[tz] leap-seconds.list format
brian.inglis at systematicsw.ab.ca
brian.inglis at systematicsw.ab.ca
Fri Feb 9 22:20:25 UTC 2024
On 2024-02-08 19:22, Paul Eggert via tz wrote:
> On 2/8/24 06:21, Martin Burnicki via tz wrote:
>
>> https://kb.meinbergglobal.com/kb/time_sync/ntp/configuration/ntp_leap_second_file
>
> Thanks, I installed the attached patch to refer to that page.
>
> A few comments about its contents:
>
>> For higher security the file should be signed using a public key certificate
>> which can also be checked after the file has already been downloaded. However,
>> this is currently not implemented
You can check leap-seconds.list sha1 using one of the programs from IERS or NIST
noted in their respective files, or a script to do the same using sha1sum and
other utilities, plus diff (-b) against the previous copy to ensure minimal
other changes.
> As per Internet RFC 6557 (2012) section 3, TZDB distributions are signed via a
> PGP signature. This signature is published in each distribution's announcement,
> so effectively you can obtain a signed leap-seconds.list from a TZDB
> distribution. This practice started in 2012e, in response to the RFC.
>
> Also, TZDB releases have signed tags in the Github development repository; this
> is another way to verify leap-seconds.list
>
> Admittedly neither of these techniques are the same as having the IERS sign the
> file, which would be preferable.
>
>> The IETF website https://www.ietf.org/timezones/data/ used to provide the
>> files extracted from the latest TZ DB distribution archive, but this no longer
>> appears to be the case .
>
> Yes, I think that has been retired; Kim Davies could confirm that if he has the
> time.
>
> One other link you might want to mention is:
>
> https://raw.githubusercontent.com/eggert/tz/main/leap-seconds.list
>
> This is the latest version of leap-seconds.list in the TZDB development
> repository. It is more up-to-date than
> <https://data.iana.org/time-zones/tzdb/leap-seconds.list>, though less
> up-to-date than the IERS primary copy. Github likely resists DDoS attacks better
> than the other sites; see <https://github.blog/2018-03-01-ddos-incident-report/>.
--
Take care. Thanks, Brian Inglis Calgary, Alberta, Canada
La perfection est atteinte Perfection is achieved
non pas lorsqu'il n'y a plus rien à ajouter not when there is no more to add
mais lorsqu'il n'y a plus rien à retirer but when there is no more to cut
-- Antoine de Saint-Exupéry
More information about the tz
mailing list