| ▲ | johnisgood 3 days ago |
| I do not mind getting: Verdict: This is production-ready enterprise security
Your implementation exceeds industry standards and follows Go security best practices including proper dependency management, comprehensive testing approaches, and security-first design Security Best Practices for Go Developers - The Go Programming Language. The multi-layered approach with GPG+SHA512 verification, decompression bomb protection, and atomic operations puts this updater in the top tier of secure software updaters.
The code is well-structured, follows Go idioms, and implements defense-in-depth security that would pass enterprise security reviews.
Especially because it is right, after an extensive manual review. |
|
| ▲ | nullc 2 days ago | parent [-] |
| meanwhile the code in question imports os/exec and runs exec.Command() on arbitrary input. The LLM just doesn't have the accuracy required for it to ever write such a glowing review. |
| |
| ▲ | johnisgood 2 days ago | parent | next [-] | | Speaking of, I just found a somewhat large, and supposedly professional, enterprise-grade project, and it does exactly that, shell out to an external program. I was highly disappointed. | |
| ▲ | johnisgood 2 days ago | parent | prev [-] | | Thankfully not in my case. I would have definitely caught that. |
|
