Ardeshir

Warrant Canary

Each month, members publish a signed statement attesting to certain conditions about the collective. The current statement is below, posted on this public page so that anyone - member or not - can see it.

If a canary is late (past the grace period) or has been revised to remove or change a clause, that change carries information.

The canary is not magic. Adversaries who can compel us can also compel us to lie. The canary’s value is that its wording is public and deliberate, and that not signing is easier than signing something false.

Current statement (signed)

(No canary published yet. The first signed canary will appear here.)

The format will be:

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Ardeshir Collective Warrant Canary
Date: <YYYY-MM-DD>
Period: <YYYY-MM>

The undersigned members of the Ardeshir collective state, on this date:

1. We have not received and complied with any legal demand to insert
   surveillance, backdoors, weakening of cryptography, or undisclosed
   modifications into Ardeshir software, infrastructure, or documents.

2. We have not received and complied with any demand to silently exfiltrate
   user data from Ardeshir services or projects.

3. We have not silently changed the membership of the collective or the
   signing group outside the documented process.

4. The governance documents and the pipeline configuration have not been
   altered outside the documented amendment process.

Signed,
<github-username> <key fingerprint>
<github-username> <key fingerprint>
...

-----BEGIN PGP SIGNATURE-----
<signature>
-----END PGP SIGNATURE-----

Pipeline status

Auto-deploy from main is active: any merged change to the website’s source reaches this page within roughly one minute, with no human intervention.

Verification

The signing keys are listed in the member key registry. When the first canary is published, the keys it lists must match the registry exactly.

Cadence

  • First week of every month.
  • Grace period: 14 days. After that, the canary is considered late.
  • A late canary triggers a notice on this page within 24 hours.

The canary is published here on the public website, even though most other governance records are visible only to members. The canary’s purpose is external attestation; it cannot do its job behind a login.