Sprint Planning Meeting 2021 03 24

#Sprint Planning Meeting, SecureDrop, 2021-03-24

Sprint timeframe: Beginning of Day (PST) 2021-03-24 to Beginning of Day (PST) 2021-04-07

1) Roadmap review

https://github.com/freedomofpress/securedrop/wiki/Development-Roadmap

2) Review key dates and time commitments

2021-03-25: Audit blog post publication (tentative) / potentially SecureDrop Export release
2021-04-01: Python safety database update

After sprint:

2021-04-13: SecureDrop 1.8.1 (tentative)
2021-04-20: Tails 4.18 release
2021-04-30: 💀 Ubuntu 16.04 end-of-life 💀

🐞 Security triage responsibility: Kev

🌴 PTO check-in:

2021-04-01/02 Mickael (tentative)

(After sprint)

2021-04-09: Erik

📖 Learning time:

• See "other sprint commitments" column on project board

Next SecureDrop Core release:

Option 1: Hold a SecureDrop 1.8.1 point release window for improvements that will ease migrations to Ubuntu 20.04, with 1 week QA period. Plausible release date: 2021-04-13 (starting QA after this sprint).

• Arguments in favor:
  • We already have identified some improvements and more may come from first migrations.
  • We want to get off Xenial ASAP; keeping 1.8.x the last Xenial release series would help accomplish that.

Option 2: Release SecureDrop 1.8.1/1.9.0 only if necessary, otherwise go straight for 2.0.0.

Option 3: Release SecureDrop 1.9.0 on Tails release schedule (2021-04-20) with misc. fixes and improvements.

ACTION: After discussion, we've settled on Option 1 for now -- a point release. We can decide not to release if we don't have a sufficient number of fixes landed, but we've tentatively scheduled 1.8.1 for April 13, 2021.

3) Agree upon top 3 priorities for the next two weeks

1. Finalize and land key deliverables for potential SecureDrop 1.8.1 release:

• Exclude SSH tor config from server restores: https://github.com/freedomofpress/securedrop/issues/5833
• Check for SecureBoot setting during install process: https://github.com/freedomofpress/securedrop/issues/5871
• Backup script fix for logos: https://github.com/freedomofpress/securedrop/issues/5868
• Focal-upgrade molecule scenario: https://github.com/freedomofpress/securedrop/issues/5512
• fwupd error in syslog, ossec alert for Focal: https://github.com/freedomofpress/securedrop/issues/5835 (scary error)

2. Restore reproducibility for SecureDrop Workstation build artifacts and update documentation

3. Finalize design for SecureDrop Client Safe Deletion and begin implementation

4) Select and estimate tasks

https://docs.google.com/spreadsheets/d/1nttAOZ2kZGArVCEnJ8hxPu_p5gcdPqXw-R_DnMvK1lc/edit#gid=0