msw/CISS.debian.live.builder
SHA256
2
1
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases 6 Wiki Activity
Files
c80b45417f0950e56b33eafae87e9b8167f2824dd1bbefd809b85944c521d183
CISS.debian.live.builder/code_review.md
T
msw c80b45417f
🔐 Generating a Private Live ISO TRIXIE. / 🔐 Generating a Private Live ISO TRIXIE. (push) Has been cancelled
Details
💙 Generating a PUBLIC Live ISO. / 💙 Generating a PUBLIC Live ISO. (push) Has been cancelled
Details
🛡️ Shell Script Linting / 🛡️ Shell Script Linting (push) Has been cancelled
Details
🛡️ Retrieve DNSSEC status of coresecret.dev. / 🛡️ Retrieve DNSSEC status of coresecret.dev. (push) Has been cancelled
Details
V9.14.004.2026.05.17 
Signed-off-by: Marc S. Weidner <msw@coresecret.dev>
2026-05-17 14:28:12 +01:00

50 lines
1.6 KiB
Markdown
Raw Blame History

# code_review.md
Review priorities, in order:
1. Correctness
2. Security regressions
3. Boot/build reproducibility
4. Data loss risk
5. Error handling
6. Test coverage
7. Maintainability
8. Minimality of diff
9. Style consistency
Finding classes:
- BLOCKER: proven correctness bug, security regression, build break, boot break, or data loss risk that must be fixed before
merge
- RISK: plausible issue or security concern that is not fully proven from the available context
- CLEANUP: maintainability, readability, or consistency improvement that is not required for correctness
- NOTE: observation only; no change requested
Review output format:
- List findings first, ordered by severity.
- Cite file paths and line numbers where possible.
- For each finding, explain the concrete impact, and the smallest reasonable fix.
- Separate observations, inferences, and recommendations.
- After findings, list missing checks or residual risks.
- If there are no findings, say so explicitly and still mention relevant test gaps.
Do not nitpick formatting if automated tooling exists.
Do not invent requirements not present in the task, repository, or documentation.
Security-sensitive review checklist:
- boot trust
- initramfs behavior
- cryptsetup/LUKS handling
- encrypted SquashFS handling
- key material
- remotely unlock
- TLS/mTLS verification
- signature/hash verification
- network exposure
- file permissions
- persistence
- logging of sensitive values
---
**[no tracking | no logging | no advertising | no profiling | no bullshit](https://coresecret.eu/)**
<!-- vim: set number et ts=2 sw=2 sts=2 ai tw=128 ft=markdown -->
Reference in New Issue View Git Blame Copy Permalink