r2 - 2012-09-29 - 03:18:40 - HarlanStennYou are here: NTP >  Dev Web > PerFileCopyrightAndLicenseNotice
NTP users are strongly urged to take immediate action to ensure that their NTP daemons are not susceptible to being used in distributed denial-of-service (DDoS) attacks. Please also take this opportunity to defeat denial-of-service attacks by implementing Ingress and Egress filtering through BCP38.

ntp-4.2.8p12 was released on 14 August 2018. It addresses 1 low-/medium-severity security issue in ntpd, 1 low-severity security issue in ntpq and ntpdc, and provides 27 non-security bugfixes and 4 other improvements over 4.2.8p11.

Please see the NTP Security Notice for vulnerability and mitigation details.

Are you using Autokey in production? If so, please contact Harlan - he's got some questions for you.

Per-File Copyright and LIcense Notice

Related Items: bug_small.png Bug #2215

Options

If we decide to go to a per-file notice we have choices:

  • A Copyright Notice
  • A License Notice
  • Both

As Harlan recalls, Dave Mills is no fan of boilerplate cluttering up the source files. Harlan is no fan of clutter either.

It's perfectly OK to have no per-file notices.

But there are some sound reasons for having something.

One choice is:

Copyright 2012 The Foo Project Developers. See the COPYRIGHT file at the top-level directory of this distribution and at http://example.org/project/COPYRIGHT.

This file is part of Foo Project. It is subject to the license terms in the LICENSE file found in the top-level directory of this distribution and at http://www.example.org/foo/license.html. No part of Foo Project, including this file, may be copied, modified, propagated, or distributed except according to the terms contained in the LICENSE file.

Harlan thinks that is still a bit long, and will see if the following is OK:

Copyright 1992-2012 University of Delaware. See the COPYRIGHT file at the top-level directory of this distribution and at http://ntp.org/COPYRIGHT for copyrght and license information.

Updating

This may/will be a PITA to update annually. What to do?

We could script an update annually, but is that lame if the only thing that changes in a file for a year is the copyright year?

Should we try to come up with a trigger script to update the copyright year when doing a checkin?

Is this something we can "avoid" by using a bk keyword expansion?

autogen

autogen may emit a copyright/license block in the files it generates.

Checking for the License/Copyright

Do we want to havea bk trigger that checks for a License/Copyright on checkin?

Do we want part of the build process to check for this?

Other choices?

Comments

 
Edit | WYSIWYG | Attach | Printable | Raw View | Backlinks: Web, All Webs | History: r2 < r1 | More topic actions
 
SSL security by CAcert
Get the CAcert Root Certificate
This site is powered by the TWiki collaboration platform
IPv6 Ready
Copyright & 1999-2018 by the contributing authors. All material on this collaboration platform is the property of the contributing authors. Ideas, requests, problems regarding the site? Send feedback