Sprint Planning Meeting 2021 04 15

Sprint Planning Meeting, SecureDrop, 2021-04-15

Sprint timeframe: Beginning of Day (PDT) 2021-04-15 to Beginning of Day (PDT) 2021-04-28

Retrospective

What we said we would do:

Finalize and land key deliverables for potential SecureDrop 1.8.1 release

Goal fully met. All deliverables landed (plus HTTPS fix) and released as planned.

Restore reproducibility for SecureDrop Workstation build artifacts and update documentation

Goal fully met. Reproducibility restored by switching to new build logic.

Finalize design for SecureDrop Client Safe Deletion and begin implementation

Goal fully met. Design finalized (final prototype pending delivery by Nina), implementation/planning has begun.

Additional accomplishments

~12 SDs migrated to Ubuntu 20.04, some with our help
Double-export bug fixed
dom0 RPM now builds reproducibly and no longer uses Docker
Several onion name updates
Productive meeting with translator community

Other team comments

What worked well:

Mickael helped a lot in the release process in a level there is no blocking at all.
Point release geared toward smoothing out admin experience based on frequent testing + 1 to quick release
Good feedback and development cycle on the reproducible wheels problem.+1
Great meeting and feedback from translation community+1+1+1

What can be improved:

keeping docs in sync for some areas
- +1 specifically the unattended-upgrades behavior should be more explicitly documented
get rid of those xenial codepaths. Cancel Xenial.

What's still a puzzle:

there still seem to be some glitches during Focal installs (delays that not everyone sees) +1+1
- ACTION: more research/analysis required on fresh installs
should we maintain the molecule "upgrade" scenario for focal? currently not working (with the libvirt thing this seems like actually being "revise develompent enviromments in general for Focal" - which makes sense as there's also a docs part)
- John has Qubes support for upgrade WIP, let's spike and get a PR
- To retain libvirt support, we can use the vagrant/apt setup. Maybe port to Molecule for standard interface, drop Xenial support
- Remove virtualbox support everywhere. Team isn't using it. Was intended for mac support, but now we have containerized "make dev" for that
how to manage package builds in "securedrop" as we do in "securedrop-debian-packaging"?
- https://github.com/freedomofpress/securedrop/issues/5901
- ACTION: Conor/Kushal to add some more documentation re: build reproducibility rationale in wiki

Learning time debrief

(Erik) Spent a couple of hours reading Qubes codebase re: current logic for updates of dom0 and domUs; Qubes' graphical updater
(kev) No time for learning lately - original pwk lab time expires Fri so I've extended it.
(Conor) And now for something completely different: building web-extensions in Firefox. Dug out the prior prototype work on e2e via openpgpjs.

(kushal) Looked more into Python and Rust. Also learned more bash commands :)
(mickael) no time for learning due to PTO

Review key dates and time commitments

2021-04-20: Tails 4.18 release

After sprint period:

2021-04-30: Ubuntu 16.04 end-of-life
2021-05-18: Tails 4.19 release
2021-06-01: SecureDrop 2.0.0 - Removal of Ubuntu 16.04, v2 support
2021-06-30: SecureDrop Relese Key Expiry

PTO:

2021-04-15: Kev (1/2 day), Conor (1/2 day)
2021-04-16: Mickael, Jen, John
2021-04-23: Erik, maybe Conor

3) Agree upon top 3 priorities for the next two weeks

Complete first iteration of Safe Deletion for SecureDrop Client (ready for review status)
Revise SecureDrop threat model based on auditor recommendations
Remove Ubuntu 16.04 and v2 onion service support from SecureDrop Core

4) Select and estimate tasks

https://docs.google.com/spreadsheets/d/1iN7rzE80wya__ROhc7JoncNhQJ6uTQZpPyaODYwL0HE/edit#gid=0

Provide feedback

Saved searches

Use saved searches to filter your results more quickly