BLUG Wiki

User Tools

Site Tools

You are here: start » blug-canary-1
Trace:
blug-canary-1

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revision Previous revision
Next revision 		Previous revision
Next revision Both sides next revision
blug-canary-1 [2020/02/21 02:08]
persmule 		blug-canary-1 [2020/03/27 18:41]
BLUG Admin
Line 12: Line 12:
 Hash: SHA512 Hash: SHA512
  
-BEIJING GNU/LINUX USER GROUP CANARY (2/3)+BEIJING GNU/LINUX USER GROUP CANARY (1/3)
 ==================================== ====================================
  
-Issued for February 2020.+Issued for March 2020.
  
 Don't just trust the contents of this file blindly! Verify the Don't just trust the contents of this file blindly! Verify the
Line 32: Line 32:
 one is located at: one is located at:
  
-* https://beijinglug.club/wiki/doku.php?id=blug-canary-3+* https://beijinglug.club/wiki/doku.php?id=blug-canary-2
  
 It is possible that the signatures are not updated at the same time, It is possible that the signatures are not updated at the same time,
Line 70: Line 70:
  
 10. We plan to publish the next of these canary statements in the first three 10. We plan to publish the next of these canary statements in the first three
-weeks of March 2020. Special note should be taken if no new canary is published+weeks of April 2020. Special note should be taken if no new canary is published
 by that time or if the list of statements changes without plausible explanation. by that time or if the list of statements changes without plausible explanation.
  
