.*?)\.tar\.gz http://sourceforge.net/projects/potrace/files/<br />
* poster poster-(.*?).tar.bz2 ftp://ftp.kde.org/pub/kde/printing/<br />
* primer3 primer3-([0-9.]*).*\.(?:tar|t[bglx]z|tbz2|zip) SF-DEFAULT<br />
* privoxy privoxy-([0-9.]*).*\.(?:tar|t[bglx]z|tbz2|zip) http://sourceforge.net/projects/ijbswa/files/<br />
* proxyknife proxyknife-([^>]*?).tar.gz GNU-DEFAULT<br />
* ptouch-driver ptouch-driver-(.*?).tar.gz http://www.diku.dk/~panic/P-touch/<br />
* pure http://pure-lang.googlecode.com/files/pure-([0-9].*?).tar.gz http://code.google.com/p/pure-lang/downloads/list<br />
* purple-msn-pecan msn-pecan-(.*?).tar.bz2 http://code.google.com/p/msn-pecan/downloads/list<br />
* pvm pvm([0-9.]*)\..*\.(?:tar|t[bglx]z|tbz2|zip) http://www.netlib.org/pvm3/index.html<br />
* pwgen pwgen-(.*?).tar.gz http://sourceforge.net/project/showfiles.php?group_id=28391&package_id=20253<br />
* pyflakes DEFAULT http://divmod.org/trac/wiki/DivmodPyflakes<br />
* pygrace pygrace-(.*?).tgz http://www.cacr.caltech.edu/~mmckerns/software.html<br />
* pyicq-t pyicq-t-(.*?).tar.gz http://code.google.com/p/pyicqt/downloads/list<br />
* PyMca pymca(.*?)-src\.tar\.gz http://sourceforge.net/projects/pymca/files/<br />
* pypar pypar-(.*?)\.tgz http://sourceforge.net/projects/pypar/files/<br />
* pyPdf pyPdf-(.*?)\.tar\.gz http://pybrary.net/pyPdf/<br />
* PyQuante PyQuante-(.*?)\.tar\.gz http://sourceforge.net/projects/pyquante/files/<br />
* pyroom pyroom-(.*?)\.tar https://edge.launchpad.net/pyroom/+download<br />
* python-biopython biopython-([0-9].*?)\.tar\.gz http://biopython.org/DIST/<br />
* python-cclib \bcclib[-_]([^-_\s]+?)\.(?:tar|t[bglx]z|tbz2|zip)\b http://sourceforge.net/projects/cclib/files/<br />
* python-dns <a href="kits/(.*)/">Stable</a> http://www.dnspython.org/<br />
* python-elixir Elixir-(.*?).tar.gz http://cheeseshop.python.org/pypi/Elixir/<br />
* python-flup flup-([0-9.]*)\.[tz][ai][rp] http://www.saddi.com/software/flup/dist/<br />
* python-lxml latest version is <a class="reference external" href="lxml-([0-9.]+)\.tgz http://codespeak.net/lxml/<br />
* python-minimock DEFAULT http://pypi.python.org/packages/source/M/MiniMock/<br />
* python-mutagen mutagen-(.*?).tar.gz http://www.sacredchao.net/~piman/software/<br />
* python-paida \bpaida-([^-\s]+?)\.(?:tar|t[bglx]z|tbz2|zip)\b http://sourceforge.net/projects/paida/files/<br />
* python-psyco Current.version.is.([0-9]+\..+?) http://psyco.sourceforge.net/download.html<br />
* python-smbpasswd py-smbpasswd-(.*?)\.tar\.gz http://barryp.org/software/py-smbpasswd/files<br />
* python-sphinx Sphinx-(.*?).tar.gz http://pypi.python.org/packages/source/S/Sphinx/<br />
* python-storm storm-(.*?).tar.bz2 https://launchpad.net/storm/+download<br />
* python-vobject >vobject (.*?)</a http://vobject.skyhouseconsulting.com/history.html<br />
* python-xkit <a href="/xorgparser/trunk/([0-9.]*)" https://launchpad.net/x-kit<br />
* qiv DEFAULT http://spiegl.de/qiv/download/<br />
* qmforge \bQMForge[-_]([^-_\s]+?)\.(?:tar|t[bglx]z|tbz2|zip)\b http://sourceforge.net/projects/qmforge/files/<br />
* qof qof-(.*?).tar.gz http://sourceforge.net/project/showfiles.php?group_id=83302&package_id=85668<br />
* qrupdate qrupdate-(.*?)\.tar\.gz http://sourceforge.net/projects/qrupdate/files/<br />
* qstardict DEFAULT http://qstardict.ylsoftware.com/download.php<br />
* qt-qsa qsa-x11-free-(.*?\..*?).tar.gz ftp://ftp.trolltech.com/qsa/source/<br />
* qtiplot DEFAULT http://soft.proindependent.com/download.html<br />
* quazip DEFAULT SF-DEFAULT<br />
* qwt DEFAULT SF-DEFAULT<br />
* RackTables RackTables-(\d+\.\d+\.\d+)\.tar.gz http://racktables.org/files/<br />
* rapidsvn <a href="([0-9.]+)/"> http://www.rapidsvn.org/download/release/<br />
