[tz] leap-seconds.list format
Paul Eggert
eggert at cs.ucla.edu
Sat Feb 10 01:26:14 UTC 2024
On 2024-02-09 14:20, brian.inglis--- via tz wrote:
>> On 2/8/24 06:21, Martin Burnicki via tz wrote:
>>> For higher security the file should be signed using a public key
>>> certificate ...
>
> You can check leap-seconds.list sha1
That SHA1 checksum merely checks for data corruption. Martin was asking
for a signature via a public key certificate. Such a signature also
verifies that the sender is not some random attacker; this is a stronger
guarantee than a checksum. This is why TZDB releases have signed tags on
GitHub and why release announcements contain the tarballs' PGP signatures.
More information about the tz
mailing list