Hello Jon, hello Adolf, hello Tapani, hello Michael, hello *,
thanks for this conversation, which I just wanted to comment on some minor bits and pieces.
I thought chrony was more for desktops & laptops. Devices that power down and might have a big time jump. And NTP was more for servers or devices that run full-time.
This is true in general, and given this description, it might look somewhat surprising to replace ntpd - requiring a stable internet connection - with something that can handle more patchy, unreliable situations.
At IPFire, we seem to make pretty demanding assumptions regarding the stability of our users' internet connection, particularly when it comes to DNS and NTP, which both unfortunately depend on each other.
While Unbound, our DNS resolver, made some efforts to deal with temporary outages less invasive, it is still quite easy to confuse ntpd.
Some IPFire systems run behind patchy cellular networks (developing countries come to mind, or rural areas in Germany), or unstable cable/DSL connections. I remember some people sitting behind satellite uplinks, and there was once someone who claimed he/she runs IPFire on a really slow connection somewhere in Africa (Kenya?).
For those people, I guess it might give them a better user experience if IPFire could deal with such scenarios in terms of synchronising it's clock. This is why chrony looks like a good idea, and indeed, we do not use some of the features ntpd comes with.
Sorry for not mentioning this in the conference log. :-)
Nonetheless, autokey is definitely history now and NTS support is one more reason to go with chrony.
Basically, yes. There are still very few NTS servers out there, which is why I personally currently shy away from it, as I like the highly diverse NTP pool ecosystem. Let's hope thing will improve on this end, so we can move another protocol towards being encrypted in transit.
So my vote is for moving to chrony (even though I don't see it as super urgent).
It definitely does not have a high priority to me, too. I just need to duplicate myself a few more times, so I can spend more than 24 hours a day on IPFire development. :-)
Thanks, and best regards, Peter Müller