* redet-doc redet_manual(.*?).tar.gz http://billposer.org/Software/redet.html<br />
* redet redet-(.*?).tar.gz http://billposer.org/Software/redet.html<br />
* regionset regionset-([.0-9]*?).tar.gz http://linvdr.org/download/regionset/<br />
* ReviewBoard ReviewBoard-([0-9.]+).tar.gz http://downloads.reviewboard.org/releases/ReviewBoard/1.0/<br />
* rmol rmol-([0-9.]*)\.tar\.gz SF-DEFAULT<br />
* rpl >rpl-(.*?).tar.gz< http://sourceforge.net/project/showfiles.php?group_id=189512&package_id=221994<br />
* rpmorphan DEFAULT SF-DEFAULT<br />
* rtorrent rtorrent-(.*?)tar.gz http://libtorrent.rakshasa.no/downloads/<br />
* rst2pdf rst2pdf-(.*?).tar.gz http://code.google.com/p/rst2pdf/downloads/list<br />
* sane-backends sane-backends-([0-9]\.[0-9]\.[0-9][0-9]) ftp://ftp.sane-project.org/pub/sane/<br />
* s3cmd s3cmd-([\.0-9]*?).tar.gz http://sourceforge.net/project/showfiles.php?group_id=178907&package_id=218690<br />
* sage sage-([0-9\.]*?).tar.gz http://sourceforge.net/project/showfiles.php?group_id=11799&package_id=131227<br />
* scheme2js scheme2js-(.*?).tar.gz http://www-sop.inria.fr/mimosa/scheme2js/files/<br />
* scidavis scidavis-([0-9.]*?).tar.bz2 SF-DEFAULT<br />
* seeker \bSeeker\s+v?([^,\s]+) http://smp.if.uj.edu.pl/~baryluk/seeker_baryluk.c<br />
* seekwatcher seekwatcher-(.*?).tar.bz2 http://oss.oracle.com/~mason/seekwatcher/<br />
* sextractor sextractor-([0-9].*?).tar.gz ftp://ftp.iap.fr/pub/from_users/bertin/sextractor/<br />
* six six-(.*?)\.tar.gz http://six.retes.hu/download/<br />
* skstream skstream-([0-9\.]*?).tar.gz http://sourceforge.net/project/showfiles.php?group_id=11799&package_id=130615<br />
* smem smem-([0-9\.]+)\.tar\.gz http://www.selenic.com/smem/download/<br />
* soci soci-([0-9.]*)\.tar\.gz SF-DEFAULT<br />
* sonata sonata-(.*?).tar.gz http://sonata.berlios.de/download.html<br />
* sonic-visualiser http://downloads.sourceforge.net/sv1/sonic-visualiser-(.*?).tar.bz2 http://www.sonicvisualiser.org/download.html<br />
* soprano soprano-(.*?)\.tar\.bz2 http://sourceforge.net/project/showfiles.php?group_id=197043&package_id=233036<br />
* sparse sparse-(.*?).tar.bz2 http://www.kernel.org/pub/software/devel/sparse/dist/<br />
* sshfp sshfp-(.*?).tar.gz ftp://ftp.xelerance.com/sshfp/<br />
* sshmenu sshmenu-([0-9.]+)\.tar\.gz http://sourceforge.net/projects/sshmenu/files/<br />
* starplot starplot-(.*?).tar.gz http://www.starplot.org/download.html<br />
* steghide steghide-(.*?)\.tar\.gz http://sourceforge.net/project/showfiles.php?group_id=15895&package_id=31753<br />
* stellarium stellarium-(.*?)\.t.*gz http://sourceforge.net/project/showfiles.php?group_id=48857&package_id=52048<br />
* stgit stgit-(.*?).tar.gz http://homepage.ntlworld.com/cmarinas/stgit/<br />
* strigi strigi version (.*?) \([2-9][0-9][0-9][0-9]-[0-1][0-9]-[0-3][0-9]\) http://www.vandenoever.info/software/strigi/<br />
* sublib sublib-(.*?).zip http://sourceforge.net/project/showfiles.php?group_id=138366&package_id=151898<br />
* sunbird lightning-sunbird-(.*?)-source.tar.bz2 http://releases.mozilla.org/pub/mozilla.org/calendar/sunbird/releases/0.8/source/<br />
* sundials sundials-([0-9.]+)\.tar\.[gzb2]+ http://www.llnl.gov/CASC/sundials/download/download.html<br />
* sunifdef sunifdef-(.*?).tar.gz http://www.sunifdef.strudl.org/download.html<br />
* supertux DEFAULT http://supertux.lethargik.org/download.html<br />
* supertuxkart DEFAULT SF-DEFAULT<br />
* swing-layout Version.([^.]*) https://swing-layout.dev.java.net/servlets/ProjectNewsList<br />
* symlinks symlinks-(.*?)\.tar\. http://ibiblio.org/pub/Linux/utils/file/<br />
* sysconftool sysconftool-(.*?).tar.bz2 http://sourceforge.net/project/showfiles.php?group_id=5404&package_id=12779<br />
* tack tack-(.*?)\.tgz ftp://invisible-island.net/ncurses/<br />
