# Pre-Flight Discussion - Questions, Comments, and Concerns

## Questions:

### 1. Debian 13 Availability ✅ RESOLVED
- **Original**: Debian 13 (Trixie) is currently in testing
- **Status**: RESOLVED - Debian 13.3.0 is released and stable
- **Action**: Updated spec to use debian-13.3.0-amd64-netinst.iso

### 2. USB Automounting and Package Inclusion ✅ RESOLVED
- **Original**: How will the system access USB mounting utilities without network access?
- **Status**: RESOLVED - All packages must be pre-included in ISO
- **Action**: Updated spec to clarify all utilities pre-installed

### 3. Compliance Specificity
- **Question**: Which specific CMMC levels, FedRAMP authorization levels, or STIG IDs should we target?
- **Concern**: Without specific controls, we may implement security measures that don't meet actual requirements
- **Options**: 
  - CMMC Level 3, 4, or 5?
  - FedRAMP Moderate or High?
  - Specific DISA STIG for Debian 13?

### 4. WireGuard Configuration Management
- **Question**: Should we assume WireGuard config will be provided via USB, or include a default template?
- **Concern**: Without a config, the system will have no network connectivity at all
- **Options**: 
  - Include sample/template configuration
  - Include QR code import capability
  - Assume user provides complete config via USB

## Technical Concerns:

### 5. Docker Build Context and Package Availability
- **Concern**: The current Dockerfile may not have all required packages for Debian 13.3.0
- **Issue**: Package names or availability may differ between Debian versions
- **Need**: Verify all packages in Dockerfile exist in Debian 13.3.0

### 6. Test Environment Privileges
- **Concern**: Some tests (firewall, system services) require elevated privileges
- **Issue**: Container environment may not support all required test scenarios
- **Need**: Determine how to test privileged operations in containers

### 7. ISO Size Management
- **Concern**: Including all security tools, applications, and utilities may create a large ISO
- **Issue**: Large ISO may be impractical for distribution or booting on older hardware
- **Need**: Define acceptable ISO size limits and optimization strategies

## Missing Details:

### 8. Complete Package List
- **Missing**: Exact package list for base system and applications
- **Need**: Define all packages to include in the ISO (not just applications like Remmina, etc.)
- **Examples**: Which kernel packages? Which security tools? Which system utilities?

### 9. Live-build Configuration Details
- **Missing**: Specific live-build configuration parameters
- **Need**: Kernel parameters, boot options, system settings
- **Examples**: Security kernel parameters, initrd options, bootloader security

### 10. Error Handling and Recovery
- **Missing**: Comprehensive error handling strategy
- **Need**: How to handle build failures, configuration errors, system boot issues
- **Examples**: Build failures, corrupted configs, boot problems

### 11. Boot Security
- **Missing**: Boot loader security requirements
- **Need**: Secure boot configuration, bootloader password, boot parameters
- **Examples**: GRUB security, kernel lockdown, initramfs security

## Additional Considerations:

### 12. User Experience and Documentation
- **Concern**: Security-focused system may be difficult for users
- **Need**: Clear documentation for secure workflows
- **Question**: Should we include user guides in the ISO?

### 13. System Updates and Maintenance
- **Question**: How will the system receive security updates without general internet access?
- **Options**: 
  - Air-gapped update process
  - USB-based update distribution
  - No updates after initial deployment

### 14. Hardware Compatibility
- **Concern**: Minimal desktop may have hardware compatibility issues
- **Need**: Define supported hardware scope
- **Question**: Should we include additional drivers or keep it minimal?

### 15. Testing Strategy for Air-Gapped Environment
- **Challenge**: How to test an ISO designed for air-gapped use
- **Need**: Testing methodology that doesn't require internet
- **Question**: Should we simulate air-gapped environment during testing?

---

## Priority Assessment:

**High Priority (Blockers):**
- Q3: Compliance specificity
- Q4: WireGuard configuration approach
- M8: Complete package list
- M9: Live-build configuration details

**Medium Priority (Implementation Challenges):**
- TC5: Docker package availability
- TC6: Test environment privileges
- TC7: ISO size management

**Low Priority (Nice to Have):**
- M10: Error handling strategy
- M11: Boot security details
- A12-A15: Additional considerations

---

**Status**: Awaiting your feedback on the above questions and concerns
**Next Action**: Review your inline edits and address any additional points
**Ready for Implementation**: NO - Need to resolve high priority items first