Feb. 10, 2024
1:26 a.m.
On 2024-02-09 14:20, brian.inglis--- via tz wrote:
On 2/8/24 06:21, Martin Burnicki via tz wrote:
For higher security the file should be signed using a public key certificate ...
You can check leap-seconds.list sha1
That SHA1 checksum merely checks for data corruption. Martin was asking for a signature via a public key certificate. Such a signature also verifies that the sender is not some random attacker; this is a stronger guarantee than a checksum. This is why TZDB releases have signed tags on GitHub and why release announcements contain the tarballs' PGP signatures.