Skip to content

Sprint Planning Meeting 2021 12 01

Erik Moeller edited this page Dec 2, 2021 · 2 revisions

Sprint Planning Meeting, SecureDrop, 2021-12-01

Sprint timeframe: Mid-Day (PST) 2021-12-01 to Mid-Day (PST) 2021-12-15

1) Retrospective

Previous sprint priorities:

Other accomplishments:

  • Added onion service support to Docker-based environment
  • Rebased securedrop-e2e and landed various cleanup improvements
  • Updated Tor; Rust in build container; pip in packaging repo
  • Hired two new full-time developers

What worked well:

  • Lots of explicit testing steps around Client changes (thanks Allie for your patience!)
  • proactive approach to updates/technical debt (keeping deps up-to-date despite everything else in progress, etc) +1+1
    • Notifications are helping, thanks to everyone for taking the time to be responsive to new alerts
    • We're quick to improve docs if we notice something that isn't captured, use of github wikis seems to help keep friction low
  • Workstation developer hangouts and code walkthroughs are very useful
  • New to me, I'm finding the Makefile targets for testing work smoothly 👏 (More than others I've used before.)
  • Lots of knowledge sharing between team members, including updater, using toxiproxy for testing, and obs-studio +1
  • just a shoutout, it's so nice to have new people on the team, looking at c and g :)

What can be improved:

  • securedrop-e2e (+ securedrop@signal-proto-focal) will continue to require time-consuming maintenance (rebasing, etc.) for as long as it's a back-burnered prototype.
  • still a few complex points of confusion/clarification in onboarding to our workflows; will be relevant as we onboard more people +1+1(simply so I can hear more <3)+1
    • ACTION: Improve & use standard onboarding curriculum for new hires (definitely for next two, need server/workstation code walkthrus and such)
    • Suggestion: curriculum is (or at least starts from) links to documentation consulted and updated continuously by the whole team, especially for process considerations. :-) (I.e., onboarding is a function of reference material.)
  • release mechanics: lots of manual action by developers, and we still mandate us of the prod signing key. let's consider using individual dev keys for repo tags +1
  • documentation is pretty good around releasing sdw components, but it would be helpful to document more around QA and release candidates

What's still a puzzle:

  • what's the long-term plan for Onion Names? we have an issue for this already (https://github.com/freedomofpress/securedrop-https-everywhere-ruleset/issues/67), but it came up again at State of the Onion +1+1
    • ACTION: Kev to poke Tor folks for further discussion (cfm happy to shadow)
    • hardware situation: we haven't been bitten hard yet, but....+1 (I have a NUC 11 in FedEx limbo, will begin kernel build/testing once it arrives.) I got them too, happy to use them for testing whatever's useful.If it doesn't get out of limbo soon I may take you up on that!

What we're learning:

  • I (Cory) am tinkering with Slack notifications etc. to balance focus and responsiveness....+1+1(so i can hear more about it <3)
  • Finding the appropriate apporoach / balance to suggest / discuss maintenance of Client code.
  • (KOG) Rust - wasm-bindgen etc.
  • What do we need to do for proper E2E? Pre-encryption via GPG is fairly straightforward, replies are a pain in the posterior (alsoa good learning/duscussion topic, do we want to pursue an incremental approach? at what stage do we say goodbye to GPG?)
  • Tor/DNS/OnionNames research in https://arxiv.org/abs/2110.03168:+1:
  • Work life balance (as always)
  • Reading about onion services atm

2) Key dates and time commitments

Work schedule notes:

  • Erik alternating 48+PTO / 410, always off Fridays
  • Allie still on 3*10, Mo-Wed
  • Gonzalo still on 3*8, Mo-Wed
  • Conor will be 4*8+PTO, for always-off Fridays
  • Ro still Mo-Thu ~8-10 per day
  • Cory 4*~10 Mon–Thu
2021-12-06              : Erika joins the team as Outreachy intern (30 hours/week)
2021-12-08              : PTO: Conor
2021-12-13              : New full-time developer starts
2021-12-13              : Docs collaboration with DigiSec team (docs sprint):hand_up:

After sprint:

2021-12-23 to 2021-12-31: FPF break - emergency coverage: https://docs.google.com/spreadsheets/d/1CGo75HCtbqxcqpI4IX4Fai15ClI78HL5oRqTlMkyxW8/edit#gid=0
2022-01-05              : New full-time developer starts

3) Sprint priorities

  • SecureDrop Workstation: Release SecureDrop Client 0.5.0 Rationale: Shipping long-awaited functionality & bugfixes to end users

  • SecureDrop Server: Prepare update of Flask to version 2.0, along with associated requirements Rationale: Addressing longstanding technical debt and unblocking future security updates

  • SecureDrop Workstation: Implement "Download all files for a given Source" and finalize scope and UX for "Export all" MVP Rationale: Seen as lower-hanging fruit than "Export all for a given Source", while we define goals for "Export all for a given Source". Could be used later to enable automated downloads when exporting if we want to.

4) Select and estimate tasks

Project board: https://github.com/orgs/freedomofpress/projects/1

Clone this wiki locally