On 2024-02-10 18:34, Paul Eggert wrote:
On 2024-02-10 16:22, brian.inglis--- via tz wrote:
all we can do for now with the current distribution: using https:// as you suggested, sha1 check, and eyeball diff (-b) in case of site hacks.
I guess I'm not following your point because that's clearly not all a user can do. A user can also check the signatures, which are made via a public key certificate. I know a few users do that, because I got email a while back when my public key expired and was renewed.
I was referring solely to the original IERS source files leap-seconds.{[0-9]{10,},list} and all we can do for now to validate them, using sha1 and eyeball. We could also check that the new external time stamp file suffix agrees with the internal "#$" line update validity NTP time stamp, and that is (normally) in the current month January or July, and less than the "#@" line expiry NTP time stamp, (normally) eleven months later on 28th June or December, and that date agrees with the formatted date in the preceding "expires" comment line. With known access to the current/previous leap-seconds.list sym-/link or .[0-9]{9,} target, we could also check that the update validity time stamp is (normally) between the current/previous update validity and expiry time stamps. -- Take care. Thanks, Brian Inglis Calgary, Alberta, Canada La perfection est atteinte Perfection is achieved non pas lorsqu'il n'y a plus rien à ajouter not when there is no more to add mais lorsqu'il n'y a plus rien à retirer but when there is no more to cut -- Antoine de Saint-Exupéry