På Mon, 19 Sep 2016 09:15:27 +0200 Miroslav Lichvar <mlich...@redhat.com> skrev: > On Sun, Sep 18, 2016 at 10:53:54AM +0200, Rune Magnussen wrote: > > På Fri, 16 Sep 2016 17:48:29 +0200 > > Miroslav Lichvar <mlich...@redhat.com> skrev: [vut] > > > > I'd rather see chrony to get support for reading leap seconds > > > from the "leap-seconds.list" file, which is distributed by > > > multiple servers, and recommend running "sleep $[RANDOM] && wget > > > -O ... https://...."; from cron every month or so. > > You would then have to make sure the checksums are downloaded from > > another mirror than the file and the best mirrors would depend on > > where you are. This seems almost as complicated as adding support > > for leap seconds via DNS. > > I'm not sure I follow. Why would I need to download data from multiple > servers? Are you suggesting to not trust one server, but have a voting > mechanism with at least three different servers like NTP normally > does? I just meant that if you want to validate the downloaded file then you should get the checksum from a different mirror. If the file is compromised on one server then the checksum file migt be too. In that case there would be no detectable error. With tho servers there would be warnings if either the leap second file or the checksum file was changed.
Anyway, I did not make enough research. Now I have found a place to download the file, but there is not any obvious checksum file. Perhaps you really have to download the entire file more than once to make sure. Looks like most of my points are moot. Regards Rune -- To unsubscribe email chrony-dev-requ...@chrony.tuxfamily.org with "unsubscribe" in the subject. For help email chrony-dev-requ...@chrony.tuxfamily.org with "help" in the subject. Trouble? Email listmas...@chrony.tuxfamily.org.
