> As already mentioned, the smearing is a very sensitive moment. If the NTP server is restarted during this period, we will likely end up with either “old” or “new” time, which may propagate to the clients and lead to an outage.
That seems to be a solvable engineering problem. One could make sure the server is up to date on all recent information before taking it back into service. It's a similar problem as making sure that cache servers that have invalidated data don't go back into service before their cache is updated - which is tablestakes for services like CDNs.
I guess the problem here are public servers that can't run software that understands doing that? I see the challenge for those, but maybe something like an improved version of NTP could fix it?
That seems to be a solvable engineering problem. One could make sure the server is up to date on all recent information before taking it back into service. It's a similar problem as making sure that cache servers that have invalidated data don't go back into service before their cache is updated - which is tablestakes for services like CDNs.
I guess the problem here are public servers that can't run software that understands doing that? I see the challenge for those, but maybe something like an improved version of NTP could fix it?