[tz] NIST leap-second file not yet updated
eggert at cs.ucla.edu
Thu Feb 18 16:29:44 UTC 2016
On 02/18/2016 07:12 AM, Martin Burnicki wrote:
> after download you still can't be sure the file has not been
> modified. The included SHA1 hash can be generated by anyone
I wouldn't worry about this. We generate our own checksums for the
entire tzdata distribution including the leap-seconds file, and sign them.
The main problem here is legal, not technical.
I agree with Tony that the EUPL is not suitable for the tz project. It's
a pain to use the EUPL even with GPLed code (e.g., GNU/Linux), much less
BSD (e.g., FreeBSD). We need something more like public-domain or
3-clause BSD, both of which we already use. Public domain is preferable
because it's simpler. CC0 would also be OK, I expect.
If this turns into a legal hassle for the IERS, as I suspect it will,
then it's not worth their trouble. We'll just keep doing what we have
been doing, or something like it.
More information about the tz