football/PreFlightDiscussion-03.md

# Pre-Flight Discussion - Round 3

## Final Clarification Needed:

### Package Management Implementation Details
- **Your Feedback**: Remove apt execution permissions, use chattr +i, concerned about core system packages
- **Question**: How should we handle this in the live-build hooks?

**Implementation Options:**
1. **In `config/hooks/live/`** - Modify the live system during build
2. **In `config/hooks/installed/`** - Modify after installation but before reboot
3. **Both** - Ensure comprehensive removal/disable

**Specific Questions:**
- Should we attempt to remove `apt` and `dpkg` entirely (if possible)?
- Or just remove execute permissions and make immutable with `chattr +i`?
- What about package management metadata in `/var/lib/apt/` and `/var/lib/dpkg/`?
- Should we also remove package management tools like `aptitude`, `synaptic`, etc.?

## All Other Items ✅ RESOLVED:

### Compliance Framework
- ✅ CMMC Level 3
- ✅ CIS Benchmark for Debian Linux + Debian STIG (last for Debian 11)
- ✅ Adapt Debian 11 STIG for Debian 13

### QR Code Implementation  
- ✅ zbar for scanning (no generation needed)
- ✅ Shell script for scan and config update
- ✅ Standard WireGuard QR format

### Testing Strategy
- ✅ Include test suite in ISO
- ✅ Command line execution

### Package Management
- ✅ Remove execute permissions
- ✅ Use `chattr +i` for immutability
- ? Need clarification on implementation approach

### Preseed Configuration
- ✅ Timezone: US/Chicago
- ✅ Keyboard: Standard US English
- ✅ Password complexity in preseed

### Secure Boot
- ✅ Include secure boot keys in ISO
- ✅ UEFI only (no Legacy BIOS)
- ✅ Measured boot

### Documentation
- ✅ No user guides in ISO
- ✅ No inline help for shortcuts
- ✅ Technical documentation in repo only

---

**Status**: Waiting for final clarification on package management implementation
**Next Action**: Update specification with all decisions and begin implementation
**Ready for Implementation**: Almost there - need this final detail