Line 76: Line 76:
 ~~~~~~~~~~~~~~~~~~~~~~~~ ~~~~~~~~~~~~~~~~~~~~~~~~
  
-1. Since mid-October, persmule's old signing key 0x2987A25DAC8454A5 has+1. Due to personal reasons, biergaizi (0xFAD3EB05E88E8D6D) was not available 
 +and couldn't sign the warrent canary before the end of February, 2020. This 
 +was not a result of any incident. All statements of the warrent canary documents 
 +are still valid. A canary for February, 2020 has been signed by biergaizi 
 +retroactively. 
 + 
 +2. Since mid-October, persmule's old signing key 0x2987A25DAC8454A5 has
 expired. A new key, 0xEDFFE248ECFACDE3C805906804A40D21DBB89B60, has been expired. A new key, 0xEDFFE248ECFACDE3C805906804A40D21DBB89B60, has been
 created and uploaded to https://keys.openpgp.org/, it can be obtained from created and uploaded to https://keys.openpgp.org/, it can be obtained from
 this keyserver. this keyserver.
  
-2. The new key will be used by persmule to sign future warrant canary+3. The new key will be used by persmule to sign future warrant canary
 documents. You can verify the signature by crosschecking the other two documents. You can verify the signature by crosschecking the other two
 documents signed by biergaizi and wnereiz for consistency. documents signed by biergaizi and wnereiz for consistency.
  
-3. Due to this key rollover, the October message was not signed by persmule.+4. Due to this key rollover, the October message was not signed by persmule.
 This did/does not indicate a security incident, all of the statements above This did/does not indicate a security incident, all of the statements above
 were valid, and are still valid. were valid, and are still valid.
  
-4. Recent attacks on OpenPGP keyservers have raised great security concerns+5. Recent attacks on OpenPGP keyservers have raised great security concerns
 within the community, as a countermeasure, persmule's personal User-ID has within the community, as a countermeasure, persmule's personal User-ID has
 not published to the https://keys.openpgp.org/ keyserver. Instead, only not published to the https://keys.openpgp.org/ keyserver. Instead, only
Line 97: Line 103:
 for a 3rd-party to verify the canary document signed by persmule. for a 3rd-party to verify the canary document signed by persmule.
  
-5. We are looking for a solution. But for now, we decided that the best+6. We are looking for a solution. But for now, we decided that the best
 option is starting publishing new canary documents using the new key. option is starting publishing new canary documents using the new key.
 As a temporary measure, you can check the canary documents signed by As a temporary measure, you can check the canary documents signed by
Line 104: Line 110:
 by them as valid. by them as valid.
  
-6. This effectively reduced the number of signers to two people. It reduces+7. This effectively reduced the number of signers to two people. It reduces
 the level of confidence, but currently there is no alternative option yet. the level of confidence, but currently there is no alternative option yet.
  
-7. Once the technical problem of OpenPGP public key without User-ID is+8. Once the technical problem of OpenPGP public key without User-ID is
 resolved, you can check the previous signatures retroactively, and this resolved, you can check the previous signatures retroactively, and this
 would effectively restore the level of confidence. You can archive would effectively restore the level of confidence. You can archive
Line 113: Line 119:
 ensure no data tampering has occured. ensure no data tampering has occured.
  
-8. Unlike persmule, biergaizi and wnereiz's signing keys are unchanged,+9. Unlike persmule, biergaizi and wnereiz's signing keys are unchanged,
 but the Key-IDs have been changed to its full fingerprint format in the but the Key-IDs have been changed to its full fingerprint format in the
 canary document for clarity. canary document for clarity.
  
-9. When new information is available, it will be published in the "Special+10. When new information is available, it will be published in the "Special
 Announcements" section in future warrant canary documents. Announcements" section in future warrant canary documents.
  
Line 124: Line 130:
  
 $ rsstail -1 -n5 -N -u https://www.telegraph.co.uk/news/rss.xml $ rsstail -1 -n5 -N -u https://www.telegraph.co.uk/news/rss.xml
- US intelligence chief replaced 'after clash with Donald Trump over Russian bid to boost re-election' + What essential shops are open during the coronavirus lockdown? 
- Windrush draft report that called Home Office institutionally racist 'was watered down' + What is coronavirus, how did it start and how big could it get? 
- Grace Millane killer sentenced to life in prison in New Zealand for murder of British backpacker + Friday evening news briefing: Boris Johnson has coronavirus - what now? 
- Regent's Park mosque stabbing: man in his 70s attacked during prayers + How does a coronavirus home test kit work, and how do I get one? 
- Thursday evening news briefing: Stabbing in London mosque+ How can I join the NHS coronavirus volunteer army, and what would I do?
  
 $ rsstail -1 -n5 -N -u https://rss.nytimes.com/services/xml/rss/nyt/World.xml $ rsstail -1 -n5 -N -u https://rss.nytimes.com/services/xml/rss/nyt/World.xml
- Coronavirus Live Updates: Clusters in Japan May Hint at How Virus Spreads + Coronavirus Live Updates: House Passes $2 Trillion Relief Bill 
- Far-Right Shooting Shatters an Already Fragile Sense of Security in Germany + For France, Coronavirus Tests a Vaunted Health Care System 
- A Police State With an Islamist Twist: Inside Hifters Libya + The Virus Is Coming to Myanmar, but the Pain Has Already Begun 
- U.S. and Allies Blame Russia for Cyberattack on Republic of Georgia + Australia Says Goodbye to the Worlds Longest Boom 
- Suspect Arrested in Stabbing at London Mosque+ Migrant Farmworkers Whose Harvests Feed Europe Are Blocked at Borders
  
 $ date -R -u $ date -R -u
-Fri, 21 Feb 2020 02:01:48 +0000+Fri, 27 Mar 2020 18:29:16 +0000
  
 -----BEGIN PGP SIGNATURE----- -----BEGIN PGP SIGNATURE-----
  
-iQEzBAEBCgAdFiEEwonfPqgFyacM7J3iwYAPuUJ74CEFAl5POx0ACgkQwYAPuUJ7 +iQIzBAEBCgAdFiEEJVIRsjlaWj4OSKDx+tPrBeiOjW0FAl5+R7kACgkQ+tPrBeiO 
-4CFEBAgAzvltWGMHElouFtnWIfb5EU0LL9Zlfhg2V8KZ/fe+bL6mKw1H9gxwTo08 +jW2IiA//arXTG8Y1ZdlLjIaydHuDurcdIfskEgwDwH1almMDeJIgk0ybl+gR/TZ7 
-oi+GBRYQz8l4AVU1YTDO2aZNUYATIxsiBhFAEpGe1xoh3ui/9bZbUAtMZBHfoHK3 +utZ3UNsHxCsB/xs6p5Gw26IilAGBgBqodrm1OwUflCpMS7KfVTP4It1dfbXBX/gP 
-ff6UnbfbHZOWUyfh03UNllZ3cdVBzQ9c64LrFlPmu2zNaif2/QTvESOpuDfNwRoR +RARTmX07Qa+g+UtZlrRwXvAIk/SPG725SSH5uhVjp+XtPXU/9/pJLnicu47CEKlg 
-CDsOg434SMB5T8mruLDy7NPyqey+03BpkhEMalskn6ra8FQWmct7q2xVfkB5HRhy +tbiEgGOzbj+nbAoNOvCD8KA7NGAT8togJgru/KrNNpfpMR7N5WmypEQA79XGF/Hx 
-l4SGWGNI8eE9+atyH/wKM46Ytdx0zgBCHQ95yeWa4kwAn6EP9kYMEqMRCSAdHauW +J5KwwwQtW38ACLy/Tbop9QUDvVDAneFEWjcEpuMy7uEBdmfI0WmpTRynjWAkqJmD 
-Mp4GAH94izVkxwDQ6R7X9o2WdmZh7w=+mHXJUaIT3LkXjbn9xFhAdRtwlOMrnt8Nkr6AKIe+ERn4J8yI1dK3q2n2S+0ogvmU 
-=1OSg+vQ00fTjNfce324sky4/sYAFyqHpwxDHd/Yx1kYkxLAW299L0Rt+xlrWqiwIWJQJ
 +6m5k/02A55aIrmpVYCY9byrGjOSwJmaJM8QuI4gDwRdxGOsHsEsGgar1Tb8FUbph 
 +WuXVNjXM69yV0YUW2S2twVDRA7XKoozmMR2EC6TaT1pF5kJ8YB5+QRcr82z8CMDF 
 +puqkABkwhLbAFPnCx44KKpnpQWh+xB/vnFobSiT1tFGTUuwVO7DyarR/WhMjxuTG 
 +nTefGOsjjSqALbnq2I0Zfn4H8UmhQYZTuPm2khpXjQXSY3lUPR0
 +=NgPa
 -----END PGP SIGNATURE----- -----END PGP SIGNATURE-----
 </code> </code>
blug-canary-1.txt · Last modified: 2024/03/30 20:52 by BLUG Admin

Page Tools

Except where otherwise noted, content on this wiki is licensed under the following license: CC Attribution-Share Alike 4.0 International
CC Attribution-Share Alike 4.0 International Donate Driven by DokuWiki Template From SyntaxSeed