Although security is one of our top priorities, we might not be able to inform you of of a breach if served with a State-issued, secret subpoena (gag order).
The purpose of publishing these canary statements is to indicate to our users the integrity of our systems.
To view all of our canary statements, see:
For instructions on receiving and verifying our current BusKill Release Signing Key, see:
After you have verified & imported our Release Signing key, execute the following (instructions are for a Debian-based system)
At the prompt, simply paste the contents of the canary statement: everything in-between (and including) the lines `
-----BEGIN PGP MESSAGE-----` `
-----END PGP MESSAGE-----` and press
You should get output that is similar to the following (note the date will change, based on when the canary statement was signed):
gpg: Signature made Fri 16 Oct 2020 09:27:33 PM CEST gpg: using RSA key 798DC1101F3DEC428ADE124D68B8BCB0C5023905 gpg: Good signature from "BusKill Releases Signing Key 2020.07
" [unknown] gpg: WARNING: This key is not certified with a trusted signature! gpg: There is no indication that the signature belongs to the owner. Primary key fingerprint: E0AF FF57 DC00 FBE0 5635 8761 4AE2 1E19 36CE 786A Subkey fingerprint: 798D C110 1F3D EC42 8ADE 124D 68B8 BCB0 C502 3905
You should make sure that it says "Good signature" in the output and confirm that the keyid matches the one you verified at the time you first imported our key into your personal keyring. If this text has been altered, then this information should not be trusted.
Unless you have taken explicit steps to build a trust path to the BusKill Release Signing Key, you will see a warning message similar to:
gpg: WARNING: This key is not certified with a trusted signature! gpg: There is no indication that the signature belongs to the owner.
However, you still should see the "Good signature".
Please see the following external links for more information about common use of warrant canaries.