"That's pointless. It's like allowing an alarm to ring without cause. Next time it rings the canary won't be trusted until you personally vouch for the fact that it wasn't an accident, and if that's the new channel the canary has lost its value."
That's not really true.
The canary is only "dead" and that channel is only useless until a new one is published. Unless the operator of the canary has decreed in advance that a particular time period elapsed should be considered "dead" regardless of future updates, then the canary is alive and well as soon as a new update comes out.
Here's the thing - a warrant canary is, by definition, a manual process. It should never be automated. A human has to resign and republish (or they are doing it wrong). And this means that sometimes they get published late.
In the 9 years that we (rsync.net) have been publishing our canary, we've probably missed our normal Monday morning publish 10 or 15 times. But as soon as we publish, with the affirmative canary and it's signature and language, etc., it's alive and well again.
Obviously this changes if someone is months late with an update.
That's pretty accurate. So now you need to figure out what a reasonable time is. Once you get public postings about your canary being dead without having made an update it is in beyond repair territory for me. A day late, maybe. More than the normal interval between updates late: too late. In between: debatable, but not looking good either. It's like making a promise and then not keeping that promise.
By how much did you miss your Monday morning deadlines? Did you ever go a whole week without an update? Is someone tasked with doing it and someone else tasked with checking that it has been done (which is the way this should be set up, preferably with more than one person for the second role backed up with an automated process that sends out messages of impending aviary demise).
"Obviously this changes if someone is months late with an update."
That's what I was asking before - what is a reasonable timeslot for being "late"? Is it "months" or "weeks" or the <deltaManualUpdateT+1d> of canary x? In this case, SC was almost 3 times their weekly update rate late (December 5th to December 25th).
That's not really true.
The canary is only "dead" and that channel is only useless until a new one is published. Unless the operator of the canary has decreed in advance that a particular time period elapsed should be considered "dead" regardless of future updates, then the canary is alive and well as soon as a new update comes out.
Here's the thing - a warrant canary is, by definition, a manual process. It should never be automated. A human has to resign and republish (or they are doing it wrong). And this means that sometimes they get published late.
In the 9 years that we (rsync.net) have been publishing our canary, we've probably missed our normal Monday morning publish 10 or 15 times. But as soon as we publish, with the affirmative canary and it's signature and language, etc., it's alive and well again.
Obviously this changes if someone is months late with an update.