* tango-icon-theme-extras tango-icon-theme-extras-([0-9].*?).tar.gz http://tango.freedesktop.org/releases/<br />
* tango-icon-theme tango-icon-theme-([0-9].*?).tar.gz http://tango.freedesktop.org/Tango_Icon_Library<br />
* tcpdump tcpdump-(.*?)\.tar\. http://www.tcpdump.org/release/<br />
* terminus-fonts terminus-font-([0-9\.]+)\.tar\.gz http://www.is-vn.bg/hamster/<br />
* tesseract tesseract.([0-9\.]*).tar.gz http://code.google.com/p/tesseract-ocr/downloads/list<br />
* tomcat6 Current stable version is (6\.[0-9]\.[0-9][0-9]) http://www.apache.org/dist/tomcat/tomcat-6/<br />
* tomcat-native href="(\d+\.[^/"]+) http://www.apache.org/dist/tomcat/tomcat-connectors/native/<br />
* tortoisehg tortoisehg-(.*?).tar.gz http://bitbucket.org/tortoisehg/targz/downloads/<br />
* transmission DEFAULT http://www.transmissionbt.com/download.php<br />
* tig tig-(.*?).tar.gz http://jonas.nitro.dk/tig/releases/<br />
* tla tla-(.*?).tar.gz http://ftp.gnu.org/gnu/gnu-arch/<br />
* tmux DEFAULT SF-DEFAULT<br />
* towhee DEFAULT http://sourceforge.net/projects/towhee/files/<br />
* tree tree-([0-9a-z.]+).tgz http://mama.indstate.edu/users/ice/tree/<br />
* tre tre-(.*?).tar.bz2 http://laurikari.net/tre/download.html<br />
* tremulous DEFAULT SF-DEFAULT<br />
* udis86 DEFAULT SF-DEFAULT<br />
* ufiformat DEFAULT http://www.geocities.jp/tedi_world/format_usbfdd_e.html<br />
* uncrustify >uncrustify-(.*?).tgz< http://sourceforge.net/project/showfiles.php?group_id=153164&package_id=169652<br />
* unix2dos unix2dos-\(.*?).tar.gz http://www.xs4all.nl/~waterlan/dos2unix.html<br />
* up-imapproxy up-imapproxy-(\d+\.\d+\.\d+).tar.gz http://www.imapproxy.org/downloads/<br />
* vala Vala (.*?) released http://live.gnome.org/Vala<br />
* valknut valknut-(.*?).tar.bz2 http://prdownloads.sourceforge.net/wxdcgui<br />
* varconf varconf-([0-9\.]*?).tar.gz http://sourceforge.net/project/showfiles.php?group_id=11799&package_id=11101<br />
* vdr-epgsearch DEFAULT http://winni.vdr-developer.org/epgsearch/<br />
* vdr-femon vdr-femon-(1\.6\.\S+?)\.t http://www.saunalahti.fi/~rahrenbe/vdr/femon/files/index.php<br />
* vdr-osdteletext DEFAULT http://projects.vdr-developer.org/projects/list_files/plg-osdteletext<br />
* vdr-remote DEFAULT http://www.escape-edv.de/endriss/vdr/<br />
* vdr-sudoku DEFAULT http://toms-cafe.de/vdr/sudoku/<br />
* vdr-text2skin DEFAULT http://projects.vdr-developer.org/projects/list_files/plg-text2skin<br />
* vdr-wapd DEFAULT http://www.heiligenmann.de/vdr/download/<br />
* vdradmin-am DEFAULT http://andreas.vdr-developer.org/vdradmin-am/download.html<br />
* vidalia DEFAULT http://www.torproject.org/vidalia/index.html.en<br />
* vim-latex vim-latex-(.*?).tar.gz http://sourceforge.net/projects/vim-latex/files/<br />
* vmpsd vmpsd-(.*?).tar.gz http://sourceforge.net/projects/vmps/files/<br />
* vym vym-([0-9.]*)-.*.src.rpm http://download.opensuse.org/repositories/home://insilmaril/openSUSE_11.1/src/<br />
* wannier90 DEFAULT http://quasiamore.mit.edu/wannier/code/<br />
* warzone2100 warzone2100-(.*?).tar.bz2 http://wz2100.net/download<br />
* wfmath wfmath-([0-9\.]*?).tar.gz http://sourceforge.net/project/showfiles.php?group_id=11799&package_id=130616<br />
* wgrib wgrib\.c\.v([0-9a-z.]+) ftp://ftp.cpc.ncep.noaa.gov/wd51we/wgrib/<br />
* wgrib2 wgrib2.tgz.v([0-9a-z.]+) ftp://ftp.cpc.ncep.noaa.gov/wd51we/wgrib2/<br />
* wordnet WordNet-([0-9.]*)\.[tz][ai][rp] http://wordnet.princeton.edu/wordnet/download/<br />
* wormux wormux-([0-9\.]*?).tar.bz2 http://download.gna.org/wormux<br />
* xalan-c Xalan-C\+\+.version.(.*?)< http://xml.apache.org/xalan-c/<br />
* xar xar-([0-9.]*?).tar.gz http://code.google.com/p/xar/downloads/list<br />
* xcb-util xcb-util-([0-9\.]+)\.tar\.bz2 http://xcb.freedesktop.org/dist/<br />
* xchat Source: (.*?)</a> http://www.xchat.org/<br />
