Skip to content

Sprint Planning Meeting 2019 11 20

Jump to bottom
Erik Moeller edited this page Nov 20, 2019 · 1 revision

Sprint Planning Meeting, SecureDrop, November 20, 2019

Sprint timeframe: Beginning of Day (PST) 2019-11-20 to Beginning of Day (PST) 2019-12-04

0) Retrospective

What we said we would do:

SecureDrop Core: Land must-have deliverables for 1.2.0: grsec 4.14 kernel && systemd migration

Sprint goal fully met:

  • grsec 4.14 kernel merged and ready for testing
  • systemd migration merged and ready for testing

SecureDrop Workstation: Resolve showstopper issues for workstation demos in week of November 11

Sprint goal fully met:

  • Three successful workstation demos completed (1 remote!), one more pending

SecureDrop Workstation: Finalize export USB logic (auto-attach vs. device manager) and remove persistent attachment to sd-export-usb

Sprint goal fully met:

  • Persistent attachment removed, export to LUKS volumes now works reliably using device manager
  • Our sprint commitment was to prototype auto-attachment and pick an implementation strategy, which was successfully done. Now working out the kinks w/ device manager interaction.

Additional accomplishments:

  • Responded in a timely manner to a dump of Intel vulnerabilities, including advisory and kernel updates
  • Landed community PR by Whistleblower Aid (@wbaid) for making file uploads optional
  • Landed community PR by @deeplow for further tweaks to client reply box
  • Landed community PR by @DrGFreeman for further improvements to screenshots generation
  • Facilitated community participation during Aaron Swartz Day
  • Great Buster CI & Buster template progress

Other observations:

Things that went well:

  • excellent pilot conversations w/ news orgs, high participation interest
  • extremely well-organized pilot prep! polished slide deck, specific versions to pin
  • great coordination on community PRs (spcifically wbaid)
    • definitely getting good contributions lately
  • iterative improvements in dev env

Things to improve:

  • we should make sure that we are coordinating/communicating on issues in the dev env, i think we found that multiple devs are having issues with a few aspects of staging so do feel free to speak up so we can address them
    • definitely some cobbler's kids here, but they're generally annoyances not showstoppers -- point is that I'd rather be doing "real" work than fighting with Molecule
  • Untimed PTO for kushal (I did not anticiate the problem becoming this big)
  • More publicity/coordination with Aaron Swartz Day folks ahead of time
  • kernel still requires "blocking" staging for merge and requiring rebase
    • Recommended action: Schedule a process analysis to see if we can optimize
  • Yep, need to work on that outside-PR internal comms bit, to keep UX issues within PRs less philosophically batted-around and more text w/in PRs properly actionable by volunteers

Aaron Swartz Day participation:

  • snowden bot needed for jen

    • +1, let's discuss whether jenbot > hot tub

  • an interesting experience but would probably be more SD-productive if we promoted more +1

  • in-person crowd was the smallest at ASD in recent memory (~3-4 dozen); likely due to less promotion

  • Nina asks question: is more promotion of ASD sought? Would this be an FPF priority next year?

    • It kind of depends on how much we have going on, if we are kind of heads down on something important having a large number of contributor PRs might not be the best thing (unless we can scope them well to working on the same thing we're heads down on)

      • +1, in 2018 we had the Workstation audit; somehow we still managed to solicit strong contribs

    • It typically has been. A few things have changed: 1) FPF has fewer folks in the Bay Area; 2) event organizers "assumed" our presence and didn't reach out proactively

    • I'll caution the "priority" with notice that we usually get out of the event two things: 1) a few PRs; 2) greater awareness of the SD project in particular

      • designer rubs hands together w/ evil giddy it'd be worth noting that a proper campaign to promote worldwide, with more advance notice, could help; in UX we have "Service Design Jam" and "IA Day" as 2 big/distributed events... and those have snowballed into quite awesome things, over the years. I'd personally love to see ASD mature to become the same, mostly because I loved Aaron's activist spirit and it seems like a great oppty to continue infusing those values into the hacker crowd. Lest Capitalism fully overtake.

1) Review important dates and time commitments

2019-11-20              : Feature/string freeze for SecureDrop 1.2.0
2019-11-22              : PTO: Conor (1 day)
2019-11-25 to 2019-11-27: PTO: John
2019-11-27              : PTO: Erik (0.5 day)
2019-11-28 to 2019-11-29: US Holiday: Thanksgiving
2019-12-03              : Tails 4.1 / SecureDrop 1.2.0 (RM: Kev)
                          FPF fundraising campaign launch!

Time check: https://docs.google.com/spreadsheets/d/1ShgsQrEbfVdIM9SIbZgRY407k3edZABoH6mDcrzQq1E/edit#gid=0

2) Agree on must-achieve sprint goals

  • SecureDrop Core: Successful release of SecureDrop 1.2.0 with no issues on supported hardware
  • SecureDrop Workstation: Complete transition to Debian Buster
  • SecureDrop Workstation: Complete iteration of export acceptable for beta (UI may still be in unpolished state)

3) Task selection and estimation

https://docs.google.com/spreadsheets/d/1nqr7yAHJibbfu2UfBjjpNAawk9pbwn4eBHLuYdNPkKM/edit#gid=0

4) If we have time: board review

Clone this wiki locally