-
Notifications
You must be signed in to change notification settings - Fork 686
Sprint Planning Meeting 2022 03 16
Must-do:
SecureDrop Workstation:
- Deletion performance improvements [partially completed]
- Qubes 4.1 compatibility [by June workstation release]
- Debian Bullseye migration [by June workstation release]
- Launch SecureDrop Client translation
- "Download all" [already merged]
SecureDrop Server:
- Improve GPG keyring management for sources
- Source Interface style changes / feature branch for Source Interface "inverted flow" (phase 1)
- Packaging & reproducibility improvements
Shared concern:
- Additional spam mitigation tools
Stretch goals:
Shared concern:
- Improvements to authentication/session management across SD Server and SD Workstation
SecureDrop Server:
- Code formatting standardization
SecureDrop Workstation:
- Read receipts
- "Export conversation"
- "Remember passphrase" for exports
- VeraCrypt support
- Multi-select for deletion?
Research:
- PGP pre-encryption via regular JS vs. browser extension
- JS code validation (e.g., Cloudflare's solution: https://blog.cloudflare.com/cloudflare-verifies-code-whatsapp-web-serves-users/ )
- Finalize spam mitgation changes for SecureDrop 2.3.0 and begin QA
Status: Fully completed; all changes (including first round of codename UX improvements) landed for SecureDrop 2.3.0.
- Merge high priority SecureDrop Client improvements: deletion, stale jobs bugfix
Status:
-
https://github.com/freedomofpress/securedrop-client/pull/1432 (merged) will speed up conversation deletion
-
draft PR ready for speeding up source deletion https://github.com/freedomofpress/securedrop-client/pull/1441
-
https://github.com/freedomofpress/securedrop-client/pull/1434 undergoing final testing
-
Complete one more round of testing of Qubes 4.1 compatibility PR and increase Qubes 4.1 familiarity across the team
Status:
- More testing required.
- We've determined that we don't need a separate yum repository endpoint.
- Realistic to get PR into reviewable state by end of this sprint (including test plan).
-
Erik alternating 48+PTO / 410, always off Fridays
-
Conor ~4*8 until April 30
-
Cory @ 4*10 Mon-Thu
- Possible offset/PTO late week of March 21 / early week of March 28; will plan around SecureDrop 2.3.0 QA and Localization Manager duties
-
Allie @ 3*10 Mon-Wed
-
Kev PTO Friday
-
Kev trying 4*10 next week (mon-thu)
-
Ro @ ~4*8-10 Mon-Thu, may be reduced due to health issues
- Ro - some unknown potential PTO in April (2-5 days)
-
Giulio ~20 hours/week (temporary increase)
-
Kunal off March 25, and possibly 28th (move-in weekend)
-
Gonzalo on break through March
-
Maeve on break through March
-
Michael off April 13/14 (buffer + travel day)
-
Abigail split day on Monday 3/21 (AM hours, break, PM hours), Abigail PTO on Friday 3/25
2022-03-21: SecureDrop 2.3.0 pre-release announcement
2022-03-28: SecureDrop 2.3.0 release
After sprint period:
2022-04-05: Tails 4.29 released
2022-04-07 - 2022-04-12: cfm possible offset/PTO; TBD
2022-04-12: SecureDrop Workstation release train
Security triage: Giulio
Support triage: Kunal
- Complete QA for SecureDrop 2.3.0 and release it
Rationale: Per release calendar. Includes high priority spam mitigation functionality.
Current state:
- RC1 is cut, but initial testing has shown a few release blockers that are being resolved.
- RC2 might not be out until tomorrow
- QA matrix and test plan are ready (thanks Kunal!)
- Get Qubes 4.1 compatibility PR to be ready for review, including full test plan
Rationale: Qubes 4.0 EOL is approaching (August); 4.1 offers other important benefits such as a newer dom0 version of Fedora.
- Conor continuing investigation of existing PR, may rope in Michael again for further changes
- Conor/Allie to collaborate on review and testing
- Ro available for testing
- Kev interested in testing if possible alongside 2.3.0
[Discussion of security focus areas]