* xchm >xchm-(.*?).tar.gz< http://sourceforge.net/project/showfiles.php?group_id=87007&package_id=90504<br />
* xdrawchem xdrawchem-(.*?).tar.gz http://sourceforge.net/project/showfiles.php?group_id=34518&package_id=26684<br />
* xdrfile xdrfile-(.*?).tar.gz ftp://ftp.gromacs.org/pub/contrib/<br />
* xfsdump xfsdump-([0-9.]*).tar.gz ftp://oss.sgi.com/projects/xfs/cmd_tars/<br />
* xfsprogs xfsprogs-([0-9.]*).tar.gz ftp://oss.sgi.com/projects/xfs/cmd_tars/<br />
* xine-ui xine-ui-(.*?)\.tar\.gz http://sourceforge.net/projects/xine/files/<br />
* xl2tpd xl2tpd-(.*?).tar.gz ftp://ftp.xelerance.com/xl2tpd/<br />
* xml-security-c xml-security-c-([0-9].*?).tar.gz http://santuario.apache.org/dist/c-library<br />
* xmltoman >xmltoman-(.*?).tar.gz< http://sourceforge.net/project/showfiles.php?group_id=215412&package_id=259893<br />
* xmms-modplug modplugxmms-(\S+?)\.t http://sourceforge.net/projects/modplug-xmms/files/<br />
* xorg-x11-drv-radeonhd xf86-video-radeonhd-([0-9\.]+)\.tar\.bz2 ftp://ftp.freedesktop.org/pub/individual/driver/<br />
* xpa xpa-(.*?).tar.gz http://hea-www.harvard.edu/saord/xpa/<br />
* xsane xsane-([0-9]\.[0-9][0-9]*?).tar.gz ftp://ftp.sane-project.org/pub/sane/xsane/<br />
* xterm xterm-(.*?)\.tgz ftp://invisible-island.net/xterm/<br />
* yasm yasm-([0-9.]*?).tar.gz http://www.tortall.net/projects/yasm/releases/<br />
* ykpers ykpers-(.*?).tar.gz http://code.google.com/p/yubikey-personalization/downloads/list/<br />
* z88dk z88dk-src-(.*?)\.tgz http://sourceforge.net/project/showfiles.php?group_id=2917&package_id=2867<br />
* zidrav zidrav4unix-(.*?).tar.gz http://sourceforge.net/project/showfiles.php?group_id=50757&package_id=51175<br />
* Zim Zim-(.*?)\.tar\.gz http://zim-wiki.org/downloads/<br />
* zlib zlib ([0-9]\.[0-9]\.*?[0-9]) http://www.zlib.net/<br />
* zzuf zzuf-(.+?)\.t http://libcaca.zoy.org/wiki/zzuf<br />
</pre><br />
<br />
<!-- END LIST OF PACKAGES --><br />
<br />
== Package Owner Ignore List ==<br />
If you do not want to get any bug reports or mails from [[Upstream Release Monitoring]] for any of the packages you own, please add your FAS username to the list:<br />
{{admon/note|Only for package owners|You might still be CC'ed on bug reports for packages you co-maintain.}}<br />
* corsepiu<br />
* ensc<br />
* tgl<br />
<!-- END PACKAGE OWNER IGNORE LIST --><br />
<br />
== Related Projects ==<br />
* [http://dehs.alioth.debian.org/ Debian External Health Status]<br />
* [http://people.redhat.com/caolanm/latestpackages/ Custom script for packages from Caolán McNamara]<br />
* [http://oswatershed.org/ OSWatershed] - Monitors several distributions at once<br />
* [http://perl.biggerontheinside.net Perl package monitoring]<br />
* [http://rpms.famillecollet.com/rpmphp/ Reports from Remi] PECL, pear and R extensions upstream comparison and stable repo with rawhide comparison for all packages<br />
<br />
[[Category:Package Maintainers]]</div>Mlichvarhttps://fedoraproject.org/w/index.php?title=Archive:FUDCon:Brno_2008&diff=44993Archive:FUDCon:Brno 20082008-08-14T10:12:33Z<p>Mlichvar: /* Pre-Registration (Deadline: Friday August 15) */</p>
<hr />
<div>{{header|events}}<br />
= FUDCon Brno 2008 = <br />
'''Brno, Czech Republic :: September 5 - 7, 2008'''<br />
<br />
For questions, please contact [[MaxSpevack]], [[RadekVokal]], and [[MarekMahut]]<br />
<br />
== General Information ==<br />
<br />
=== Location ===<br />
* '''[http://www.fi.muni.cz/ Faculty of Informatics at Masaryk University]''' ([http://maps.google.com/maps?f=q&hl=en&geocode=&q=Fakulta+Informatiky+Masarykovy+Univerzity,+Brno&sll=37.0625,-95.677068&sspn=37.598824,91.054688&ie=UTF8&cd=1&ll=49.209944,16.598947&spn=0.007584,0.02223&z=16&iwloc=addr google maps])<br />
