KNEL/football
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
2b758f6391b87b780ff00f33809f9342a42e0e0c
football/PreFlightDiscussion-01.md
Charles N Wyble 2b758f6391 docs: create PreFlightDiscussion-01.md for project review 
- Document all questions, comments, and concerns before implementation
- Categorize by priority: High (blockers), Medium (challenges), Low (nice to have)
- Mark resolved items: Debian 13.3.0 availability and USB package inclusion
- Ready for stakeholder review and inline feedback
2026-01-21 09:23:27 -05:00

4.8 KiB
Raw Blame History

Pre-Flight Discussion - Questions, Comments, and Concerns

Questions:

1. Debian 13 Availability RESOLVED

  • Original: Debian 13 (Trixie) is currently in testing
  • Status: RESOLVED - Debian 13.3.0 is released and stable
  • Action: Updated spec to use debian-13.3.0-amd64-netinst.iso

2. USB Automounting and Package Inclusion RESOLVED

  • Original: How will the system access USB mounting utilities without network access?
  • Status: RESOLVED - All packages must be pre-included in ISO
  • Action: Updated spec to clarify all utilities pre-installed

3. Compliance Specificity

  • Question: Which specific CMMC levels, FedRAMP authorization levels, or STIG IDs should we target?
  • Concern: Without specific controls, we may implement security measures that don't meet actual requirements
  • Options:
    • CMMC Level 3, 4, or 5?
    • FedRAMP Moderate or High?
    • Specific DISA STIG for Debian 13?

4. WireGuard Configuration Management

  • Question: Should we assume WireGuard config will be provided via USB, or include a default template?
  • Concern: Without a config, the system will have no network connectivity at all
  • Options:
    • Include sample/template configuration
    • Include QR code import capability
    • Assume user provides complete config via USB

Technical Concerns:

5. Docker Build Context and Package Availability

  • Concern: The current Dockerfile may not have all required packages for Debian 13.3.0
  • Issue: Package names or availability may differ between Debian versions
  • Need: Verify all packages in Dockerfile exist in Debian 13.3.0

6. Test Environment Privileges

  • Concern: Some tests (firewall, system services) require elevated privileges
  • Issue: Container environment may not support all required test scenarios
  • Need: Determine how to test privileged operations in containers

7. ISO Size Management

  • Concern: Including all security tools, applications, and utilities may create a large ISO
  • Issue: Large ISO may be impractical for distribution or booting on older hardware
  • Need: Define acceptable ISO size limits and optimization strategies

Missing Details:

8. Complete Package List

  • Missing: Exact package list for base system and applications
  • Need: Define all packages to include in the ISO (not just applications like Remmina, etc.)
  • Examples: Which kernel packages? Which security tools? Which system utilities?

9. Live-build Configuration Details

  • Missing: Specific live-build configuration parameters
  • Need: Kernel parameters, boot options, system settings
  • Examples: Security kernel parameters, initrd options, bootloader security

10. Error Handling and Recovery

  • Missing: Comprehensive error handling strategy
  • Need: How to handle build failures, configuration errors, system boot issues
  • Examples: Build failures, corrupted configs, boot problems

11. Boot Security

  • Missing: Boot loader security requirements
  • Need: Secure boot configuration, bootloader password, boot parameters
  • Examples: GRUB security, kernel lockdown, initramfs security

Additional Considerations:

12. User Experience and Documentation

  • Concern: Security-focused system may be difficult for users
  • Need: Clear documentation for secure workflows
  • Question: Should we include user guides in the ISO?

13. System Updates and Maintenance

  • Question: How will the system receive security updates without general internet access?
  • Options:
    • Air-gapped update process
    • USB-based update distribution
    • No updates after initial deployment

14. Hardware Compatibility

  • Concern: Minimal desktop may have hardware compatibility issues
  • Need: Define supported hardware scope
  • Question: Should we include additional drivers or keep it minimal?

15. Testing Strategy for Air-Gapped Environment

  • Challenge: How to test an ISO designed for air-gapped use
  • Need: Testing methodology that doesn't require internet
  • Question: Should we simulate air-gapped environment during testing?

Priority Assessment:

High Priority (Blockers):

  • Q3: Compliance specificity
  • Q4: WireGuard configuration approach
  • M8: Complete package list
  • M9: Live-build configuration details

Medium Priority (Implementation Challenges):

  • TC5: Docker package availability
  • TC6: Test environment privileges
  • TC7: ISO size management

Low Priority (Nice to Have):

  • M10: Error handling strategy
  • M11: Boot security details
  • A12-A15: Additional considerations

Status: Awaiting your feedback on the above questions and concerns Next Action: Review your inline edits and address any additional points Ready for Implementation: NO - Need to resolve high priority items first

Reference in New Issue View Git Blame Copy Permalink