-
Notifications
You must be signed in to change notification settings - Fork 686
Sprint Planning Meeting 2019 05 15
Note: This sprint ends on a Thursday to account for the release on May 29.
Board review: https://github.com/orgs/freedomofpress/projects/1
What we said we would do:
1. Leverage PyCon "sprints" to make progress on functionality required for the SecureDrop Workstation, e.g., support for real names in Journalist Interface
Sprint goal partially met:
- Significant progress towards real names in Journalist Interface ( https://github.com/freedomofpress/securedrop/pull/4425 )
- Effective knowledge sharing re: Qubes & workstation release process among team members
- Limited community engagement across repos, mostly around type hinting
- New mailing list created for diff review by other projects - https://mail.python.org/archives/list/[email protected]/
2. Create draft UX research plan and begin replenishing the research subject pool
Sprint goal not met:
- Initial discussions re: research goals, SecureDrop User Survey, but no plan ready for review yet
3. Provide clearer end user documentation for backups, recovery & workstation repovisioning; admin handover
Sprint goal partially met:
- Documentation for workstation backup/restore completed
- Documentation for workstation reprovisioning in progress
Free-form comments:
PyCon feedback:
Kushal:
- Our packaging steps worked well and we are going to have better documentation in future. Kushal
- Demoed our wheel building + FPF index + package building to many security/Python packaging team, and all of them said this is the only way currently to make sure that the dependencies are clean (including our reading of source code diff)
John:
- Maybe next year we should split the sprint days/effort between our contributors and helping projects we depend on (cryptography, etc.) +1 not everyone needs to be on the table(kushal)
- Kushal: Jen started contributing to CPython :) (means more core developers in the team in future lol)
Other comments:
- it would be useful to go to more local pycons to work closely with other python developers in the community interested in long-term contribution to SD
Other sprint feedback:
- Qubes-related review remains slow, partially due to functional testing requirements, partially due to knowledge gap (speaking for myself, it's mostly the latter -- lots of redoing steps because of constructing domains poorly)
- Rapid turn around on docs requests, mostly thanks to Kev, really keeping things in shape
Possible actions:
- More continuous PR review within Qubes
- Recommendation: Watch Micah Lee's HOPE talk re: Qubes @ https://www.hope.net/schedule.html#-qubes-os-the-operating-system-that-can-protect-you-even-if-you-get-hacked-
- Mickael potentially willing to give presentation to go more into more detail -- maybe in NYC? All-staff might be a good opportunity, if a bit late
2019-05-15 : Feature and string freeze for SecureDrop 0.13.0 (EOD PDT)
2019-05-13 to 2019-05-17: Allie @ Recurse Center (slightly reduced hours)
2019-05-16 to 2019-05-17: Mickael at security conference
2019-05-20 : Canada Holiday: Victoria Day
2019-05-27 : US Holiday: Memorial Day
2019-05-29 : SecureDrop 0.13.0 release. RM: Kev, Deputy RM: John
Time check: https://docs.google.com/spreadsheets/d/1HOSRVPFcYeo8rYLs_YkpXTz0S0yNvQ6qwHA0EEQ1r8k/edit#gid=0
Proposed:
-
Ensure a smooth release of SecureDrop 0.13.0 (high risk areas include migration towards sha256 calculation of file checksums)
-
Create first WIP implementation of SecureDrop Client queue
-
Complete transition to RPM for SecureDrop Workstation config packaging
https://docs.google.com/spreadsheets/d/10TrLVEdlFjCOQRGNezhMpo-Q9GlSA46wnk11WJ1MRmw/edit#gid=0
(We focused on board review given time constraints)
Yesterday:
- sd core: first and last name pr ready for review
- client: refresh polishing styling pr
Today:
-
client: review client #362 remove timeouts
-
client: respond to refresh polishing styling pr feedback
- meet with nina to demo this
-
client: spend more time reviewing heartsucker's queue branch
-
client: work on finishing WIP PR for message previews
-
sd core: fix failing tests that were passing locally on securedrop first and last name pr
- meet with nina to demo this
Blockers or Asks:
- none