* [http://brno.cz/index.php?lan=en Brno, Czech Republic]<br />
<br />
=== Friday, September 5 ===<br />
Hackfest day 1.<br />
<br />
ROOMS: D3, B007, B005 and B214 <br />
<br />
BREAKFAST: 9:30 AM<br />
<br />
START: 10:00 AM<br />
<br />
END: 6:00 PM<br />
<br />
=== Saturday, September 6 ===<br />
[[wikipedia:BarCamp|BarCamp]] with sessions, talks, and presentations. Social Event in the evening! ''This is the most important day of the FUDCon!''<br />
<br />
ROOMS: D3, B011 and B007<br />
<br />
BREAKFAST: 9:30 AM<br />
<br />
OPENING REMARKS: 10:00 AM<br />
<br />
SESSION PITCHING: 10:30 AM<br />
<br />
SESSION #1: 11:15 AM - 12:05 PM<br />
<br />
SESSION #2: 12:10 PM - 1:00 PM<br />
<br />
LUNCH: 1:00 PM - 2:00 PM<br />
<br />
SESSION #3: 2:00 PM - 2:50 PM<br />
<br />
SESSION #4: 2:55 PM - 3:45 PM<br />
<br />
SESSION #5: 3:50 PM - 4:40 PM<br />
<br />
SESSION #6: 4:45 PM - 5:35 PM<br />
<br />
CLOSING REMARKS: 5:40 PM - 6:00 PM<br />
<br />
SOCIAL EVENT: 7:00 PM - ???<br />
- restaurant [http://www.severka.com Severka] - apx 5 minutes from University, 80 places are booked. [[http://maps.google.com/maps?f=q&hl=en&geocode=&q=from+Masarykova+univerzita+Brno+-+Fakulta+informatiky,+Czech+Republic+to+Tu%C4%8Dkova+32,+Brno&sll=49.209908,16.598947&sspn=0.008145,0.022745&ie=UTF8&z=17 map]]<br />
<br />
=== Sunday, September 7 ===<br />
Hackfest day 2.<br />
<br />
ROOMS: D3, B007, B005 and B011<br />
<br />
BREAKFAST: 9:30 AM<br />
<br />
START: 10:00 AM<br />
<br />
END: 4:00 PM<br />
<br />
=== Sessions ===<br />
'''If you will pitch a session at the BarCamp on Saturday, give your name and brief description here.'''<br />
* Max Spevack - Fedora Websites team, and how you can help.<br />
* Dimitris Glezos - Transifex: Upstream-friendly cross-community translations -- Towards v1.0<br />
* Martin Sivak - FirstAidKit: how to simplify boring diagnose and repair tasks<br />
* Peter Vrabec - SecurityAudit: what is it about, sectool and plugin development<br />
* Luca Foppiano - Func: fedora unified network controller<br />
* Marco Mornati - Symbolic: easy large scale environments control<br />
* [[User:kanarip|Jeroen van Meeuwen]] - Configuration Management with [http://reductivelabs.com/trac/puppet puppet], [http://puppetmanaged.org puppetmanaged.org]<br />
* [[User:kanarip|Jeroen van Meeuwen]] - Custom spins and compose tools<br />
* [[User:kanarip|Jeroen van Meeuwen]] - [http://fedorahosted.org/csi Community Services Infrastructure]<br />
* [[User:fugolini|Francesco Ugolini]] - Ambassadors Project and its localization (or, How to improve community interaction)<br />
* [[JaroslavReznik|Jaroslav Řezník]], [[LukasTinkl|Lukáš Tinkl]] - KDE 4 & developers<br />
* Jonathan Roberts - Fedora Marketing, where to go next<br />
* Alan Pevec - [http://ovirt.org oVirt] - Virtualization Management for Fedora<br />
* Phil Knirsch, [[User:sharkcz|Dan Horák]] - Fedora and zSeries and Hercules<br />
* Miroslav Suchý - Spacewalk heading to Fedora<br />
* David Cantrell - anything about anaconda<br />
* ''Any topic that is interesting to you!''<br />
<br />
=== Hackfest topics ===<br />
* Becoming a Fedora Package Maintainer ''(needs a leader)''<br />
* [https://fedoraproject.org/wiki/SIGs/Astronomy Fedora Astronomy] hacking - [[MarekMahut]]<br />
* [http://transifex.org Transifex] hacking - [[DimitrisGlezos]]<br />
* [https://fedoraproject.org/wiki/Features/SecurityAudit SecurityAudit] hacking plugins - [[PeterVrabec]]<br />
* [http://fedorahosted.org/firstaidkit/wiki/WikiStart FirstAidKit] plugin development - [[MartinSivak]]<br />
* [http://www.opensymbolic.org Symbolic] how to extend symbolic: scripts & plugins development! - [[MarcoMornati]]<br />
* [https://fedorahosted.org/func Func] hacking - [[LucaFoppiano]]<br />
