Skip to content

Roadmap Archive

Conor Schaefer edited this page Dec 1, 2021 · 6 revisions

⋯ = ongoing
✔ = completed
✘ = not completed

2021

Q1 2021

  • SecureDrop Workstation:
    • Research/Prototyping:
      • Additional research & prototyping re: export methods (USB or networked), export to VMs; begin researching user needs around redaction
      • UX design exploration around consolidated update experience
      • ✔ Investigate static code analysis tools
    • Development:
      • ✘ P1: Reliably synchronize user database in anticipation of features that require attribution (e.g., seen at message level)
      • ✔ P2: Improvements to deletion UI in SecureDrop Client
      • ⋯ P4: Iterative towards flexible grid system for the Client to allow for smaller window sizes and screen resolutions
  • SecureDrop Core:
    • Development:
      • ✔ P1: Focal support and migration plan/docs for Focal upgrade (may require code changes)
      • ✔ P2: Improvements to source account deletion UX in Journalist Interface
      • 2021-01-26: SecureDrop 1.7.0: Org name support; improved v2/v3 warnings; switch to PNGs for Journalist Interface; expanded language support; misc. developer-focused changes
      • 2021-03-11: SecureDrop 1.8.0: Focal support (and associated docs/migration tooling); built-in end-of-life for Xenial support; require v3 for fresh installs; expanded hardware support via new kernel

Q2 2021

  • ✔ 2021-04-14 - SecureDrop 1.8.1: mainly fixes in support of Ubuntu 20.04 migrations
  • ✔ 2021-04-30 - Ubuntu 16.04 Xenial is end-of life
  • ✔ 2021-05-18 - SecureDrop 1.8.2: new keyring shipped to servers; bugfixes
  • ✔ 2021-06-30 - 2016 SecureDrop Release Key expires (key rotated to 2021 key)
  • SecureDrop Workstation:
    • Research/Prototyping:
      • ⋯ Workstation i18n
      • ✘ User research, design iterations, technical research related to redaction tooling and journalist workflows
      • ✘ Research into pyside2 as an alternative to pyqt, as part of improving dependency management story
    • Development
      • ✘ Updater stability improvements
      • ⋯ Follow-up work from audit findings
      • ✔ Begin work on Safe Deletion implementation for SecureDrop Client
      • ✔ Begin documentation of backup/restore story
  • SecureDrop Server:
    • Development:
      • ✔ SecureDrop 2.0.0: Focal/v3-only release; removal of Flag for Reply functionality
      • ✔ Ramp up v3 migration & LTS messaging (Twitter, Support Portal)
    • Research/Prototyping:

Q3 2021

  • Cross-project:
    • Research/Prototyping:
      • ⋯ Broaden team understanding of E2E encryption options, esp. Signal Protocol, through continued E2E workgroup
      • ✘ Prototype a lightweight SecureDrop Server implementation in Rust (e.g., feature parity with signal-proto branch)
      • ✘ Evaluation of 1-3 SecureDrop alternatives (e.g., ease of setup, usability, security) to broaden team knowledge
  • SecureDrop Workstation:
    • Research/Prototyping:
      • ⋯ Qubes 4.1 compatibility/support
    • Development:
      • ⋯ Finish and ship Safe Deletion and other unreleased fixes
      • ✘ "Export all" feature
      • ⋯ Make SecureDrop Client translatable via Weblate
      • ✘ [Tentative] Export to VM / integration of sanitization tools
  • SecureDrop Server:
    • Development:
      • CI performance and reliability fixes
      • ✘ RC build automation
      • ✘ Achieve fully reproducible package builds for securedrop-app-code
      • ✘ Enable black code formatting on SD server repo
      • ✔ Improve screen reader support for Journalist Interface and Source Interface

