-
Notifications
You must be signed in to change notification settings - Fork 687
Sprint Planning Meeting 2021 12 01
Previous sprint priorities:
-
Release SecureDrop Client 0.5.0
-
Critical bugfixes have been merged
-
Final pre-release QA is in progress
-
-
Update Fedora template to F34 for Workstation
- Changes were merged and released
-
Client localization workflows
- Consensus on initial workflow for managing translation catalogs
- Once https://github.com/freedomofpress/securedrop-client/pull/1348 is merged and the workflow is documented, we are unblocked on making the SecureDrop Client translatable
- There is an ongoing conversation on how to manage string changes in a way that minimizes translation churn and keeps review velocity high: https://github.com/freedomofpress/securedrop-client/issues/1360
Other accomplishments:
- Added onion service support to Docker-based environment
- Rebased securedrop-e2e and landed various cleanup improvements
- Updated Tor; Rust in build container; pip in packaging repo
- Hired two new full-time developers
What worked well:
- Lots of explicit testing steps around Client changes (thanks Allie for your patience!)
- proactive approach to updates/technical debt (keeping deps up-to-date despite everything else in progress, etc) +1+1
- Notifications are helping, thanks to everyone for taking the time to be responsive to new alerts
- We're quick to improve docs if we notice something that isn't captured, use of github wikis seems to help keep friction low
- Workstation developer hangouts and code walkthroughs are very useful
- New to me, I'm finding the Makefile targets for testing work smoothly 👏 (More than others I've used before.)
- Lots of knowledge sharing between team members, including updater, using toxiproxy for testing, and obs-studio +1
- just a shoutout, it's so nice to have new people on the team, looking at c and g :)
What can be improved:
- securedrop-e2e (+ securedrop@signal-proto-focal) will continue to require time-consuming maintenance (rebasing, etc.) for as long as it's a back-burnered prototype.
- still a few complex points of confusion/clarification in onboarding to our workflows; will be relevant as we onboard more people +1+1(simply so I can hear more <3)+1
- ACTION: Improve & use standard onboarding curriculum for new hires (definitely for next two, need server/workstation code walkthrus and such)
- Suggestion: curriculum is (or at least starts from) links to documentation consulted and updated continuously by the whole team, especially for process considerations. :-) (I.e., onboarding is a function of reference material.)
- release mechanics: lots of manual action by developers, and we still mandate us of the prod signing key. let's consider using individual dev keys for repo tags +1
- documentation is pretty good around releasing sdw components, but it would be helpful to document more around QA and release candidates
What's still a puzzle:
- what's the long-term plan for Onion Names? we have an issue for this already (https://github.com/freedomofpress/securedrop-https-everywhere-ruleset/issues/67), but it came up again at State of the Onion +1+1
- ACTION: Kev to poke Tor folks for further discussion (cfm happy to shadow)
- hardware situation: we haven't been bitten hard yet, but....+1 (I have a NUC 11 in FedEx limbo, will begin kernel build/testing once it arrives.) I got them too, happy to use them for testing whatever's useful.If it doesn't get out of limbo soon I may take you up on that!
What we're learning:
- I (Cory) am tinkering with Slack notifications etc. to balance focus and responsiveness....+1+1(so i can hear more about it <3)
- Finding the appropriate apporoach / balance to suggest / discuss maintenance of Client code.
- (KOG) Rust - wasm-bindgen etc.
- What do we need to do for proper E2E? Pre-encryption via GPG is fairly straightforward, replies are a pain in the posterior (alsoa good learning/duscussion topic, do we want to pursue an incremental approach? at what stage do we say goodbye to GPG?)
- Tor/DNS/OnionNames research in https://arxiv.org/abs/2110.03168:+1:
- Work life balance (as always)
- Reading about onion services atm
- Key dates and time commitments
Work schedule notes:
- Erik alternating 48+PTO / 410, always off Fridays
- Allie still on 3*10, Mo-Wed
- Gonzalo still on 3*8, Mo-Wed
- Conor will be 4*8+PTO, for always-off Fridays
- Ro still Mo-Thu ~8-10 per day
- Cory 4*~10 Mon–Thu
2021-12-06 : Erika joins the team as Outreachy intern (30 hours/week)
2021-12-08 : PTO: Conor
2021-12-13 : New full-time developer starts
2021-12-13 : Docs collaboration with DigiSec team (docs sprint):hand_up:
After sprint:
2021-12-23 to 2021-12-31: FPF break - emergency coverage: https://docs.google.com/spreadsheets/d/1CGo75HCtbqxcqpI4IX4Fai15ClI78HL5oRqTlMkyxW8/edit#gid=0
2022-01-05 : New full-time developer starts
-
SecureDrop Workstation: Release SecureDrop Client 0.5.0 Rationale: Shipping long-awaited functionality & bugfixes to end users
-
SecureDrop Server: Prepare update of Flask to version 2.0, along with associated requirements Rationale: Addressing longstanding technical debt and unblocking future security updates
-
SecureDrop Workstation: Implement "Download all files for a given Source" and finalize scope and UX for "Export all" MVP Rationale: Seen as lower-hanging fruit than "Export all for a given Source", while we define goals for "Export all for a given Source". Could be used later to enable automated downloads when exporting if we want to.
Project board: https://github.com/orgs/freedomofpress/projects/1