veilor-org/veilor-os
1
0
Fork 0
Code Issues Pull requests Projects Releases 1 Packages Wiki Activity Actions 1

sec: polish THREAT-MODEL.md for v0.7 public launch #10

Merged
s8n merged 1 commit from feat/sec-threat-model-polish into main 2026-05-06 13:46:59 +01:00
Conversation 0 Commits 1 Files changed 1 +38 -33
s8n commented 2026-05-06 11:15:01 +01:00
Owner
Copy link

In-scope rows now cite specific config files/settings (auditable from clean checkout). Out-of-scope rows un-hedged. Status flipped Draft → Final.

39 insertions, 34 deletions in docs/THREAT-MODEL.md.

In-scope rows now cite specific config files/settings (auditable from clean checkout). Out-of-scope rows un-hedged. Status flipped Draft → Final. 39 insertions, 34 deletions in docs/THREAT-MODEL.md.
s8n added 1 commit 2026-05-06 11:15:01 +01:00
sec: polish THREAT-MODEL.md for v0.7 public launch
Some checks failed
Lint / Kickstart syntax (pull_request) Failing after 0s
Details
Lint / Shell scripts (pull_request) Failing after 0s
Details
Lint / No personal/onyx leaks (pull_request) Failing after 0s
Details
e4b6516f1c 
Status flipped Draft → Final.

In-scope rows now cite specific config files / settings (auditable
from clean checkout):
  - LUKS2 params from kickstart/veilor-os.ks
  - sysctl knobs file path
  - USBGuard policy mode + rule type
  - sshd_config drop-in path + every directive
  - auditd rule path + watched paths
  - chrony NTS endpoints
  - systemd-resolved DoT settings
  - bootloader kernel args (lockdown, slab_nomerge, init_on_alloc/free, etc.)

Out-of-scope rows un-hedged. 'May not always' phrasings removed; each
adversary states unambiguously what veilor-os does NOT do.
s8n merged commit d042552752 into main 2026-05-06 13:46:59 +01:00
Sign in to join this conversation.
Reviewers
No reviewers
Labels
Clear labels
No items
No labels
Milestone
Clear milestone
No items
No milestone
Projects
Clear projects
No items
No project
Assignees
Clear assignees
No assignees
1 participant
Notifications
Due date
The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference: veilor-org/veilor-os#10
No description provided.
Delete branch "feat/sec-threat-model-polish"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?