๐ Code Transparency
Trust, but verify. This page provides cryptographic proof that the code running on this server matches the source code published on GitHub. You don't have to trust us โ you can verify it yourself.
โณ Loading deployment information...
๐ Current Deployment
Git Commit
Loading...
Branch
Loading...
Build Time
Loading...
GPG Signed
Checking...
๐ File Verification
The following files are deployed with their SHA256 hashes. You can verify each one matches the source.
โณ Loading file manifest...
๐ก๏ธ How to Verify
Option 1: Quick Verification (requires curl, jq)
curl -sL https://derlocke.net/transparency/verify.sh | bashOption 2: Manual Verification
- Download the manifest.json
- Compare the git commit hash with the GitHub repository
- For any file, compute its SHA256 hash and compare:
curl -sL https://derlocke.net/style.css | sha256sum - If GPG-signed, verify the signature:
gpg --verify manifest.sig manifest.json
Option 3: Full Source Comparison
# Clone the repo at the deployed commit
git clone https://github.com/derlocke-ng/derlocke-blog
cd derlocke-blog
git checkout COMMIT_HASH
# Build locally and compare
./build.sh
sha256sum *.html *.css *.js๐ค Why This Matters
Traditional web services require you to trust the operator. With code transparency:
- Verifiable deployments โ Know exactly what code is running
- Tamper detection โ Any unauthorized changes are detectable
- Audit trail โ Every deployment is linked to a git commit
- Open source proof โ Not just open source, but verifiably deployed
This is especially important for services that handle sensitive data. While this blog itself is static, the services I host follow the same transparency principles.
๐ GPG Public Key
Manifests may be signed with the following GPG key:
Key not yet configured. Check back soon!