# Pre-Flight Discussion - Round 3

## Final Clarification Needed:

### Package Management Implementation Details
- **Your Feedback**: Remove apt execution permissions, use chattr +i, concerned about core system packages
- **Question**: How should we handle this in the live-build hooks?

**Implementation Options:**
1. **In `config/hooks/live/`** - Modify the live system during build
2. **In `config/hooks/installed/`** - Modify after installation but before reboot
3. **Both** - Ensure comprehensive removal/disable


**Specific Questions:**
- Should we attempt to remove `apt` and `dpkg` entirely (if possible)?
- Or just remove execute permissions and make immutable with `chattr +i`?
- What about package management metadata in `/var/lib/apt/` and `/var/lib/dpkg/`?
- Should we also remove package management tools like `aptitude`, `synaptic`, etc.?

Lets remove the permissions and make immutable after install before reboot.
Yes remove synaptic aptitude etc (or better yet dont install them at all)

## All Other Items ✅ RESOLVED:

### Compliance Framework
- ✅ CMMC Level 3
- ✅ CIS Benchmark for Debian Linux + Debian STIG (last for Debian 11)
- ✅ Adapt Debian 11 STIG for Debian 13

### QR Code Implementation  
- ✅ zbar for scanning (no generation needed)
- ✅ Shell script for scan and config update
- ✅ Standard WireGuard QR format

### Testing Strategy
- ✅ Include test suite in ISO
- ✅ Command line execution

### Package Management
- ✅ Remove execute permissions
- ✅ Use `chattr +i` for immutability
- ? Need clarification on implementation approach

### Preseed Configuration
- ✅ Timezone: US/Chicago
- ✅ Keyboard: Standard US English
- ✅ Password complexity in preseed

### Secure Boot
- ✅ Include secure boot keys in ISO
- ✅ UEFI only (no Legacy BIOS)
- ✅ Measured boot

### Documentation
- ✅ No user guides in ISO
- ✅ No inline help for shortcuts
- ✅ Technical documentation in repo only

---

### Package Management Implementation ✅ RESOLVED
- ✅ Use `config/hooks/installed/` - modify after installation before reboot
- ✅ Remove execute permissions from apt, dpkg, and package management tools
- ✅ Make immutable with `chattr +i`
- ✅ Don't install synaptic, aptitude, etc. in the first place
- ✅ Handle package management metadata in `/var/lib/apt/` and `/var/lib/dpkg/`

---

**Status**: All items resolved - ready to update specification
**Next Action**: Update football-spec.md with all decisions from pre-flight discussions
**Ready for Implementation**: YES - all questions and concerns resolved