[tz] NIST leap-second file not yet updated

Paul Eggert eggert at cs.ucla.edu
Thu Feb 18 16:29:44 UTC 2016

On 02/18/2016 07:12 AM, Martin Burnicki wrote:
> after download you still can't be sure the file has not been
> modified. The included SHA1 hash can be generated by anyone

I wouldn't worry about this. We generate our own checksums for the 
entire tzdata distribution including the leap-seconds file, and sign them.

The main problem here is legal, not technical.

I agree with Tony that the EUPL is not suitable for the tz project. It's 
a pain to use the EUPL even with GPLed code (e.g., GNU/Linux), much less 
BSD (e.g., FreeBSD). We need something more like public-domain or 
3-clause BSD, both of which we already use. Public domain is preferable 
because it's simpler. CC0 would also be OK, I expect.

If this turns into a legal hassle for the IERS, as I suspect it will, 
then it's not worth their trouble. We'll just keep doing what we have 
been doing, or something like it.

More information about the tz mailing list