Skip to content

Development Roadmap

Kevin O'Gorman edited this page Dec 20, 2024 · 190 revisions

SecureDrop Development Roadmap

This document describes the current priorities for the SecureDrop project. If you have thoughts, you are welcome to file an issue on GitHub or drop by our Gitter chatroom to talk with us.

Please note that this is a tentative roadmap. As releases approach, tickets will become more fine grained. Items may be added, removed or modified. The versioning here may also change - e.g. if bugfixes need to be pushed out, there may be some deviation from this roadmap.

Current project status

Most recent release

SecureDrop 2.11.1 was released on December 19, 2024. This was a hotfix release against 2.11.0, fixing a bug that caused OSSEC to send multiple spurious alerts after falsely identifying a successful system check as failed.

SecureDrop Workstation

SecureDrop Workstation is a Qubes-based system designed to make journalists' use of SecureDrop easier and safer. It replaces the classic workflow involving a separate Tails-based Journalist Workstation and air-gapped Secure Viewing Station with a single computer, using Qubes' security features to provide an equivalent to the air gap for decrypting and viewing submissions. It also simplifies the workflow, replacing the manual process of downloading and decrypting files with a PyQT application that presents a chat-like interface for journalists.

Following the completion of a pilot programme, and the release of version 1.0.0 on Qubes 4.2 in July 2024, we are working to make SecureDrop Workstation broadly available to existing and new users of SecureDrop.

See our blog post describing future directions for Securedrop for more information on the issues that motivated both SecureDrop Workstation and future plans for a next-generation version of SecureDrop.

Roadmap

Legend

SecureDrop Core: the SecureDrop server code, and any other code required to operate a traditional SecureDrop installation. See the securedrop repository for more information. SecureDrop Core releases are coupled to the Tails release calendar where possible.

SecureDrop Workstation: an integrated workstation environment that can connect to a SecureDrop server. See the securedrop-workstation repository for more information.

Roadmap/Archive

⋯ = started
✔ = completed

Q4 2023

  • SecureDrop Workstation:

    • ✔ Update Fedora base template version to fedora38
    • ✔ Export submissions to Veracrypt drives
    • ⋯ Support viewing of additional file types
    • ⋯ Qubes 4.2 support:
      • ⋯ Update base template creation process
      • ⋯ Update Qubes RPC policy formats
      • ⋯ Simplify system provisioning
  • SecureDrop Server:

    • ✔ Use Sequioa for GPG operations
    • ✔ Use continuous workflow for localization

Q1 2024

  • SecureDrop Workstation:

    • ⋯ Add support for cancelling downloads in the SecureDrop Client - deferred to Q3
    • ⋯ Add network performance information in the SecureDrop Client - deferred to Q3
    • ⋯ Qubes 4.2 support:
      • ⋯ Simplify system provisioning (ongoing)
      • ⋯ Use Qubes updater for template updates, replacing custom update code (ongoing)
      • ⋯ Update SecureDrop Client launcher (ongoing)
      • ⋯ Improve installation process (ongoing)
      • ⋯ Add backup/restore for system configuration - deferred to Q3
  • SecureDrop Server:

    • ⋯ Add support for Tor PoW-based DDoS protection - deferred to Q2
    • ✔ Update administration tools for Tails Debian 12 upgrade

Q2 2024

  • SecureDrop Workstation:

    • ✔ Auto-resume failed downloads in SecureDrop Client
    • ⋯ Qubes 4.2 support:
      • ✔ Simplify system provisioning (ongoing)
      • ✔ Use Qubes updater for template updates, uUpdate SecureDrop Client launcher
      • ✔ Improve installation process
  • SecureDrop Server:

    • ✔ Add support for Tor PoW-based DDoS protection
    • ✔ Add API support for partial content requests
Clone this wiki locally