-
Notifications
You must be signed in to change notification settings - Fork 687
Roadmap Archive
Erik Moeller edited this page Mar 15, 2022
·
6 revisions
⋯ = ongoing
✔ = completed
✘ = not completed
-
SecureDrop Workstation:
-
Research/Prototyping:
- ⋯ Additional research & prototyping re: export methods (USB or networked), export to VMs; begin researching user needs around redaction
- ⋯ UX design exploration around consolidated update experience
- ✔ Investigate static code analysis tools
-
Development:
- ✘ P1: Reliably synchronize user database in anticipation of features that require attribution (e.g., seen at message level)
- ✔ P2: Improvements to deletion UI in SecureDrop Client
- ⋯ P4: Iterative towards flexible grid system for the Client to allow for smaller window sizes and screen resolutions
-
Research/Prototyping:
-
SecureDrop Core:
-
Development:
- ✔ P1: Focal support and migration plan/docs for Focal upgrade (may require code changes)
- ✔ P2: Improvements to source account deletion UX in Journalist Interface
- ✔ 2021-01-26: SecureDrop 1.7.0: Org name support; improved v2/v3 warnings; switch to PNGs for Journalist Interface; expanded language support; misc. developer-focused changes
- ✔ 2021-03-11: SecureDrop 1.8.0: Focal support (and associated docs/migration tooling); built-in end-of-life for Xenial support; require v3 for fresh installs; expanded hardware support via new kernel
-
Development:
- ✔ 2021-04-14 - SecureDrop 1.8.1: mainly fixes in support of Ubuntu 20.04 migrations
- ✔ 2021-04-30 - Ubuntu 16.04 Xenial is end-of life
- ✔ 2021-05-18 - SecureDrop 1.8.2: new keyring shipped to servers; bugfixes
- ✔ 2021-06-30 - 2016 SecureDrop Release Key expires (key rotated to 2021 key)
-
SecureDrop Workstation:
-
Research/Prototyping:
- ⋯ Workstation i18n
- ✘ User research, design iterations, technical research related to redaction tooling and journalist workflows
- ✘ Research into pyside2 as an alternative to pyqt, as part of improving dependency management story
-
Development
- ✘ Updater stability improvements
- ⋯ Follow-up work from audit findings
- ✔ Begin work on Safe Deletion implementation for SecureDrop Client
- ✔ Begin documentation of backup/restore story
-
Research/Prototyping:
-
SecureDrop Server:
-
Development:
- ✔ SecureDrop 2.0.0: Focal/v3-only release; removal of Flag for Reply functionality
- ✔ Ramp up v3 migration & LTS messaging (Twitter, Support Portal)
-
Research/Prototyping:
- ✔ Initial prototyping of e2e encryption using Signal Protocol, see https://github.com/freedomofpress/securedrop-e2e/
- ✘ Reproducible builds for securedrop-app-code. Progress towards reproducible wheels for Focal.
-
Development:
-
Cross-project:
-
Research/Prototyping:
- ⋯ Broaden team understanding of E2E encryption options, esp. Signal Protocol, through continued E2E workgroup
- ✘ Prototype a lightweight SecureDrop Server implementation in Rust (e.g., feature parity with signal-proto branch)
- ✘ Evaluation of 1-3 SecureDrop alternatives (e.g., ease of setup, usability, security) to broaden team knowledge
-
Research/Prototyping:
-
SecureDrop Workstation:
-
Research/Prototyping:
- ⋯ Qubes 4.1 compatibility/support
-
Development:
- ⋯ Finish and ship Safe Deletion and other unreleased fixes
- ✘ "Export all" feature
- ⋯ Make SecureDrop Client translatable via Weblate
- ✘ [Tentative] Export to VM / integration of sanitization tools
-
Research/Prototyping:
-
SecureDrop Server:
-
Development:
- ✔ CI performance and reliability fixes
- ✘ RC build automation
- ✘ Achieve fully reproducible package builds for securedrop-app-code
- ✘ Enable
black
code formatting on SD server repo - ✔ Improve screen reader support for Journalist Interface and Source Interface
-
Development:
-
Cross-project
- ✔ Hire and onboard 2-3 new team members
- ✔ Onboard Outreachy intern
-
SecureDrop Server:
- ✔ First round of accessibility improvements
- ✔ Increase robustness of Tails updates
- ✔ Improvements to session management
- ✔ Increase 2FA secret length
- ✔ Switch to TLSv1.3
- ✘ Improvements to database integrity and constraints
-
SecureDrop Workstation:
-
Releases/Key Dates:
- ✔ Opportunistic component releases
- ✔ (April 2020) Pilot begins
