Skip to content

Sprint Planning Meeting 2020 10 28

Erik Moeller edited this page Oct 28, 2020 · 1 revision

Sprint Planning Meeting, SecureDrop, 2020-10-28

Sprint timeframe: Beginning of Day (PDT) 2020-10-28 to Beginning of Day (PDT) 2020-11-12

1) Retrospective

What we said we would do:

  • Merge template consolidation changes, draft test plan, and begin QA, aiming for consolidated release early in the next sprint.

Sprint goal fully met. QA so far has been mostly focused on the template consolidation changes, but some light QA of SecureDrop Client changes has already taken place in prep for full pre-release QA.

  • Update our hardware recommendations for SD Workstation and SD Core

    • Test & document the most supportable way to install SD on NUC8

    • Test T490, attempt to get Ethernet support working

Sprint goal partially met. T490 (8th gen) docs fleshed out, tested, and merged. Workable procedure for NUC8 has been developed, write-up in progress.

  • Land pending Focal support PRs & fixes, and fix additional test failures for app and infra tests

Sprint goal not met. Fix for GPG error and improvements to staging env merged, Focal dev env support still in development.

Additional accomplishments

  • Fully functional implementation of "seen/unseen" support in SecureDrop Client exists as draft PR, and dev environment now pre-loads useful seen/unseen testing data

  • Landed community PR by @DrGFreeman to replace FontAwesome glyphs in JI with PNGs, which avoids glitchy rendering in Tor "Safest": https://github.com/freedomofpress/securedrop/pull/5593

  • Landed additional type annotation community PRs by @nabla-c0d3, including full converage for the journalist app

  • Iterated on UX design ideas for "Safe Deletion" improvements and began development of UX research plan

  • released securedrop-sdk 0.2.0 for seen/unseen support

Other team comments

What worked well:

  • The templates, they are consolidating!+1
  • We are getting some super solid community contributions. +1+1
    • Question: are these in any way related to hacktoberfest, or independent? Kushal thinks totally independent.+1
  • increasing traction + interest in friendly onion names; good chance to connect with instances+1 +1 +1 but are onion names closer to a permanent TBB feature now?
  • apt channel for template-consolidation to test packages +1

What can be improved:

  • The templates, they could be changing without user intervention?
  • pre-updating the updater to pull in provisioning changes?
  • versioning the VM architecture?
  • using Salt environments? (Might not survive 4.1)
  • Testing anything dom0 related, such as template consolidation, is a bear.
  • Consolidation PR 619 stayed in PR for a long time, maybe we could have merged sooner and proceeded with QA - Not sure I agree, wasn't in a workable state for QA until recently (Conor I agree, frankly, I think the timing hit a sweet spot)
  • (kushal) Large pr on dependency update, taking too much time to move forward.+1
    • (conor) this is paying down tech debt, will always hurt to update these after not updating these for years. We can consider updating dependencies regularly
  • wheel build process requires several PRs +1
    • (Mickael) Let's pull in reproducibility/automation improvements soon
  • in general, the packaging tasks can be a bit humdrum
  • backup and restore story, in particular restore from scratch: docs and/or process, tbd

What's still a puzzle:

  • major changes to workstation provisioning code
    • Kev: let's make sure to file a few issues after release
    • (Erik) Would it be useful to set up a knowledge share re: securedrop-workstation architecture & updater logic to make sure the whole team [ro: and DST] is up to speed on post-consolidation architecture?+1 +1+1 +1

Learning time debrief

  • (Erik) Cont'd PyQt5 learning, this time focusing on threads and concurrency
  • Kushal: Had to install Fedora33 on T14 for audio + comeback from sleep. And then over the holidays (with help from vagarnt packager and molecule+ molecule_vagrant authors)managed to run staging on Fedora with latest Molecule.
    • Also, managed to run the dev container + build containers on podman rootless containers. Much safer than allowing my normal user to dokcer daemon.
  • Kev: zero learning time :( need to start carving that out again as of this Thu
  • Conor: needed a break from packaging, spent ~1hr looking at blacklight js code. We've discussed adding to STN, no active work on that front
  • John: made some progress on tracker workflow; we're looking at whether it still needs GitHub, or whether everything can be done in google apps, which would eliminate any extra infra requirements like webhook listeners.
  • mickael: zero learning time, but interested in looking into package reproducibity this sprint

2) Review key dates and time commitments

2020-10-30              : FPF Holiday
2020-11-03              : US election
2020-11-04              : SecureDrop Workstation 0.5.0 Release
2020-11-06              : 0.5 day PTO: Erik
2020-11-09              : Audit installations start
2020-11-11              : US Holiday: Veterans Day

After sprint period:

2020-11-16              : SecureDrop Workstation audit begins
TBD                     : SecureDrop Client release with seen/unseen

Additional PTO:

  • Kushal may take November 10
  • Allie (for next sprint Nov 16-17)

3) Agree upon top 3 priorities for the next two weeks

  1. QA and release SecureDrop Workstation 0.5.0
  2. Review and land seen/unseen changes in SecureDrop Client
  3. [Repeat] Land pending Focal support PRs & fixes, and fix additional test failures for app and infra tests

4) Select and estimate tasks and agree on sprint responsibilities

Bugcrowd/Vulnerabilities triage: John

https://docs.google.com/spreadsheets/d/1xBo7G1CJ-t4y6HT-HCYqQ3Qj-GKYOeAKt4vxdoAbdug/edit#gid=0

Clone this wiki locally