buskill
I recommend reading the Open Source Hardware Association (OSHWA) definition:
Please let us know if you have any specific questions about our open-source project.
The documentation may help:
No. The first line of the canary clearly states "All good"
Status: All good
Release: 2025-06-16
Period: 2025-06-01 to 2026-05-31
Expiry: 2026-06-30
We're following the AutoCanary standard. So a possible Indication of Compromise would be Status: It's complicated, or if we didn't publish a canary before the last canary's Expiry date, or if the canary's signature was invalid.
You can check the signature to confirm its validity. For more info, see:
Thanks. Fixed it :)
I'll add this to the top next time, thanks.
What is a Warrant Canary?
The BusKill team publishes cryptographically signed warrant canaries on a biannual basis.
Although security is one of our top priorities, we might not be able to inform you of of a breach if served with a State-issued, secret subpoena (gag order).
The purpose of publishing these canary statements is to indicate to our users the integrity of our systems.
For more information about BusKill canaries, see:
You might want to include a short explanation for community members who aren’t familiar with warrant canaries
Thank you for the feedback. The second line of this post contains the text:
For more information about BusKill canaries, see:
That link explains everything. Are you suggesting that we copy and paste the contents of that link into the post directly? Or maybe just the first 3 sentences?
It was asking whether some change has taken place; some cause for alarm.
If you want a very, very quick way to glance at the canary and determine this, see the Status on the first line of the signed message. In this case, it says
Status: All good
And I think #3 and #4 below that explain the canary clearly. We took this format from best-practice standards of other warrant canaries to be both human- and machine-readable.
We positively confirm, to the best of our knowledge, that the integrity of our systems are sound: all our infrastructure is in our control, we have not been compromised or suffered a data breach, we have not disclosed any private keys, we have not introduced any backdoors, and we have not been forced to modify our system to allow access or information leakage to a third party in any way.
We plan to publish the next of these canary statements before the Expiry date listed above. Special note should be taken if no new canary is published by that time or if the list of statements changes without plausible explanation.
Is there any other changes that you recommend we make to the signed message to make it clearer that this is a "good" canary?




