- Include MIT disclaimer and add copyright
- Clarify use of tightly coupled process intended for offline package installation (bootable images already presumed to be verified through via external documentation)
- Specify appropriate use of secure imaging host (imaging purposes only)
- Provide link to Tails installation guide
- Cleanup verbiage throughout using more direct procedural language
- Rearrange paragraphs as needed to address disparities in logical flow of procedures, as in C/CD Considerations
- Clarify hardware requirements for devices elected for air-gap use (e.g. SD card)
- Reiterate verification requirements for Alpine Linux, citing both official sources and additional evidence sources
- Add callout (3b) to fetch additional packages required for offlnie work in the air-gapped environment and thus rename gpg-bundle-* to airgap-bundle-*
- Add explicit step to visually inspect and note SHA256 checksum of air-gap bundle before continuing (required for later verification)
- Parameterize device paths when referencing use of removable storage medium
- Note alternate use of repeating section 1.2.1 over current SD card (used for offline package retrieval)
- Cleanup additional post-installation setup tasks introduced elsewhere in, else considered outside the scope of this document
- Demonstrate use of `&&` for requiring SHA256 to be valid before allowing air-gap bundle to be extracted and installed
- Include sample command for listing key certifications during GPG environment verification (--list-sigs)
Begin reworking user stories as more procedural for brevity and procedural specificity (clarity)
- Establishing a Secure Image Host
- Use Tails OS as an Intermediary
- Use the target OS to download packages
- Acquire the target image
- Boot the target image and download OS packages
The "clean plate" analogy is becoming more prominent (recurring), potentially indicating an accessible codename suitable for this document.
