Brian Inglis via tz wrote: [...]
The hash code is computed over only the numeric data content comprised of delta TAI offsets and NTP timestamps including those for validity and expiry in flagged comments, so is unchanged.
This hash could also do with being upgraded and augmented for backward compatibility by possibly detached sha2/sha3 sum and/or gpg2 signature.
IMO the file hash in the existing form is obsolete anyway. At the time when the file format was introduced and the file was downloaded via modem/serial lines, the hash could be used to verify the integrity of the file, but it can't be used to prove the authenticity. Everybody who wants to spoof leap second information can create a file with the desired content and create a valid hash signature for his file. Downloading the file via https instead of FTP increases trustworthiness, but I agree that a gpg2 signature would be very useful to be check the authenticity of the file. On the other hand, the same is true for all data files that are published by IERS and similar institutions. Martin -- Martin Burnicki Senior Software Engineer MEINBERG Funkuhren GmbH & Co. KG Email: martin.burnicki@meinberg.de Phone: +49 5281 9309-414 Linkedin: https://www.linkedin.com/in/martinburnicki/ Lange Wand 9, 31812 Bad Pyrmont, Germany Amtsgericht Hannover 17HRA 100322 Geschäftsführer/Managing Directors: Günter Meinberg, Werner Meinberg, Andre Hartmann, Heiko Gerstung Websites: https://www.meinberg.de https://www.meinbergglobal.com