Canonical has joined the Trifecta Tech Foundation as a Gold Sponsor, providing €40,000 annually to support memory-safe Rust rewrites of critical infrastructure. This funding prioritizes the development of ntpd-rs, which Canonical intends to make the default time synchronization tool for Ubuntu starting with the 27.04 release.
Why is Canonical funding Rust-based infrastructure?
Canonical is pursuing a long-term strategy it describes as “carefully but purposefully oxidising Ubuntu.” This initiative involves replacing legacy C-based system utilities with memory-safe alternatives written in the Rust programming language.
The company has already successfully integrated several Rust rewrites into its operating system. Coreutils, findutils, and diffutils have been swapped for Rust versions, and the implementation of sudo-rs has already transitioned into Ubuntu 25.10 and the 26.04 LTS release. This partnership with the Trifecta Tech Foundation—a non-profit focused on critical software safety—aims to expand this scope to time synchronization.
What makes ntpd-rs more secure than traditional tools?
Memory safety is the primary driver behind the shift to ntpd-rs. In traditional C-based tools, memory management errors can lead to vulnerabilities that attackers exploit to compromise systems. Because time synchronization is a foundational service, a bug here can disrupt a system’s ability to maintain accurate clocks.

According to Canonical, accurate time is essential for the functionality of TLS certificates. If a system’s clock is out of sync with the rest of the internet, secure connections can fail. By using a memory-safe implementation, Ubuntu aims to reduce the frequency of these critical bugs.
The reliability of ntpd-rs is backed by real-world production data. Jon Seager, VP of Engineering at Canonical, stated that the tool has been running in production at Let’s Encrypt since June 2024, following a two-month staging rollout. This provides a level of verification that many experimental software projects lack.
How does ntpd-rs compare to chrony?
To become a viable default, ntpd-rs must achieve feature parity with established tools like chrony. Canonical’s current funding is specifically directed toward closing existing functional gaps. This includes adding support for multi-threading in NTP servers and enabling multi-homed server setups.
The development roadmap for ntpd-rs includes several specialized features:
- GPSd IP socket support: For precise timekeeping via GPS hardware.
- gPTP support: Essential for automotive and connected vehicle technology.
- Statime integration: A memory-safe implementation of the Precision Time Protocol (PTP) currently being developed by Trifecta.
- Enhanced Isolation: The creation of AppArmor and seccomp profiles to match the security isolation currently provided by chrony.
- Crypto flexibility: Support for rustls, while allowing organizations to fall back on OpenSSL for strict compliance needs.
When will Ubuntu transition to ntpd-rs?
The rollout of ntpd-rs will occur in two distinct phases. The first milestone is targeted for Ubuntu 26.10, where the tool will be included in the official archives to allow users and administrators to begin testing its stability in various environments.
The final goal is to introduce ntpd-rs as the default time synchronization client and server for Ubuntu in the 27.04 release. While desktop users may not notice a change in daily operation, the update represents a significant security hardening for sysadmins and enterprise deployments.
Frequently Asked Questions
What is the Trifecta Tech Foundation?
It is a non-profit organization dedicated to developing memory-safe Rust rewrites of critical infrastructure software, such as data compression and time synchronization tools.

Is sudo-rs already available in Ubuntu?
Yes. sudo-rs became the default privilege escalation tool in Ubuntu 25.10 and remains the default in the 26.04 LTS release.
Why does time synchronization matter for internet security?
Precise time is required for the validation of TLS certificates. If a system’s clock is incorrect, it may fail to establish secure connections to websites and services.
Want to stay updated on the latest in Linux infrastructure? Subscribe to our newsletter or leave a comment below with your thoughts on the shift to Rust!