- ✔ (before June 30) SecureDrop keyring update
- ✔ (before May 26) fedora-31 update
-
Development:
- ✔ Support for RPC policy changes for copy/paste & logs export
- ✔ Misc. stability and performance improvements
- ✔ Make preflight updater single-stage, improve UX [not released yet]
- ✔ SecureDrop Client stability improvements around source deletion [not released yet]
- ✗ Support multiple resolutions in the SecureDrop Client [ongoing, sliding into Q3]
-
Developer-Focused Changes:
- ✔ Add SecureDrop Client Integration testing to test styling throughout the client UI
- ✔ SecureDrop Client CSS refactoring
- ✗ Add developer documentation around debugging and building Qt [ongoing, sliding into Q3]
-
Support/outreach:
- ✔ Support pilot participants
-
Research/prototyping:
- ✔ Design/research options for “Export to VM” workflow in the SecureDrop Client
- ✗ Design/research options for read/unread in the SecureDrop Client [ongoing, sliding into Q3]
- ✔ Research interviews with pilot participants
-
Releases/Key Dates:
-
SecureDrop Core:
-
Releases/Key Dates:
- ✔ (May 13) SecureDrop 1.3.0
- ✔ (June 17) SecureDrop 1.4.0
- ✔ (June 25) SecureDrop 1.4.1
- ✔ (before June 30) SecureDrop keyring update
- Development:
-
- ✔ Small improvements to Source UI
- ✔ Security/maintenance focus
-
Support/outreach:
- ✔ Promote HTTPSE Rulesets for opt-in pilot
-
Research/prototyping
- ✔ Collaboration with Tor Project on Onion Names via HTTPSEverywhere
- ✔ First exploratory spikes for Ubuntu 18.04/20.04 upgrade
-
Releases/Key Dates:
-
SecureDrop Workstation:
-
Releases/Key Dates
- ✔ Opportunistic component releases
- ✗ (~August) Pilot ends [extended into 2021 w/ additional participants]
-
Development:
- ✗ P1: Template consolidation [sliding into Q4]
- ✗ P2: Read/unread support [sliding into Q4]
- ✗ P3: Reply badges (attribution of journalist authors to each other) [sliding into Q4]
- ✔ Support multiple resolutions in the SecureDrop Client
-
Developer-Focused Changes:
- ✗ Add developer documentation around debugging and building Qt [small, ongoing progress]
- ✗ Build automation for workstation subprojects (reduce developer time consumed with preparing releases) [small, ongoing progress]
- ✗ Integration testing for workstation components [deferred for now]
-
Support/outreach:
- ✔ v2 Onion service deprecation announcement
- ✗ Decommission pilot users or support long-term production usage [extended pilot w/ additional participants]
-
Research/prototyping:
- ✔ Design/research options for read/unread in the SecureDrop Client
- ✔ Reproducible build spike to support improvements to build automation
- ✗ Tipline integration (Signal) support
- ✗ Exploration on redaction and sanitization workflows
-
Releases/Key Dates
-
SecureDrop Core:
-
Releases/Key Dates:
- ✔ (July 28) SecureDrop 1.5.0
-
Development:
- ✔ Deprecation warning for v2 onion services
-
Support/outreach:
- ✔ Migration to v3 onion services (with HTTPS Everywhere?) [ongoing]
-
Research/prototyping:
- ✔ Deeper investigation of first findings from Ubuntu 18.04/20.04 spikes
- ✗ Decision on HTTPSEverywhere pilot, SecureDrop.org integration [sliding into Q4]
- ✗ Journalist API v2 improvements [deferred for now]
- ✗ Source Interface user research: codename UX [deferred for now]
-
Releases/Key Dates:
-
SecureDrop Workstation:
-
Research/Prototyping:
- ✔ SecureDrop Workstation Audit 2
-
Development:
- ✔ P1: Finalize template consolidation
- ✔ P2: Highlight sources with unseen submissions in the SecureDrop Client (pending SecureDrop 1.6.0)
- ✔ P3: Complete work on reply badges
-
Support:
- ✗ Onboard new pilot orgs [ongoing but no new participants on-boarded yet]
-
Research/Prototyping:
-
SecureDrop Core:
-
Releases/Key Dates:
- ✔ (October 7) SecureDrop 1.6.0
-
Development:
- ✗ Dual support for Ubuntu 16.04 and Ubuntu 20.04 [a lot of progress, but completion still pending in Q1 2021]
-
Support:
- ✗ Ramp up v3 migration & LTS messaging (Twitter, Support Portal) [deferred to Q1 2021]
-
Research/Prototyping
- ✔ Investigate reproducible builds for core packages
- ✔ Begin research into paths off python-gnupg (consider AGE, x25519), opportunistic end-to-end encryption
-
Releases/Key Dates: