docs: create PreFlightDiscussion-02.md with follow-up questions
- Address feedback from PreFlightDiscussion-01.md - Clarify compliance framework (CMMC level, STIG vs CIS) - Detail QR code implementation questions - Resolve testing strategy and package management approach - Define remaining high-priority items before implementation
This commit is contained in:
77
PreFlightDiscussion-02.md
Normal file
77
PreFlightDiscussion-02.md
Normal file
@@ -0,0 +1,77 @@
|
||||
# Pre-Flight Discussion - Round 2
|
||||
|
||||
## Follow-up Questions Based on Your Feedback:
|
||||
|
||||
### 1. Compliance Framework Clarification
|
||||
- **Your Feedback**: Entry point to tier0 infrastructure supporting ITAR/SECRET systems, CMMC Level 2/3 downstream, LI-SaaS for RackRental.net
|
||||
- **Questions**:
|
||||
- Should we target CMMC Level 3 for this system since it supports Level 2/3 downstream?
|
||||
- For STIG vs CIS: DISA STIGs are military requirements, CIS Benchmarks are industry best practices. Given your use case (tier0, ITAR/SECRET), I recommend DISA STIGs. Do you agree?
|
||||
- Should we implement the "Debian 13 STIG" or the more comprehensive "General Operating System STIG"?
|
||||
|
||||
### 2. QR Code Import Implementation
|
||||
- **Your Feedback**: Want QR code import capability using webcam
|
||||
- **Questions**:
|
||||
- Which QR code library should we use? (qrencode for generation, zbar for scanning)
|
||||
- Should we create a desktop shortcut for QR scanning, or integrate it into the WireGuard config management?
|
||||
- What QR code format should we support? (Standard WireGuard QR format?)
|
||||
|
||||
### 3. Testing Strategy Clarification
|
||||
- **Your Feedback**: Test suite runs on installed system, not in build environment
|
||||
- **Questions**:
|
||||
- Should we include the test suite in the ISO itself for post-install validation?
|
||||
- Or keep tests separate for QA/validation before deployment?
|
||||
- How should the tests be triggered on the installed system? (Desktop shortcut, command line?)
|
||||
|
||||
### 4. Package Management Strategy
|
||||
- **Your Feedback**: Very minimal packages, re-image quarterly rather than update
|
||||
- **Questions**:
|
||||
- Should we remove apt/apt-get entirely to prevent accidental updates?
|
||||
- Or keep it but disable network access?
|
||||
- What's your preference for package management tools on the final system?
|
||||
|
||||
### 5. Preseed Configuration Details
|
||||
- **Your Feedback**: Only install target, root password, non-root user/password are manual
|
||||
- **Questions**:
|
||||
- What timezone should we default to?
|
||||
- What keyboard layout should we default to?
|
||||
- Should we enforce password complexity in the preseed itself, or handle that post-install?
|
||||
|
||||
### 6. Secure Boot Implementation
|
||||
- **Your Feedback**: Must use secure boot, refuse to boot if altered
|
||||
- **Questions**:
|
||||
- Should we include Secure Boot keys in the ISO or use standard Microsoft keys?
|
||||
- Do you want UEFI-only boot, or support Legacy BIOS as well?
|
||||
- Should we implement measured boot or just standard Secure Boot?
|
||||
|
||||
### 7. Documentation Approach
|
||||
- **Your Feedback**: No user guides in ISO
|
||||
- **Questions**:
|
||||
- Should we create minimal inline help for the desktop shortcuts?
|
||||
- Or assume users are trained and don't need any documentation?
|
||||
- Where should we store technical documentation? (Project repo only?)
|
||||
|
||||
## Clarifications Received:
|
||||
|
||||
### ✅ Test Environment: Keep tests separate from build environment, use shellcheck/shellfmt only in build
|
||||
### ✅ ISO Size: Not a concern, add to .gitignore
|
||||
### ✅ Updates: Re-image quarterly, no internet updates
|
||||
### ✅ Hardware: Standard Debian 13 kernel works on target hardware
|
||||
### ✅ User Experience: No user guides needed
|
||||
### ✅ Minimal Packages: Start minimal and iterate
|
||||
|
||||
## Remaining High Priority Items to Resolve:
|
||||
|
||||
1. **Compliance Framework**: CMMC level + STIG vs CIS decision
|
||||
2. **QR Code Implementation**: Library choice and integration approach
|
||||
3. **Testing Strategy**: In-ISO tests vs separate validation
|
||||
4. **Package Management**: Remove or disable apt?
|
||||
5. **Preseed Details**: Timezone, keyboard, password enforcement
|
||||
6. **Secure Boot**: Key management and boot mode
|
||||
7. **Documentation**: Minimal help vs none
|
||||
|
||||
---
|
||||
|
||||
**Status**: Awaiting your responses to the above questions
|
||||
**Next Action**: Update specification based on your decisions
|
||||
**Ready for Implementation**: Getting closer - need to resolve these remaining items
|
||||
Reference in New Issue
Block a user