* [[User:harald|Harald Hoyer]] - System Configuration Tools with PolicyKit<br />
* ''Any project you are working on!''<br />
<br />
== Information for attendees ==<br />
<br />
=== Lodging ===<br />
* Approximately 50 beds are booked in [http://www.hotel-imos.cz/en/ Hotel Imos] ([http://maps.google.com/maps?f=q&hl=en&geocode=&q=Hudcova+72,+Brno&sll=49.210869,16.578884&sspn=0.060669,0.177841&ie=UTF8&z=16 google maps]) - studios (2+2) - two double bed rooms with shared kitchen and bathroom. Direction [http://maps.google.com/maps?saddr=Hudcova+250%2F72,+621+00+Brno,+Czech+Republic&geocode=&dirflg=&daddr=Masarykova+univerzita+Brno+-+Fakulta+informatiky,+Czech+Republic&f=d&sll=49.237888,16.585751&sspn=0.060636,0.177841&ie=UTF8&z=14&lci=lmc:wikipedia_en from the hotel to University] (Approximately 10 to 15 minutes by public transport, tram #1, ticket for 15CZK)<br />
<br />
=== Travel ===<br />
There are several airports around Brno;<br />
http://whichbudget.com can be used to see which budget airlines operate flights to a destination;<br />
for your convenience, the airport names below are linked there; http://skyscanner.net can help you finding non-direct connections. For information about booking the train or bus tickets, follow the links in the rightmost column.<br />
<br />
{|<br />
! Airport (code, people transported/year) !! Distance from Brno !! By bus (time, price one way) !! By train (time, price/price back !! Detailed instructions<br />
|-<br />
| [[http://whichbudget.com/en/cheapflights.php?to=BRQ| '''Brno''']] (BRQ, 0.5 mil.) || 0 km<br />
|| || ||<br />
|-<br />
| [[http://whichbudget.com/en/cheapflights.php?to=BTS| '''Bratislava''']] (BTS, 2 mil.)<br />
|| 130 km<br />
|| 2:00 (2 hours) EUR 9 || 1:25, EUR 7 (return EUR 10)<br />
|| [[FUDCon/FUDConBrno2008/Travel/FromBratislavaToBrno| Bratislava -> Brno]]<br />
|-<br />
| [[http://whichbudget.com/en/cheapflights.php?to=VIE| '''Wien, Vienna''']] (VIE, 18 mil.)<br />
|| 150 km<br />
|| 2:40, CZK 310 (EUR 13) || 1:25, EUR 27/EUR 9<br />
|| [[FUDCon/FUDConBrno2008/Travel/FromViennaToBrno| Vienna -> Brno]]<br />
|-<br />
| [[http://whichbudget.com/en/cheapflights.php?to=PRG| '''Prague''']] (PRG, 13 mil.)<br />
|| 210 km<br />
|| 2:30, CZK 200 (EUR 8.50) || 2:40, CZK 314/175 (EUR 13.20/7.30)<br />
|| [[FUDCon/FUDConBrno2008/Travel/FromPragueToBrno| Prague -> Brno]]<br />
|}<br />
<br />
There are no relevant return discounts for trains, and the budget airlines often offer no return discount as well, so there is little incentive to use the same airport for both direction.<br />
<br />
Tip: with some magic, the train ticket Brno->Vienna can be bought cheaply.<br />
<br />
=== Pre-Registration (Deadline: Friday August 15) ===<br />
{{admon/important|Please specify exact hotel nights!|Please specify the exact nights you need hotel accomodation for by August 15. The organizers need to know the exact dates for booking purposes.}}<br />
<br />
{|<br />
|-<br />
! No. || Name || Which nights do you need hotel? || Comments<br />
|-<br />
| 1 || [[MaxSpevack]] || Thu, Fri, Sat, Sun ||<br />
|-<br />
| 2 || [[JeroenVanMeeuwen]] || yes ||<br />
|-<br />
| 3 || [[GianlucaVarisco]] || Thu, Fri, Sat, Sun || -<br />
|-<br />
| 4 || [[JensKuehnel]] || no || canceled due to time and cost issues<br />
|-<br />
| 5 || [[DimitrisGlezos]] || Wed, Thu, Fri || Need to be in Brussels Sun-Tue<br />
|-<br />
| 6 || [[LucaFoppiano]] || yes || -<br />
|-<br />
| 7 || [[SandroMathys]] || yes || -<br />
|-<br />
| 8 || [[JonathanRoberts]] || Thu, Fri, Sat, Sun || -<br />
|-<br />
| 9 || [[RadekVokal]] || no || -<br />
|-<br />
| 10 || [[AdamTkac]] || no || -<br />
|-<br />
| 11 || [[MarcelaMaslanova]] || no || -<br />
|-<br />
| 12 || [[IvanaVarekova]] || no || -<br />
|-<br />
