Re: [chrony-dev] Idea: Leapsecond info via DNS

[ Thread Index | Date Index | More chrony.tuxfamily.org/chrony-dev Archives ]


På Mon, 19 Sep 2016 09:15:27 +0200
Miroslav Lichvar <mlichvar@xxxxxxxxxx> skrev:
> On Sun, Sep 18, 2016 at 10:53:54AM +0200, Rune Magnussen wrote:
> > På Fri, 16 Sep 2016 17:48:29 +0200
> > Miroslav Lichvar <mlichvar@xxxxxxxxxx> skrev:  
[vut]
> 
> > > I'd rather see chrony to get support for reading leap seconds
> > > from the "leap-seconds.list" file, which is distributed by
> > > multiple servers, and recommend running "sleep $[RANDOM] && wget
> > > -O ... https://...."; from cron every month or so.  
> > You would then have to make sure the checksums are downloaded from
> > another mirror than the file and the best mirrors would depend on
> > where you are. This seems almost as complicated as adding support
> > for leap seconds via DNS.  
> 
> I'm not sure I follow. Why would I need to download data from multiple
> servers? Are you suggesting to not trust one server, but have a voting
> mechanism with at least three different servers like NTP normally
> does?
I just meant that if you want to validate the downloaded file then you
should get the checksum from a different mirror. If the file is
compromised on one server then the checksum file migt be too. In that
case there would be no detectable error. With tho servers there would
be warnings if either the leap second file or the checksum file was
changed. 

Anyway, I did not make enough research. Now I have found a place to
download the file, but there is not any obvious checksum file. Perhaps
you really have to download the entire file more than once to make
sure. Looks like most of my points are moot.

Regards Rune


--
To unsubscribe email chrony-dev-request@xxxxxxxxxxxxxxxxxxxx with "unsubscribe" in the subject.
For help email chrony-dev-request@xxxxxxxxxxxxxxxxxxxx with "help" in the subject.
Trouble?  Email listmaster@xxxxxxxxxxxxxxxxxxxx.


Mail converted by MHonArc 2.6.19+ http://listengine.tuxfamily.org/