-
Notifications
You must be signed in to change notification settings - Fork 685
Sprint Retrospective 2021 12 15
Erik Moeller edited this page Dec 16, 2021
·
1 revision
Top priorities:
- SecureDrop Workstation: Release SecureDrop Client 0.5.0
Shipped SecureDrop Client release and 0.5.1 follow-up (we'll dive further into that next week)
-
SecureDrop Server: Prepare update of Flask to version 2.0, along with associated requirements
-
wtforms update has landed: https://github.com/freedomofpress/securedrop/pull/6190
-
Review of https://github.com/freedomofpress/securedrop/pull/6160 in progress
-
Other type-checking related changes will be needed (issues TK)
-
-
SecureDrop Workstation: Implement "Download all files for a given Source" and finalize scope and UX for "Export all" MVP
-
Mid-sprint we agreed to focus on scoping on "Download all"
-
Prepared feature branch, extracting components from widgets.py; see https://github.com/freedomofpress/securedrop-client/pull/1369 and linked PR
-
Other accomplishments:
- Landed "Remind me later / Update now" options for SDW notifier
- Landed tooling for continuous translation updates to SD Client
- Documentation (WIP securedrop-client#1304): https://github.com/freedomofpress/securedrop-client/wiki/Internationalization
- Removed "Refresh codename" feature in preparation for further Source Interface improvements
- Scoped first round of Source Interface improvements w/ Nina (issue TK)
- Scoped initial changes to deleted user management on SD Server
- Landed community improvements to SI/JI headers
- Fixed long-standing bugs in OTP secret management (merge TK)
- Cleaned up developer environment for SecureDrop Workstation updater
- Welcomed a new team member (and an intern!) to the project!
- Good news on funding front
What went well:
- Scoping of the "Download All" feature was effective and clarifying (MoSCoW)
- Figma is nice to use for collaboration between design and dev
- sdw hangouts/team process discussions are helpful, as are the refinements (eg dedicating some time to step through a PR or some code and some time to raise other issues)+1
- We welcomed Erika :)+1+1
- We welcomed Michael =)+1+1
- process improvement suggestions, targeting where we can distribute knowledge better (see "what can be improved" below); appreciated everyone's willingness to try a new format for exploring these questions together
- scoping for inverted flow was speedy and iterative (thanks to the MoSCoW format introduced by Gonzalo above)(-> Erik!)
- Despite lack of compatibility, SDW on Qubes 4.1 seems to be possible to achieve with a little manual intervention
- clearer handoff of review of accessibility-related work; thanks so far to Saptak and in advance to Kev :-)
What can be improved:
- stronger documentation and team familiarity with incident response, coordination roles, and off-hours/on-call escalation. +1
- Concrete process suggestions from December 2 retrospective: https://docs.google.com/document/d/1-vFrGIc4H-5i_G6R9J5uQaXAtR6UQDZPr7yKGHKZW44/edit#heading=h.lhqmykx0adic
- Proposal/discussion/correction/review process is slower than I anticipated, I think that's something we probably should iterate on as a delivery-speed investment+1 +1
- It may be worth considering processes like https://martinfowler.com/articles/ship-show-ask.html when working in feature branches +1
- (Kev) I can see ship/show/ask approach working in web app -- but in application-style release schedule, you may be deferring a bunch of testing to release time, which would make release painful
- (Ro) Part of the issue may be branching/review; part of it may be time estimation. Are we leaving enough time for review?
- (Gonzalo) I'd love to try the show/ask subset (where "show" is reserved to PRs tthat are merged into feature branches). I think that would allow to balance small PRs (ease of review) and perspective (how a series of changes work together to achieve a given outcome).
- cfm: have not been fitting in my own learning time; want to resume that +1+1
- Time estimation/biting off more than can be chewed in a sprint: maybe we need cards or time set aside for review (or learning, or other things)?
- Is it worth having a chat about estimating time vs estimating uncertainty?
- developer environment setup/'figuring things out' continues to be a large hidden time sink? (at least for me)+1 ing so we talk about it
- agreed, and hopefully the updater dev env is easier to get started with now that we have docs and makefile targets to build the virtual envs
- is there anything in particular that was a pain point?
- not one specific thing. Maybe figuring out testing? The dev-deps PR that just landed was really helpful
- +1, cfm has some interesting work here
- prep for onboarding - we could do with better decks/pedagogical material in general
- Might be worth considering the Divio documentation system (https://documentation.divio.com/) for the distinction between the team's onboarding and reference materials.+1
What have we learned:
- cfm: thanks for threat-model introduction as part of orientation +1
- conorsch: started digging into qrexec internals and really enjoying the deep dive
- eaon: all the things (sort of) =D <3
- kog: more poking about in e2e white papers
Reminder: Emergency coverage spreadsheet can be found here https://docs.google.com/spreadsheets/d/1CGo75HCtbqxcqpI4IX4Fai15ClI78HL5oRqTlMkyxW8/edit#gid=0