On 2024-02-08 19:22, Paul Eggert via tz wrote:
On 2/8/24 06:21, Martin Burnicki via tz wrote:
https://kb.meinbergglobal.com/kb/time_sync/ntp/configuration/ntp_leap_second...
Thanks, I installed the attached patch to refer to that page.
A few comments about its contents:
For higher security the file should be signed using a public key certificate which can also be checked after the file has already been downloaded. However, this is currently not implemented
You can check leap-seconds.list sha1 using one of the programs from IERS or NIST noted in their respective files, or a script to do the same using sha1sum and other utilities, plus diff (-b) against the previous copy to ensure minimal other changes.
As per Internet RFC 6557 (2012) section 3, TZDB distributions are signed via a PGP signature. This signature is published in each distribution's announcement, so effectively you can obtain a signed leap-seconds.list from a TZDB distribution. This practice started in 2012e, in response to the RFC.
Also, TZDB releases have signed tags in the Github development repository; this is another way to verify leap-seconds.list
Admittedly neither of these techniques are the same as having the IERS sign the file, which would be preferable.
The IETF website https://www.ietf.org/timezones/data/ used to provide the files extracted from the latest TZ DB distribution archive, but this no longer appears to be the case .
Yes, I think that has been retired; Kim Davies could confirm that if he has the time.
One other link you might want to mention is:
https://raw.githubusercontent.com/eggert/tz/main/leap-seconds.list
This is the latest version of leap-seconds.list in the TZDB development repository. It is more up-to-date than <https://data.iana.org/time-zones/tzdb/leap-seconds.list>, though less up-to-date than the IERS primary copy. Github likely resists DDoS attacks better than the other sites; see <https://github.blog/2018-03-01-ddos-incident-report/>.
-- Take care. Thanks, Brian Inglis Calgary, Alberta, Canada La perfection est atteinte Perfection is achieved non pas lorsqu'il n'y a plus rien à ajouter not when there is no more to add mais lorsqu'il n'y a plus rien à retirer but when there is no more to cut -- Antoine de Saint-Exupéry