From fcfbbfa2d30bbcebedab0e6757bc4862dd202589 Mon Sep 17 00:00:00 2001
From: Charles N Wyble <reachableceo@turnsys.com>
Date: Wed, 21 Jan 2026 09:58:23 -0500
Subject: [PATCH] docs: create PreFlightDiscussion-03.md for final
 clarification

- Need clarification on package management implementation approach
- All other items resolved from PreFlightDiscussion-02.md
- Options: live hooks vs installed hooks, remove vs disable
- Ready to update specification once this final item is resolved
---
 PreFlightDiscussion-03.md | 60 +++++++++++++++++++++++++++++++++++++++
 1 file changed, 60 insertions(+)
 create mode 100644 PreFlightDiscussion-03.md

diff --git a/PreFlightDiscussion-03.md b/PreFlightDiscussion-03.md
new file mode 100644
index 0000000..0afaaa5
--- /dev/null
+++ b/PreFlightDiscussion-03.md
@@ -0,0 +1,60 @@
+# Pre-Flight Discussion - Round 3
+
+## Final Clarification Needed:
+
+### Package Management Implementation Details
+- **Your Feedback**: Remove apt execution permissions, use chattr +i, concerned about core system packages
+- **Question**: How should we handle this in the live-build hooks?
+
+**Implementation Options:**
+1. **In `config/hooks/live/`** - Modify the live system during build
+2. **In `config/hooks/installed/`** - Modify after installation but before reboot
+3. **Both** - Ensure comprehensive removal/disable
+
+**Specific Questions:**
+- Should we attempt to remove `apt` and `dpkg` entirely (if possible)?
+- Or just remove execute permissions and make immutable with `chattr +i`?
+- What about package management metadata in `/var/lib/apt/` and `/var/lib/dpkg/`?
+- Should we also remove package management tools like `aptitude`, `synaptic`, etc.?
+
+## All Other Items ✅ RESOLVED:
+
+### Compliance Framework
+- ✅ CMMC Level 3
+- ✅ CIS Benchmark for Debian Linux + Debian STIG (last for Debian 11)
+- ✅ Adapt Debian 11 STIG for Debian 13
+
+### QR Code Implementation  
+- ✅ zbar for scanning (no generation needed)
+- ✅ Shell script for scan and config update
+- ✅ Standard WireGuard QR format
+
+### Testing Strategy
+- ✅ Include test suite in ISO
+- ✅ Command line execution
+
+### Package Management
+- ✅ Remove execute permissions
+- ✅ Use `chattr +i` for immutability
+- ? Need clarification on implementation approach
+
+### Preseed Configuration
+- ✅ Timezone: US/Chicago
+- ✅ Keyboard: Standard US English
+- ✅ Password complexity in preseed
+
+### Secure Boot
+- ✅ Include secure boot keys in ISO
+- ✅ UEFI only (no Legacy BIOS)
+- ✅ Measured boot
+
+### Documentation
+- ✅ No user guides in ISO
+- ✅ No inline help for shortcuts
+- ✅ Technical documentation in repo only
+
+---
+
+**Status**: Waiting for final clarification on package management implementation
+**Next Action**: Update specification with all decisions and begin implementation
+**Ready for Implementation**: Almost there - need this final detail
\ No newline at end of file