Sprint Planning Meeting 2021 09 29

Sprint Planning Meeting, SecureDrop, 2021-09-29

Sprint timeframe: Beginning of Day (PDT) 2021-09-29 to Beginning of Day (PDT) 2021-10-13

1) Retrospective

Previous sprint priorities:

• Review key changes for SecureDrop 2.1.0, with priority on community PRs (2FA improvements, scrypt/session management)

  • Above changes have landed, and we are considering an additional fix to help journalists/admins with Tails updates

• Land CI performance improvements and fixes, including moving staging-test-with-rebase to nightly & release branches

  • Significant CI improvements, including improved test parallelization

• Finish bugfixes/QA and aim to release SecureDrop Client 0.5.0

  • Bugfixes still in progress; Allie/Conor have been pairing on resolving

Other accomplishments:

• Landed first round of accessibility improvements, focusing on SecureDrop Source Interface
• Fixed issue with staging environment failing during multiple provisioning runs
• Created a more prod-like development environment for SecureDrop Client on Debian systems/VMs
• Landed SecureDrop Client translation workflow changes, some infra changes (and actual translation workflow rollout) still pending
• Dependency updates across the board
• Hiring, hiring, hiring!
• We received a $5.8M multi-year grant largely dedicated to the future of SecureDrop, a huge step in the project's long term sustainability and technical viability.

Other team comments & learning time notes:

• Big thanks to Kushal for his time @ FPF and for staying on as a SecureDrop maintainer!

• Proposal: Let's explicitly agree to slow down release cadance a bit after next round of releases.+1

  • Kev: Some concern around build-up of work -> longer testing cycles.

  • Conor: Good point! If we merge complex changes, that will balloon testing obligations. Let's be mindful of complexity of changes we are merging.

  • Ro: Are you proposing that entire dev cycle be slowed so that we're not merging tons of stuff and letting it pile up, or that we release less frequently?

  • Conor: Both.

  • Erik: Recommend we do a quarterly planning check-in soon.

  • Kev: We've previously said every second Tails release before.

  • Conor: I would suggest explicitly decoupling from Tails schedule for now.

  • Kev: In favor of being mindful of when to release, but want to make sure we do releases, which will help everyone get up to speed.

  • Allie: In favor of slowing down a bit for now. Acknowledging reality.

  • Agreement for now: We will be more explicitly discussing release schedules and obligations, with an eye to team capacity.

• Learning time: Great Rust content in the #learning channel recently, thank you to all contributing there. -Conor

• cfm learning time: Little bit of Rust; recently mostly Terraforming QA environments (https://github.com/cfm/terraform-metal-securedrop-production). :-)

• Thanks to Allie for making a lot of time for pairing (in addition to onboarding and hiring meetings!). Really helping to orient me on client/qt dev -Conor

• Moving a google doc or sheet to a shared folder is hard +1

• Thank you guys for taking the time for onboarding!!! I've participated in some amazing walkthroughs :) <3

2) Key dates and time commitments

2021-09-29              : SecureDrop 2.1.0 branch cut: QA / feature freeze
2021-09-30              : Abigail's first (half-)day as Newsroom Services Coordinator

October                 : Outreachy contribution period (if we are approved)

2021-09-30 to 2021-10-01: PTO: Allie
2021-10-01              : PTO: Erik
2021-10-04              : Allie switches to 3*10 schedule
2021-10-05              : Tails 4.23 release
2021-10-06              : SecureDrop 2.1.0 pre-release announcement
2021-10-08              : PTO: Erik
2021-10-11              : US/Canada: Holiday (Indigenous People's Day / Thanksgiving)
2021-10-13              : SecureDrop 2.1.0 release [maybe defer to Thursday given ^^]

Past sprint period:

2021-10-15 to 2021-10-18: PTO: Conor
2021-10-25 to 2021-10-29: cfm reduced availability (TBD)
2021-10-15 to 2021-11-15: PTO: Ro
Sometime in October     : Erik travels to Canada, for reals

3) Top priorities

• QA and release SecureDrop 2.1.0
• Finish key SecureDrop Client bugfixes for 0.5.0 release:
  • https://github.com/freedomofpress/securedrop-client/issues/1285
  • https://github.com/freedomofpress/securedrop-client/issues/1286
  • https://github.com/freedomofpress/securedrop-client/issues/1290
• Complete first round of candidate review for open positions

Release-specific discussion

• Testing of session management

  • In initial testing, we hit some issues when there were multiple wsgi worker processes running. Will add specific steps to the test plan for that.

• Testing TLSv1.3 changes

  • Change by evilalive. Requires that server is set up with HTTPS enabled, for which we have a helper script - will add notes to the test plan.

• Testing new 2FA secret length

  • Also evilalive change. Should be backwards-compatible -- existing 2FA secrets should still work, but new secrets will be longer, and corresponding QR code will be larger.

  • requires docs screenshots run

Task selection and estimation

https://github.com/orgs/freedomofpress/projects/1