Q4 2021

  • SecureDrop Server:
    • ✘ Improvements to database integrity and constraints

2020

Q2 2020 - April to June

  • SecureDrop Workstation:
    • Releases/Key Dates:
      • Opportunistic component releases
      • (April 2020) Pilot begins
      • (before June 30) SecureDrop keyring update
      • (before May 26) fedora-31 update
    • Development:
      • Support for RPC policy changes for copy/paste & logs export
      • Misc. stability and performance improvements
      • Make preflight updater single-stage, improve UX [not released yet]
      • SecureDrop Client stability improvements around source deletion [not released yet]
      • Support multiple resolutions in the SecureDrop Client [ongoing, sliding into Q3]
    • Developer-Focused Changes:
      • Add SecureDrop Client Integration testing to test styling throughout the client UI
      • SecureDrop Client CSS refactoring
      • Add developer documentation around debugging and building Qt [ongoing, sliding into Q3]
    • Support/outreach:
      • Support pilot participants
    • Research/prototyping:
      • Design/research options for “Export to VM” workflow in the SecureDrop Client
      • Design/research options for read/unread in the SecureDrop Client [ongoing, sliding into Q3]
      • Research interviews with pilot participants
  • SecureDrop Core:
    • Releases/Key Dates:
      • (May 13) SecureDrop 1.3.0
      • (June 17) SecureDrop 1.4.0
      • (June 25) SecureDrop 1.4.1
      • (before June 30) SecureDrop keyring update
    • Development:
      • Small improvements to Source UI
      • Security/maintenance focus
    • Support/outreach:
      • Promote HTTPSE Rulesets for opt-in pilot
    • Research/prototyping
      • Collaboration with Tor Project on Onion Names via HTTPSEverywhere
      • First exploratory spikes for Ubuntu 18.04/20.04 upgrade

Q3 2020 - July to September

  • SecureDrop Workstation:
    • Releases/Key Dates
      • Opportunistic component releases
      • (~August) Pilot ends [extended into 2021 w/ additional participants]
    • Development:
      • P1: Template consolidation [sliding into Q4]
      • P2: Read/unread support [sliding into Q4]
      • P3: Reply badges (attribution of journalist authors to each other) [sliding into Q4]
      • Support multiple resolutions in the SecureDrop Client
    • Developer-Focused Changes:
      • Add developer documentation around debugging and building Qt [small, ongoing progress]
      • Build automation for workstation subprojects (reduce developer time consumed with preparing releases) [small, ongoing progress]
      • Integration testing for workstation components [deferred for now]
    • Support/outreach:
      • v2 Onion service deprecation announcement
      • Decommission pilot users or support long-term production usage [extended pilot w/ additional participants]
    • Research/prototyping:
      • Design/research options for read/unread in the SecureDrop Client
      • Reproducible build spike to support improvements to build automation
      • Tipline integration (Signal) support
      • Exploration on redaction and sanitization workflows
  • SecureDrop Core:
    • Releases/Key Dates:
      • (July 28) SecureDrop 1.5.0
    • Development:
      • Deprecation warning for v2 onion services
    • Support/outreach:
      • Migration to v3 onion services (with HTTPS Everywhere?) [ongoing]
    • Research/prototyping:
      • Deeper investigation of first findings from Ubuntu 18.04/20.04 spikes
      • Decision on HTTPSEverywhere pilot, SecureDrop.org integration [sliding into Q4]
      • Journalist API v2 improvements [deferred for now]
      • Source Interface user research: codename UX [deferred for now]

Q4 2020 - October to December

  • SecureDrop Workstation:
    • Research/Prototyping:
      • SecureDrop Workstation Audit 2
    • Development:
      • P1: Finalize template consolidation
      • P2: Highlight sources with unseen submissions in the SecureDrop Client (pending SecureDrop 1.6.0)
      • P3: Complete work on reply badges
    • Support:
      • Onboard new pilot orgs [ongoing but no new participants on-boarded yet]
  • SecureDrop Core:
    • Releases/Key Dates:
      • (October 7) SecureDrop 1.6.0
    • Development:
      • Dual support for Ubuntu 16.04 and Ubuntu 20.04 [a lot of progress, but completion still pending in Q1 2021]
    • Support:
      • Ramp up v3 migration & LTS messaging (Twitter, Support Portal) [deferred to Q1 2021]
    • Research/Prototyping
      • Investigate reproducible builds for core packages
      • Begin research into paths off python-gnupg (consider AGE, x25519), opportunistic end-to-end encryption
Clone this wiki locally