On 2/8/24 06:21, Martin Burnicki via tz wrote:
https://kb.meinbergglobal.com/kb/time_sync/ntp/configuration/ntp_leap_second...
Thanks, I installed the attached patch to refer to that page. A few comments about its contents:
For higher security the file should be signed using a public key certificate which can also be checked after the file has already been downloaded. However, this is currently not implemented
As per Internet RFC 6557 (2012) section 3, TZDB distributions are signed via a PGP signature. This signature is published in each distribution's announcement, so effectively you can obtain a signed leap-seconds.list from a TZDB distribution. This practice started in 2012e, in response to the RFC. Also, TZDB releases have signed tags in the Github development repository; this is another way to verify leap-seconds.list Admittedly neither of these techniques are the same as having the IERS sign the file, which would be preferable.
The IETF website https://www.ietf.org/timezones/data/ used to provide the files extracted from the latest TZ DB distribution archive, but this no longer appears to be the case .
Yes, I think that has been retired; Kim Davies could confirm that if he has the time. One other link you might want to mention is: https://raw.githubusercontent.com/eggert/tz/main/leap-seconds.list This is the latest version of leap-seconds.list in the TZDB development repository. It is more up-to-date than <https://data.iana.org/time-zones/tzdb/leap-seconds.list>, though less up-to-date than the IERS primary copy. Github likely resists DDoS attacks better than the other sites; see <https://github.blog/2018-03-01-ddos-incident-report/>.