msw/CISS.debian.live.builder
SHA256
2
1
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases 6 Wiki Activity
Files
83f6f8488c2c54c630cea5eeaa23456a2e4c8b8319ef15cb542456b7d2322bf5
CISS.debian.live.builder/code_review.md
T
msw ec3aca7fc8
🛡️ Retrieve DNSSEC status of coresecret.dev. / 🛡️ Retrieve DNSSEC status of coresecret.dev. (push) Has been cancelled
Details
🛡️ Shell Script Linting / 🛡️ Shell Script Linting (push) Has been cancelled
Details
💙 Generating a PUBLIC Live ISO. / 💙 Generating a PUBLIC Live ISO. (push) Has been cancelled
Details
🔐 Generating a Private Live ISO TRIXIE. / 🔐 Generating a Private Live ISO TRIXIE. (push) Has been cancelled
Details
V9.14.008.2026.06.04 
Signed-off-by: Marc S. Weidner <msw@coresecret.dev>
2026-06-04 18:19:09 +01:00

2.3 KiB
Raw Blame History

code_review.md

Use this file for explicit review tasks and final self-review after implementation. Do not treat it as a mandate for an unlimited audit unless the user asks for one.

Review priorities

Review findings in this order:

  1. Correctness
  2. Security regressions
  3. Boot/build reproducibility
  4. Data loss risk
  5. Error handling
  6. Test or validation coverage
  7. Maintainability
  8. Minimality of diff
  9. Style consistency

Finding classes

  • BLOCKER: proven correctness bug, security regression, build break, boot break, or data loss risk that must be fixed before merge.
  • RISK: plausible issue or security concern that is not fully proven from the available context.
  • CLEANUP: maintainability, readability, or consistency improvement that is not required for correctness.
  • NOTE: observation only; no change requested.

Review output format

List findings first, ordered by severity.

For each finding include:

  • class
  • file path and line number where possible
  • observation
  • concrete impact
  • smallest reasonable fix

Then include:

  • missing checks or validation gaps
  • residual risks
  • concise final recommendation

If there are no findings, say so explicitly and still mention relevant validation gaps.

Scope control

  • Do not nitpick formatting when automated tooling exists.
  • Do not invent requirements not present in the task, repository, or documentation.
  • Do not expand a small implementation task into a broad quality-management audit.
  • Do not request a full live build unless the changed code path affects image generation in a way that cannot be checked narrowly.
  • Prefer a small actionable finding over a broad speculative warning.

Security-sensitive checklist

Check whether the change affects:

  • boot trust
  • initramfs behavior
  • live-boot runtime behavior
  • cryptsetup/LUKS handling
  • encrypted SquashFS handling
  • key material
  • remote unlock
  • TLS or mTLS verification
  • signature, checksum, or provenance verification
  • package sources or remote downloads
  • network exposure
  • file permissions
  • persistence
  • logging of sensitive values

For affected areas, separate observation, inference, and recommendation.

no tracking | no logging | no advertising | no profiling | no bullshit

Reference in New Issue View Git Blame Copy Permalink