V9.14.004.2026.05.17

Signed-off-by: Marc S. Weidner <msw@coresecret.dev>
2026-05-17 14:28:12 +01:00
parent 6307bc2b7c
commit c80b45417f
48 changed files with 299 additions and 117 deletions
@@ -0,0 +1,49 @@
+# code_review.md
+
+Review priorities, in order:
+
+1. Correctness
+2. Security regressions
+3. Boot/build reproducibility
+4. Data loss risk
+5. Error handling
+6. Test coverage
+7. Maintainability
+8. Minimality of diff
+9. Style consistency
+
+Finding classes:
+- BLOCKER: proven correctness bug, security regression, build break, boot break, or data loss risk that must be fixed before
+  merge
+- RISK: plausible issue or security concern that is not fully proven from the available context
+- CLEANUP: maintainability, readability, or consistency improvement that is not required for correctness
+- NOTE: observation only; no change requested
+
+Review output format:
+- List findings first, ordered by severity.
+- Cite file paths and line numbers where possible.
+- For each finding, explain the concrete impact, and the smallest reasonable fix.
+- Separate observations, inferences, and recommendations.
+- After findings, list missing checks or residual risks.
+- If there are no findings, say so explicitly and still mention relevant test gaps.
+
+Do not nitpick formatting if automated tooling exists.
+Do not invent requirements not present in the task, repository, or documentation.
+
+Security-sensitive review checklist:
+- boot trust
+- initramfs behavior
+- cryptsetup/LUKS handling
+- encrypted SquashFS handling
+- key material
+- remotely unlock
+- TLS/mTLS verification
+- signature/hash verification
+- network exposure
+- file permissions
+- persistence
+- logging of sensitive values
+
+---
+**[no tracking | no logging | no advertising | no profiling | no bullshit](https://coresecret.eu/)**
+<!-- vim: set number et ts=2 sw=2 sts=2 ai tw=128 ft=markdown -->