1. A small songbird in the finch family, serinus canaria domestica, originally native to islands in the North Atlantic.
2. A mechanism to test for unsafe conditions, originating from the use of canaries in coal mines to detect poisonous gases or cave-ins. If the canary died, it was time to get out of the mine. More recently, the term has been used by some online service providers to refer to an affirmative statement, updated regularly, that the provider has not been subjected to certain legal processes. If the statement is not updated in a timely fashion, users may infer that the canary statement may no longer be true.
You should follow these instructions to download HelpYouFind.Me's gpg key and verify the canary statement:
Download our public signing key. Then import it like via gpg:
gpg --import hyfm_signing_key.asc
Once you have imported the key you can verify the statement like so:
gpg --verify canary-statement-signed.txt
You should get output that is similar to the following (note the date will change, based on when the canary statement was signed):
gpg: Signature made Thu 11 Mar 2021 07:42:19 PM PST gpg: using RSA key BD3E2A7DDD7570779AD9397D0E060B9F13E816F5 gpg: issuer "firstname.lastname@example.org" gpg: Good signature from "HelpYouFind.Me Admins
You should make sure that it says “Good signature” in the output and confirm that the keyid matches the one listed above. If this text has been altered, then this information should not be trusted.
Unless you have taken explicit steps to build a trust path to the HelpYouFind.Me key, you will see a warning message similar to:
gpg: WARNING: This key is not certified with a trusted signature! gpg: There is no indication that the signature belongs to the owner.
However, you still should see the “Good signature”.
Note: This template is based on the RiseUp.net canary page.