| 13 || [[FabianAffolter]] || Thu, Fri, Sat, Sun || -<br />
|-<br />
| 14 || [[LubomirRintel]] || no || -<br />
|-<br />
| 15 || [[MartinSivak]] || no || -<br />
|-<br />
| 16 || [[DanHorak]] || Fri, Sat, Sun, Mon, Tue (5 nights) || -<br />
|-<br />
| 17 || [[MartinKoci]] || no || -<br />
|-<br />
| 18 || [[MarekMahut]] || no || will help with organization<br />
|-<br />
| 19 || [[MatejCepl]] || no || will help with organization, living in Prague<br />
|-<br />
| 20 || [[AlexanderTodorov]] || Thu, Fri, Sat, Sun || -<br />
|-<br />
| 21 || [[OndrejVasik]] || no || -<br />
|-<br />
| 22 || [[AdamPribyl]] || Fri-Sat, Sat-Sun (2 nights) || -<br />
|-<br />
| 23 || <s>[[JoergSimon]]</s> || no || canceled :(<br />
|-<br />
| 24 || [[OliverFalk]] || yes || Can only attend on Friday<br />
|-<br />
| 25 || [[FrancescoUgolini]] || fri and sat || -<br />
|-<br />
| 26 || [[AntonArapov]] || no || -<br />
|-<br />
| 27 || [[AndreaModestoRossi]] || yes || 80% sure to attend<br />
|-<br />
| 28 || [[FrancescoCrippa]] || yes || -<br />
|-<br />
| 29 || [[ThomasWoerner]] || Thu-Fri, Fri-Sat, Sat-Sun, Sun-Mon, Mon-Tue, Tue-Wed (6 nights) || - <br />
|-<br />
| 30 || [[DominikMierzejewski]] || Thu, Fri, Sat, Sun || -<br />
|-<br />
| 31 || [[MartinNagy]] || no || -<br />
|-<br />
| 32 || [[HaraldHoyer]] || Thu, Fri, Sat, Sun, Mon, Tue (6 nights) || - <br />
|-<br />
| 33 || [[AdrianPilchowiec]] || no || -<br />
|-<br />
| 34 || [[MichalSchmidt]] || no || - <br />
|-<br />
| 35 || [[VitFoukal]] || no || - <br />
|-<br />
| 36 || Ivan Stojmirov || no || - <br />
|-<br />
| 37 || [[JaroslavReznik]] || no || - <br />
|-<br />
| 38 || [[JiriMoskovcak]] || no || - <br />
|-<br />
| 39 || [[MarcoMornati]] || yes || -<br />
|-<br />
| 40 || [[ChristosBacharakis]] || Thu, Fri, Sat, Sun || -<br />
|-<br />
| 41 || [[JanPazdziora]] || no || -<br />
|-<br />
| 42 || David Kovalsky || no || -<br />
|-<br />
| 43 || Chris Ward || no || -<br />
|-<br />
| 44 || [[MichalNowak]] || no || -<br />
|-<br />
| 45 || Lukas Petrovicky || no || -<br />
|-<br />
| 46 || Jakub Hrozek || no || can attend from Fri afternoon onwards<br />
|-<br />
| 47 || [[MilosJakubicek]] || no || -<br />
|-<br />
| 48 || [[JanBusta]] || no || -<br />
|-<br />
| 49 || [[TomasSmetana]] || no || -<br />
|-<br />
| 50 || Eduard Benes || no || -<br />
|-<br />
| 51 || Phil Knirsch || Thu, Fri, Sat, Sun, Mon, Tue (6 nights) || -<br />
|-<br />
| 52 || Hans de Goede || Thu, Fri, Sat, Sun? || Planning to attend<br />
|-<br />
| 53 || [[Jhutar]] || no || -<br />
|-<br />
| 54 || Marek Kasik || no || -<br />
|-<br />
| 55 || Zbysek Mraz || no || -<br />
|-<br />
| 56 || Michal Marciniszyn || no || -<br />
|-<br />
| 57 || Oldrich Plchot || no || - <br />
|-<br />
| 58 || Simone Pucci || yes || - <br />
|-<br />
| 59 || [[JanKratochvil]] || no || -<br />
|-<br />
| 60 || [[ZdenekPrikryl]] || no || -<br />
|-<br />
| 61 || Petr Muller || no || -<br />
|-<br />
| 62 || Vadim Grinco || no || -<br />
|-<br />
| 63 || Karel Volny || no || -<br />
|-<br />
| 64 || Lukáš Tinkl || no || -<br />
|-<br />
| 65 || [[KarolTrzcionka]] || Thu,Fri,Sat,Sun? || planning to attend<br />
|-<br />
| 66 || Alan Pevec || Fri,Sat || -<br />
|-<br />
| 67 || [[PatrikCevela]] || Thu, Fri, Sat, Sun || -<br />
|-<br />
| 68 || [[DiegoZacarao]] || Wed, Thu, Fri, Sat, Sun || depends on travel budget <br />
|-<br />
| 69 || Milos Malik || no || -<br />
|-<br />
| 70 || [[MiroslavSuchý|Miroslav Suchý]] || no || -<br />
|-<br />
| 71 || [[User:Kkofler|Kevin Kofler]] || none || planning to attend Sat only (early morning train in, late evening train out)<br />
|-<br />
| 72 || Miloslav Trmač || none || -<br />
|-<br />
| 73 || Jindřich Nový || none || -<br />
|-<br />
| 74 || Pavel Lisý || none || -<br />
|-<br />
