football/PreFlightDiscussion-03.md

Pre-Flight Discussion - Round 3

Final Clarification Needed:

Package Management Implementation Details

• Your Feedback: Remove apt execution permissions, use chattr +i, concerned about core system packages
• Question: How should we handle this in the live-build hooks?

Implementation Options:

1. In config/hooks/live/ - Modify the live system during build
2. In config/hooks/installed/ - Modify after installation but before reboot
3. Both - Ensure comprehensive removal/disable

Specific Questions:

• Should we attempt to remove apt and dpkg entirely (if possible)?
• Or just remove execute permissions and make immutable with chattr +i?
• What about package management metadata in /var/lib/apt/ and /var/lib/dpkg/?
• Should we also remove package management tools like aptitude, synaptic, etc.?

All Other Items ✅ RESOLVED:

Compliance Framework

• ✅ CMMC Level 3
• ✅ CIS Benchmark for Debian Linux + Debian STIG (last for Debian 11)
• ✅ Adapt Debian 11 STIG for Debian 13

QR Code Implementation

• ✅ zbar for scanning (no generation needed)
• ✅ Shell script for scan and config update
• ✅ Standard WireGuard QR format

Testing Strategy

• ✅ Include test suite in ISO
• ✅ Command line execution

Package Management

• ✅ Remove execute permissions
• ✅ Use chattr +i for immutability
• ? Need clarification on implementation approach

Preseed Configuration

• ✅ Timezone: US/Chicago
• ✅ Keyboard: Standard US English
• ✅ Password complexity in preseed

Secure Boot

• ✅ Include secure boot keys in ISO
• ✅ UEFI only (no Legacy BIOS)
• ✅ Measured boot

Documentation

• ✅ No user guides in ISO
• ✅ No inline help for shortcuts
• ✅ Technical documentation in repo only

---

Status: Waiting for final clarification on package management implementation Next Action: Update specification with all decisions and begin implementation Ready for Implementation: Almost there - need this final detail