-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Isn't CC0 designed specifically for this sort of situation? It's public domain with a fallback for jurisdictions where that concept doesn't exist. I've always been warned against using "crayon licenses" like simple declarations. Seems to me that any way you go, it's best to use one of the well known permissive licenses over something ad hoc. On February 18, 2016 11:29:44 AM EST, Paul Eggert <eggert@cs.ucla.edu> wrote:
On 02/18/2016 07:12 AM, Martin Burnicki wrote:
after download you still can't be sure the file has not been modified. The included SHA1 hash can be generated by anyone
I wouldn't worry about this. We generate our own checksums for the entire tzdata distribution including the leap-seconds file, and sign them.
The main problem here is legal, not technical.
I agree with Tony that the EUPL is not suitable for the tz project. It's a pain to use the EUPL even with GPLed code (e.g., GNU/Linux), much less BSD (e.g., FreeBSD). We need something more like public-domain or 3-clause BSD, both of which we already use. Public domain is preferable
because it's simpler. CC0 would also be OK, I expect.
If this turns into a legal hassle for the IERS, as I suspect it will, then it's not worth their trouble. We'll just keep doing what we have been doing, or something like it. -----BEGIN PGP SIGNATURE----- Version: APG v1.1.1
iQI/BAEBCgApBQJWxfmkIhxQYXVsIEdhbnNzbGUgPHBnYW5zc2xlQGdtYWlsLmNv bT4ACgkQzVT849lkvvvNew/7Bfnk8eVazEQ3ah8vfu0rOi8epTzWobskMjZHyehO dymsaMBYCphveJyBhd/UNji6RrAAtUtESlGHV/dGkJoEb4DARgsIAh0miBK2jAVJ qEVlZimqMmSFlJsP0bEvebOvVj+d39ph2PTlzGV2uTsnmLDtCLtoA9/TKfnfdgC2 +BrGziDkI+CcXx/m5iT9K7u95l7fvJjU+PHyWYtfV2QdiK2uoS20rn0wCzOVqzFD ykSQA0a9hoil+lyL70TCuE7HuF4DwJ7HkGhMRnSgLNIfDmmgiDzXAeDUZqj0uSXU +Z5JpyY4ZHvjqe1msD7iEShxtzziAE7wO4PeNo++3VUDLCjvM8vcisR2EQ/jz0k3 Ahpv3bKzyYdKM2GhpwUKUXrbfDbNIbJPoFDbvC89gz1wspeZC0MIw3KfZsaYeMfx Qkn1zkoYnqe0aHsD0I4VPEDc3CGUpMe/pmWdu5pyrID4wYV9laKMMdhh5UcmhFpH 7BBKtqzHZ58SgdXDCiUWVQiGhnAsQZrvbAUWQKC+DYVqcpydXD6anPE5TwzueUzb WcmOvj4gtINnmkLdD1X9FiMRXX1qdT9fq53LFHxhLGwPlJawF2j3OBHhDynWE7yg 9zkGloJKULD3PeXgdGuv7xL8j58sXhcVp8Zcj4yihcJL7RsfZq4osFc1ach4fQMh LuE= =bZYG -----END PGP SIGNATURE-----