Skip to content

Sprint Planning Meeting 2020 07 08

Jump to bottom
Erik Moeller edited this page Jul 9, 2020 · 1 revision

Sprint Planning Meeting, SecureDrop, July 8, 2020

Sprint timeframe: Beginning of Day (PDT) 2020-07-08 to Beginning of Day (PDT) 2020-07-22

0) Retrospective

What we said we would do:

  • Release SecureDrop 1.4.1 with fix for configuration validation

Sprint goal met. Released successfully with very fast turnaround (issue reported 6/23, release issued 6/25).

  • QA SecureDrop Workstation releases for kernel update, updater improvement, client changes

Sprint goal partially met.

  • Kernel changes in staging, QA in progress.

  • Updater improvements merged and QA'd, release-ready.

  • Client QA in progress.

  • Complete a first research spike to determine whether a server upgrade path 16.04->18.04->20.04 is feasible

Sprint goal met. Initial reports can be found in tracking issue: https://github.com/freedomofpress/securedrop/issues/4768

Additional accomplishments:

  • New test data in SD Core for client development which is already helping to uncover suspect client behavior
  • Evaluation of prototyping tools and development of read/unread prototype by Nina & Allie.
  • Successful update of HTTPSEverywhere ruleset.
  • First round of wordlist redactions.
  • CI base image update for staging-test-with-rebase will hopefully improve performance.
  • Landed community PR for reserving username "deleted".

Other team comments

What went well:

  • Community PRs saw update after we managed to provide feedback regularly.+1
  • Really appreciate that we're continously reducing the dependency on people with access to signing key to manage all the mechanics of a release.
  • Lots of knowledge transfer: packaging, template builds got fresh eyes +1
  • Looking ahead to next OS migration helps us to plan changes
  • Research/investigation tasks like Qubes backup exploration surfaced some great finds +1
  • good coordination with release tasks, a lot of updates shipped or about to be shipped
  • Dev (Allie!) pariring with UX on prototyping is extra awesome!
  • UX-Dev knowledge sharing: learning how we prepare user studies for securedrop client

What can be improved:

  • A lot of time overhead to get set up with development/testing environment(s), can be hard if only working on 1 or 2 small sprint tasks; some confusion on what works as intended in Qubes (eg testinfra test failures)

  • Delay in deployment of PR makes it hard to remember complexities involved that result in multi-implementation states being how/what they are.

  • Release mechanics are time-intensive, multiple team members spend a lot of time carrying code around in preparation for a release +1

    • Reproducible builds will help a lot (+1)

  • Qubes Workstation dev env doesn't use RPM, which hurts developers' ability to learn "securedrop-admin" (used by Admins); let's consider using RPM everywhere

    • does anyone else find the name collision problematic? (kind of? +0.5?) was thinking "sdw-admin"+1

      • ACTION: Erik to file issue for potential rename of securedrop-admin -> sdw-admin

  • Development of things related to Qubes on Qubes (for securedrop-workstation) is Pain.

    • do you mean working on upstream tools?: No, all of the templates, vms, tools, updates etc.

  • Developer documentation on troubleshooting Qubes and Updater errors +2

  • Look forward to more pairing/coworking on specific tasks

What's still a mystery:

  • Packaging is difficult (in general for any OS).

Learning time debrief

(Erik) Spent a little time stepping through Qt4(!) tutorials to get a toy app ready, will be digging more into that -- mainly aiming, in the immediate, to better understand widget reflow and window resize behavior, size hints, and the like, so we can optimize our dom0 dialogs

(kushal): Found that I don't know DNS enough, so read a lot during holidays :)

1) Review key dates and time commitments

2020-07-14             : SD 1.5.0 feature freeze / QA begins

After sprint period:

2020-07-24              : FPF holiday
2020-07-28              : SecureDrop 1.5.0 Release
                          Tails 4.9 Release
2020-07-25 - 2020-08-02 : HOPE (virtual)

Time check: https://docs.google.com/spreadsheets/d/1OXF0Jgcq2Iv--vdrwJOOwdRPFSxCXLFnwJQHlV6AJRI/edit#gid=0

2) Agree upon top 3 priorities for the next two weeks

  1. Land key changes for SecureDrop 1.5.0 and begin QA

    • Journalist Interface Warning for v2 deprecation
    • Kernel update

  2. SecureDrop Workstation component releases

    • securedrop-workstation-grsec: 4.14.169 -> 4.14.186
    • securedrop-workstation: 0.3.1 -> 0.4.0 (single-stage updater)
    • securedrop-client: 0.2.0 -> 0.2.1 (deletion fixes, CSS refactoring, no duplicate jobs)

  3. Complete read/unread research and scope first iteration

Learning objectives

  • CryptoPals (John, Kevin, Allie, Mickael)
  • Rust/OpenPGP (Kushal)
  • Go (Conor)
  • Qt4 (Erik)
  • Ansible/Molecule (Ro)

3) Select and estimate tasks

https://docs.google.com/spreadsheets/d/10E0rFegfS3XD93icN-EPDBwh6ogXCPGzWahj05a8cT0/edit#gid=0

Clone this wiki locally