-
Notifications
You must be signed in to change notification settings - Fork 685
Sprint Planning Meeting 2020 10 01
- Kev has fix ready for file handling issue, see https://github.com/freedomofpress/securedrop/pull/5549 - Kev will recommend whether or not to include in 1.6.0, if so, without string changes
- Test dependency update pending
- No QA today, revisit at RC2 level
- Pre-release messaging was dispatched yesterday
- Docs changes still pending
What we said we would do:
- Land critical changes for SecureDrop 1.6.0 and test them extensively.
- Server-side changes for seen/unseen. Need to ensure clean migration for long-running instances
Sprint goal fully met. All server-side changes landed, testing in progress per test plan.
- Land preparatory changes to complete template consolidation in the next sprint.
Sprint goal partially met. Initial research on update strategy completed:
https://github.com/freedomofpress/securedrop-workstation/issues/471
Smaller preparatory steps for full consolidation still pending (work on SecureDrop Client hostname check in progress).
- Switch staging environment for Ubuntu 20.04 to grsec-patched kernel
Sprint goal fully met.
- Kernel metapackage added via: https://github.com/freedomofpress/securedrop-dev-packages-lfs/pull/62
- First-run support for grsec kernel added via: https://github.com/freedomofpress/securedrop/pull/5518/files
- Improvements to kernel selection and paxctld logic pending, current implementation is not production-ready as it will break with updates.
Additional accomplishments:
- Reinstated demo.securedrop.org to support translators & for other purposes
- docs.securedrop.org switchover completed, additional documentation changes by Joan landed
- Bug in ID handling in securedrop-client identified, fix merged (migration still pending)
- Landed
/users
endpoint (and completed associated threat modeling) to simplify synchronization of user database in SecureDrop Client - testinfra over tor - can be run against prod instances using
securedrop-admin verify
- dev-focal target WIP: https://github.com/freedomofpress/securedrop/pull/5544
- Fix merged for securedrop deletion/queues services issue on Focal: https://github.com/freedomofpress/securedrop/issues/5522 / https://github.com/freedomofpress/securedrop/pull/5527
- Many contributions by nabla-c0d3 regarding type annotations and other cleanup
- Reply badges PR almost ready: https://github.com/freedomofpress/securedrop-client/pull/1142
Other team comments
What worked well:
- Running testinfra in Tails over tor is so much better than manual checks for QA (+1 +1)
- pre-release comms being drafted early :) -- less hectic than 1.5.0
- mickael: great collaboation and testing of complex serverside changes and migration
- initial impression on separate docs repo: it's actually quite convenient!
What can be improved:
- [ro] earlier hardware testing: kev was on it, but the deadline snuck up on me. Testing well in advance + overal hardware support strategy (this is in progress already)
- mickael: improvements to qa_loader (e.g. adding seen/unseen information, maybe adding invocation to upgrade testing scenario) +1
- Kushal: We should update the devops dependencies regularly, the random pain due to old version of things means we can ask for help in upstream channels (say molecule or testinfra/pytest).
- Conor: Kernel debugging for hardware support, let's plan to over-provision those test devices next time. Ro's been fighting an uphill battle and no one else has the exact same hardware, so she's got to document and report everything, with no one to pair directly with
- John: For API changes we should budget development time to script QA for a pretty significant net time savings.
What's still a puzzle:
-
Conor: Can we pull off template consolidation in one-pass? Kev & Conor are increasingly optimistic, but have yet to test in practice. (+1 +1)
-
[ro] Continued hardware support conversations (including decision to continue or not with NUCs)--let's have them as a team when the dust settles?
- (Conor) +1, although even before the dust settles, I'd advocate for ordering more and different (FOSS-friendly) hardware
- (Kev) I'm less into the FOSS-friendly H/W angle - if the issue is access to said hardware for corporate purchasing, then it might be worth spending time on process to allow users to check for kernel compatibility against hardware they plan to use. (+1)
- (Kushal) We have to make sure hardware is available internationally.
- (Ro) Good subject for dedicated team conversation
- (Erik) We'll discuss at future support sync. We can potentially combine a very SD-friendly recommendation with tooling that news orgs can run.
-
Are we going to be able to remove all the manual QA steps in the 1.7.0 test plan? (+1)
- +1, manual testing might make sense for 1 or 2 scenarios, but further automation and tracking results in the matrix could help us reduce the amount of scenarios we need to go though
- (though I think not) What about some Selenium+tor for QA steps?
Learning time debrief
-
(Erik) Not much progress on Qt, but spent some learning time on my Signal setup (Firejail + second Android profile) so I can switch to Signal work account; will aim to document for the org
-
(Conor) Brief spike on trying to simplify the kernel build process https://github.com/conorsch/kernel-builder - Have been test-driving this new setup with Ro during hardware support efforts
2020-10-02 : FPF Holiday
2020-10-07 : SecureDrop 1.6.0 Release
2020-10-12 : US/Canada holiday (Thanksgiving/Indigenous People's Day)
After sprint period:
2020-10-26 : Threat model discussions with auditors begin
2020-11-16 : SecureDrop Workstation audit begins
PTO check-in:
- John: maybe a day, TBD
- Mickael: 1 day, TBD
- Erik: 1 day total, October 9 & 16
- Release SecureDrop 1.6.0
- Finish template consolidation and prepare for release
- Run Focal (Python 3.8) application tests in CI