[tz] leap-seconds.list format

brian.inglis at systematicsw.ab.ca brian.inglis at systematicsw.ab.ca
Fri Feb 9 22:20:25 UTC 2024 

On 2024-02-08 19:22, Paul Eggert via tz wrote:
> On 2/8/24 06:21, Martin Burnicki via tz wrote:
> 
>> https://kb.meinbergglobal.com/kb/time_sync/ntp/configuration/ntp_leap_second_file
> 
> Thanks, I installed the attached patch to refer to that page.
> 
> A few comments about its contents:
> 
>> For higher security the file should be signed using a public key certificate 
>> which can also be checked after the file has already been downloaded. However, 
>> this is currently not implemented

You can check leap-seconds.list sha1 using one of the programs from IERS or NIST 
noted in their respective files, or a script to do the same using sha1sum and 
other utilities, plus diff (-b) against the previous copy to ensure minimal 
other changes.

> As per Internet RFC 6557 (2012) section 3, TZDB distributions are signed via a 
> PGP signature. This signature is published in each distribution's announcement, 
> so effectively you can obtain a signed leap-seconds.list from a TZDB 
> distribution. This practice started in 2012e, in response to the RFC.
> 
> Also, TZDB releases have signed tags in the Github development repository; this 
> is another way to verify leap-seconds.list
> 
> Admittedly neither of these techniques are the same as having the IERS sign the 
> file, which would be preferable.
 >
>> The IETF website https://www.ietf.org/timezones/data/ used to provide the 
>> files extracted from the latest TZ DB distribution archive, but this no longer 
>> appears to be the case . 
> 
> Yes, I think that has been retired; Kim Davies could confirm that if he has the 
> time.
> 
> One other link you might want to mention is:
> 
> https://raw.githubusercontent.com/eggert/tz/main/leap-seconds.list
> 
> This is the latest version of leap-seconds.list in the TZDB development 
> repository. It is more up-to-date than 
> <https://data.iana.org/time-zones/tzdb/leap-seconds.list>, though less 
> up-to-date than the IERS primary copy. Github likely resists DDoS attacks better 
> than the other sites; see <https://github.blog/2018-03-01-ddos-incident-report/>.

-- 
Take care. Thanks, Brian Inglis              Calgary, Alberta, Canada

La perfection est atteinte                   Perfection is achieved
non pas lorsqu'il n'y a plus rien à ajouter  not when there is no more to add
mais lorsqu'il n'y a plus rien à retirer     but when there is no more to cut
                                 -- Antoine de Saint-Exupéry

More information about the tz mailing list