Hammer the bug list flat
The NTP Classic codebase had accumulated serious vulnerabilities. We’ve worked overtime to identify and plug the critical holes; more needs to be done on the lesser ones. Our goal is to reach the exceptionally low defect-per-thousand-hour rates of GPSD and RTEMS; we have the people and the skills to do it.
Throw away more code
Antoine de Saint-Exupéry famously said "Perfection is achieved, not when there is nothing more to add, but when there is nothing left to take away." This is our project motto. The more code we can throw away, the fewer potential vulnerabilities and complexity issues we will have. There are many opportunities here; see our removal plans, and holler if we’re removing something you need.
Move code that doesn’t need to be in C out of C
We’ve already made major gains in maintainability and code re-use by moving all our production scripting to Python. One of our goals is to move all code that isn’t realtime-critical out of C to improve maintainability and decrease vulnerability to overrun bugs and other classic C snafus.
Broaden community participation
The NTP Classic project slid into decline, developing serious vulnerabilities it was unable to effectively address, because it made choices that closed it off from the wider open-source community. NTPSec was forked in large part to reverse those choices. We want more community participation, more open-source code review, and we even welcome drive-by patches to address point problems.
Build a hardware test lab
Precision clock sources are tricky things, and testing in a simulation environment has limits. We aim to build a lab where we can remote-control refclocks and a network of ntpd instances for live testing. This will take money: see Getting Involved for how you can help.
The code can be further hardened by repartitioning it into smaller, more loosely coupled pieces. A prime opportunity is by divorcing clock management (into a separate refclockd) from the synchronization algorithms.
Get it all IPv6-ready
Network Time Protocol is unhealthily entangled with IPv4. As address exhaustion forces the world towards IPv6, this needs to be fixed.
Long-term: Out of C entirely?
Languages which may seriously challenge C as the lingua franca of systems work are beginning to appear. Their most important advantage is they they enforce code-correctness properties that eliminate large classes of the low-level bugs C is prone to. The codebase we inherited was so large and grotty that moving to any of these would have been impractical, but the codebase we have now is a different story. It may be worth trying…
Recruit and educate a new generation
NTP Classic came altogether too close to becoming a black hole of unmaintainability because only one human being fully understood the Byzantine clock-synchronization algorithms at its core. For sustainability, that knowledge needs to become more widely spread.