V1.01.192.2025.06.06

Signed-off-by: Marc S. Weidner <msw@coresecret.dev>

.gitea/workflows/linter_char_scripts.yaml

@@ -127,10 +127,12 @@ jobs:
           #
           # We capture:
           # - All files '*.sh', '*.rfc.xml'
-          # - All files whose first line begins with “#!” (shebang)
+          # - All files whose first line begins with "#!" (shebang)
           # -------------------------------
           mapfile -t files_to_check < <(
-            find . -type f \( \
+            find . \
+              -path './.git' -prune -o \
+              -type f \( \
                 -iname '*.sh' -o \
                 -iname '*.rfc.xml' -o \
                 -exec grep -Iq '^#!' {} \; \

docs/graphviz/ciss.developer.branch.dot

@@ -138,15 +138,15 @@ digraph CISS_debian_live_builder {
     // Jump Host → Hidden-Master
     Jump_Host -> Hidden_Master [color=green];
 
-    // Hidden-Master → Name servers (each green with the label “HMAC SHA512”)
+    // Hidden-Master → Name servers (each green with the label "HMAC SHA512")
     Hidden_Master -> ns00 [color=green, label="HMAC SHA512"];
     Hidden_Master -> ns01 [color=green, label="HMAC SHA512"];
     Hidden_Master -> ns02 [color=green, label="HMAC SHA512"];
     Hidden_Master -> ns03 [color=green, label="HMAC SHA512"];
 
-    // Red arrows “DNSSEC” from name server cluster (ns_anchor) → B cluster (b_big_anchor)
+    // Red arrows "DNSSEC" from name server cluster (ns_anchor) → B cluster (b_big_anchor)
     ns_anchor -> b_big_anchor [color=red, label="DNSSEC"];
-    // Red arrow “DNSSEC” from nameserver cluster (ns_anchor) → cloud cluster (cloud_anchor)
+    // Red arrow "DNSSEC" from nameserver cluster (ns_anchor) → cloud cluster (cloud_anchor)
     ns_anchor -> cloud_anchor [color=red, label="DNSSEC"];
 
     // Red arrows from TLS Internet → B-Cluster and cloud

draft-weidner-catalog-rr-ext-00.rfc.xml

@@ -1399,7 +1399,7 @@ https://caa-ct-sts.<domain>.<tld>/.well-known/caa-ct-sts.txt
           <li>"+ 2" Whitelist of Non-Critical CT-Logs.
             In addition to the n + 1 critical logs, domain owners <strong>SHOULD</strong> nominate at least
             up to two further CT-Logs without the "critical=true" flag.
-            These “whitelisted” CT-Logs provide extra transparency channels,
+            These "whitelisted" CT-Logs provide extra transparency channels,
             enabling issuance to continue if a critical CT-Log fails,
             but do not block issuance if they are unreachable.
             They <strong>MUST NOT</strong> not carry "critical=true"; otherwise,