Standup Notes 2019 05 21

Participants (alphabetical): Allie, Conor, Erik, Heartsucker, Jen, John, Kushal (async), Kevin, Mickael, Nina

Topics and Call-outs

Release update

• Ready for QA testing to begin, John has already picked up NUC7s. NUC5s especially
• Kev will do Mac Mini clean install today, upgrade test tomorrow
• Meltdown script is now testing for new CPU vulns, should we add those to the QA script?
  • Mickael: Yes, let's def track them in the matrix. As of Friday fixes not backported to 4.4 series kernel, though grsec has some mitigations in place. Will check if those have been backported recently. Attacker needs code execution -- risk for SD relatively low. But we should still patch when possible.
  • Potential scope of 0.13.1 point release - microcode packages, other patches for new vulns as they are backported to 4.4 series

Support sync - motion to cancel - seconded by Kev

Allie

Yesterday:

• Code walkthrough of queue.py with heartsucker

• Debug session with heartsucker to get api-queue in a working state

  • This is where we left off: https://github.com/freedomofpress/securedrop-client/pull/374#issuecomment-494155547

• PR handoff to Jen on first and last name Journalist fields: https://github.com/freedomofpress/securedrop/pull/4425 - added comments to hopefully make the handoff smoother

Today:

• Continue pair debug session with heartsucker on queue WIP PR

  • Latest issue is that the gui's separate database session is outdated after a queue job finishes a database update, so refreshing the gui will not reflect latest changes

• If all goes well, help heartsucker write tests and get queue pr in a state ready for review

Blockers or Asks:

• None

Conor

Yesterday:

• Finalized securedrop.org website upgrade (now live)
• Initial comments on packaging CI PR: https://github.com/freedomofpress/securedrop-debian-packaging/pull/44

Today:

• Backend website work (non-SD)

Blockers or Asks:

• None

Erik

Yesterday:

• Support follow up with a few news orgs who missed Xenial deadline
• Newsroom Services Coordinator hiring
• Start on pre-release messaging
• Fundraising proposal work

Today:

• Newsroom Services Coordinator hiring (2 phone screens)
• Pre-release messaging
• Work on next iteration of OTF proposal (Nina/Qubes)

Blockers or Asks:

• None

Heartsucker

Today:

• Still working on queue impl, issues we're having have to do with general architecture of the client (passing around DB objects everywhere), challenging in multi-threaded environment. API queue diff is going to be massive.

Blockers or Asks: None, queue discussion to come

Jen

Yesterday:

• merged/reviewed allie's PR in client land, John's test fixes in SD core
• filed an upstream issue for the OSSEC false positive, let's see if they say anything: https://github.com/ossec/ossec-hids/issues/1720
• added some fixes to debian packaging PR
• added some debugging notes for kushal on the crypto operations in qubes client PR
• Started working on the first name / last name PR in collab with Allie, I think i fixed tests yesterday

Today:

• first up after meetings will address the other feedback today on first name / last name

Blockers or Asks:

• None

John

Yesterday:

• finished #4451 (test flake fixes)
• reviewed https://github.com/freedomofpress/securedrop-client/pull/377 (gpg issue in Qubes)
• got partway through NUC7 QA matrix

Today:

• finishing NUC7 QA matrix

Blockers or Asks:

• Qubes? Tor? No, none.

Kev

Yesterday:

• Over the weekend, landed a couple docs PRs, cont'd learning

Today:

• Mac Mini portions of QA matrix, other release task

Blockers or Asks:

Kushal

Today:

• Reviewed https://github.com/freedomofpress/securedrop-client/pull/377 (Qubes is hard)
• Reveiw of https://github.com/freedomofpress/securedrop-debian-packaging/pull/43
• Review of https://github.com/freedomofpress/securedrop-proxy/pull/33

Tomorrow:

• Will move QA as first thing (than digging more into Qubes sadness)

Blockers or Asks:

• Need help in debugging more in client #377 PR

Mickael

Yesterday:

(Friday) Helping with release management tasks

Today:

Non-SD work, QA on NUC5s

Blockers or Asks: None

Nina

Yesterday:

• Discussion w/ Allie on pending FN/LN Admin interface PR
• Discussion w/ Allie on parallel ID Badge feature w/in Client
• Discussion w/ Erik on general priorities for the week
• Discussion w/ Erik on breaking-down Reply and Network Failure things across iterative builds; observed behavior important to evolve design!
• OTF Proposal: Budget adjustment, began project planning
• Discussion w/ Erik on OTF plan-o-attack for Proposal
• Qubes peeps emailing
• SS peeps emailing
• whew!

Today:

• Added all current/past working document links to OTF Adeventure GDoc, in new top-section for working Proposal stuff
• Screencap'd OTF application; will post that & new GDoc "worksheet" for Erik, shortly, in above named GDoc
• Continued work on OTF project planning
• Afternoon: Reply/Network failure iterative deploy wireframing
• Get back to FN/LN PR w/ counter-creep advisement, after poking around Erik's SD instance

Blockers or Asks:

• Erik: Can I be added as an Admin to your SD Instance & get creds/linx sent? Not urgent, just to get back to Allie/Jen on their pending PR