-
Notifications
You must be signed in to change notification settings - Fork 689
Sprint Planning Meeting 2020 08 20
Erik Moeller edited this page Aug 21, 2020
·
1 revision
What we said we would do:
- Start building test packages for Focal
- Add build logic to SecureDrop Core
- Add Focal channel to apt-test
- Resolve Python 3.8 compatibility issues
Sprint goal partially met:
- We have a
make build-debs-focal
target - We have a packaging channel on apt-test for focal packages.
- Symlink issue was resolved, no symlink required
- Complete phase 1 of template consolidation for SecureDrop Workstation
- Inventory template-specific configurations
- Create more detailed implementation plan as a result of smaller R&D spikes
Sprint goal fully met:
- Inventory and implementation plan completed
- Support SecureDrop fundraising event [not tracked as sprint tasks]
Sprint goal fully met: Event was a success, with first positive results.
Additional accomplishments
- Whole team participated in FPF unconference on racial justice & diversity
- Great progress towards MVP implementation plan for read/unread including proposed server-side changes
- We have full screenshot coverage in Weblate!
- Joan made her first docs PR and has learned a lot about how SecureDrop works.
- We have a leading candidate for the root cause of the SecureDrop Workstation kernel issue.
- Great contributions by volunteer @gonzalo-bulnes for consistent usage of product names.
- An interesting project joined Reproducible Builds: https://reproducible-builds.org/projects/ =D
- https://reproduciblewheels.com/ at 100%!!!!
- Comment from a security researcher:
loved your talk! great advice for devs in there, and it is sort of related to my research. I think that properly checking hashes would completely mitigate my attack -- but nobody really does it all the time in the real corporate world
Other team comments
What worked well:
- Highly complex work was planned collaboratively: focal packaging, read/unread, template consolidation +3
- As part of sprint planning, let's think about what kind of technical collaboration and planning may be required. +1
- Learning time has been stimulating and productive, folks are sharing results of learning time with each other and building on it
- Focal prs were merged/closed with help from the team.
What could be improved:
- (Erik) Sprint load still too heavy, everyone was predictably fried on unconference days +1
- +1 to "still" but I do think we're getting better about being realistic. The emphasis on "planning" tickets vs "implementation" tickets shows that
- OSSEC packaging documentation
What's still a puzzle:
- In the quest for reproducible builds, how much complexity can we dispose of? For example, the FPF PyPI mirror may have strong security benefits, aside from reproducibility
Learning time debrief
- Watched lots of defcon 2020 youtube vids
- Began reading "Linux Basics for Hackers" where there's a "Becoming Secure and Anonymous" and "Managing the linux kernel" sections I'm looking forward to getting into
- (Conor) More exploration of reproducible builds, highly illuminating and honestly quite fun. Do try the "diffoscope" and "reprotest" tools if you haven't!
- (Kushal) DEF CON was good. Met a lot of new contacts and some old ones.
- (Erik) Made some good initial progress in understanding how layouting works in the SecureDrop Client, want to dig in further as part of solving a small issue with reply placeholders on the sprint.
Until 2020-09-14 : Ro on personal leave
2020-08-21 : FPF Holiday
2020-08-24 to 2020-08-28: PTO: Kevin
2020-08-25 : Tails 4.10 release (we'll bulk-announce)
After sprint period:
2020-09-07 : FPF Holiday / Labour Day
2020-09-08 : QA for SecureDrop 1.6.0 starts (feature freeze)
Important for server-side changes related to read/unread
2020-09-22 : SecureDrop 1.6.0 release / Tails 4.11 release
- Probably a Friday PTO for Conor
- Probably a Monday PTO for Allie
-
Ubuntu 20.04 transition: Get Focal packages to build successfully, then set up
make staging-focal
target -
Read/unread: Scope and begin implementing server-side changes, with an eye to merging all changes required for a read/unread MVP before the September 8 feature freeze.
-
Template consolidation: Begin phase 1 of implementation (creating the preconditions for consolidation).
- Further threat modeling and analysis re: MIME type handling
- Create symlinks for mimetype association in private volume
- Move securedrop-proxy configuration files to /home/user
https://docs.google.com/spreadsheets/u/0/d/1jO6g_ObW9DnJ9tMEq1Sf2PtXtLQBrousywIrAiJr0vY/edit