| 75 || Stanislav Bulicek || none || -<br />
|-<br />
| 76 || [[PanuMatilainen|Panu Matilainen]] || Thu, Fri, Sat, Sun, Mon || -<br />
|-<br />
| 77 || [[FlorianFesti|Florian Festi]] || Thu, Fri, Sat, Sun, Mon, Tue (6 nights) || -<br />
|-<br />
| 78 || [[User:Nphilipp|Nils Philippsen]] || Thu, Fri, Sat, Sun, Mon, Tue || -<br />
|-<br />
| 79 || Petr Machata || none || -<br />
|-<br />
| 80 || [[DavidCantrell]] || Wed, Thu, Fri, Sat, Sun, Mon (6 nights) || -<br />
|-<br />
| 81 || [[PawelSadowski]] || Thu, Fri, Sat, Sun || -<br />
|-<br />
| 82 || Jozef Mlích || none || -<br />
|-<br />
| 83 || Karel Zak || Sat, Sun, Mon, Tue || -<br />
|-<br />
| 84 || Daniel Mach || none || -<br />
|-<br />
| 85 || Milan Broz || none || -<br />
|-<br />
| 86 || Tomas Henzl || none || -<br />
|-<br />
| 87 || Tomáš Bžatek || none || -<br />
|-<br />
| 88 || David Tardon || none || -<br />
|-<br />
| 89 || Jan Tluka || none || -<br />
|-<br />
| 90 || Lukáš Doktor || none || -<br />
|-<br />
| 91 || Michael Mraka || none || -<br />
|-<br />
| 92 || Martin Stransky || none || -<br />
<br />
|-<br />
| 93 || [[NicuBuculei]] || Thu (maybe), Fri, Sat, Sun || arriving Fri very early in the morning<br />
|-<br />
| 94 || [[AdrianJoian]] || Thu (maybe), Fri, Sat, Sun || arriving Fri very early in the morning<br />
|-<br />
| 95 || Daniel Novotny || none || -<br />
|-<br />
| 96 || Miroslav Lichvar || none || -<br />
|}<br />
<br />
== Information for Organizers ==<br />
<br />
=== Meetings ===<br />
There is a weekly organization/planning meeting in #fedora-meeting on Freenode every Tuesday at 13:00 UTC (15:00 CEST).<br />
<br />
* [[/2008-07-29|Log from 2008-07-29 planning meeting]]<br />
* [[/2008-07-22|Log from 2008-07-22 planning meeting]]<br />
* [[/2008-07-15|Log from 2008-07-15 planning meeting]]<br />
<br />
=== Current action items ===<br />
* <del>Update travel information on wiki (MarkeMahut)</del><br />
* <del>Internet access -- we'll use university network (RadekVokal)</del> <br />
* <del>Fedora Live DVDs (MarekMahut)</del><br />
* <del>Publicity on Fedora Planet & mailing lists (MaxSpevack)</del><br />
* <del>Email/invitation to europe (europe-list) offices (MaxSpevack)</del><br />
* <del>Talk to Denise Dumas about RH travel budget(MaxSpevack)</del><br />
* <del>Check out rooms at the University (RadekVokal & MarekMahut)</del><br />
* <del>Figure out how much of hotel bill can be paid from FUDCon budget (MaxSpevack)</del><br />
* Food for Friday, Saturday, Sunday<br />
** Detailed list of needs for each day (MaxSpevack)<br />
** Get price quotes based on list (RadekVokal)<br />
* Social Event for Saturday night<br />
** Determine budget for event (MaxSpevack)<br />
** <del>Figure out location (RadekVokal)</del><br />
** Food pre-ordering? (RadekVokal)<br />
* Projectors from the RH office (MarekMahut)<br />
* Tshirts (MaxSpevack & NicuBuculei)<br />
* Advertisement flyer<br />
** English text (MaxSpevack)<br />
** Czech text (RadekVokal)<br />
** Ask Art Team to make it look good (MaxSpevack)<br />
* Publicity at universities or other places in Brno & Prague<br />
** sci.muni.cz (MarekMahut)<br />
** fi.muni.cz (MarekMahut)<br />
** www.fit.vutbr.cz (RadekVokal)<br />
** www.fei.vsb.cz (RadekVokal)<br />
* Travel subsidies and sponsorships (MaxSpevack)<br />
* Confirm number of rooms with hotel (MaxSpevack & RadekVokal) - needed ASAP<br />
* <del>Banner ad for FUDCon on RH Europe website</del> http://www.europe.redhat.com/promos/20080807/fudcon.png - can I get it in bigger res? (RadekVokal)<br />
<br />
=== Budget ===<br />
* 20k USD = 12.5k EUR = 290k CZK<br />
** Travel estimate 4,000 EUR <br />
** Hotel estimate 4,000 EUR<br />
** Food estimate 3,000 EUR<br />
** Tshirts estimate 1,500 EUR</div>Mlichvar