Skip to content

Sprint Planning Meeting 2020 02 05

Erik Moeller edited this page Feb 6, 2020 · 1 revision

Sprint Planning Meeting, SecureDrop, February 5, 2020

Sprint timeframe: Beginning of Day (PST) 2020-02-05 to Beginning of Day (PST) 2020-02-20

0) Retrospective

What we said we would do:

Finish work-in-progress and critical bug fixes for pilot, including:

  • continuous sync
  • updater follow-up, removal of cron job
  • logging
  • Makefile reorganization
  • Test plan

What we accomplished:

Good progress on the above & resolved some release blockers, but all of the above still WIP.

  • We're handling metadata syncs separately from other user actions, and are checking more frequently.

    • Increasing/optimizing frequency of syncs and some sync-related cleanup still to come.
  • We addressed issues with the updater (e.g., reboot case), and have a WIP PR for showing security warnings to the user if they don't run the updater, and a WIP PR for removing the legacy updater.

    • Two updater-related release blockers have no WIP yet (launching the client immediately if updates have completed recently, and enforcing Salt state).
    • Improving updater performance is probably our top stretch goal once all other issues are addressed.
  • Logging PR updated with latest wheel hashes & clearer test steps.

    • Erik: It does seem a bit stuck to me, tbh; as far as I can tell nobody has successfully followed the test plan yet. Requesting a reality check on remaining effort / alternatives.
    • Mickael: Have good test steps now, very complex PR with many moving pieces. A couple more PRs will come out of this.
  • staging target and dev/prod config variable added to Makefile in https://github.com/freedomofpress/securedrop-workstation/pull/432 which is approved (but not merged yet)

  • Significant progress on prod readiness - rebuilt pip mirror for production, and emerging team agremeent on signing story, will be applicable for on https://github.com/freedomofpress/securedrop-workstation/issues/424 (blocked on building prod artifacts for kernel/kernel metapackage)

  • Comprehensive beta acceptance tests coming together here: https://github.com/freedomofpress/securedrop-workstation/wiki/Workstation-Beta-Acceptance-Tests

    • Kev investigating how to apply datasets to staging or prod instances, to enable testing with a given dataset
    • Useful for testing different file formats, many sources scenario, etc.
  • Test plan for verifying networking behavior here: https://github.com/freedomofpress/securedrop-client/wiki/Test-plan

Additionally:

Resolved many old bugs & regressions, including the following release blockers: - App frozen with lots of sources: https://github.com/freedomofpress/securedrop-client/issues/716 - Sync removes focus from reply box: https://github.com/freedomofpress/securedrop-client/issues/726 - Network error when signing out: https://github.com/freedomofpress/securedrop-client/issues/662 - Segfault when downloading (regression): https://github.com/freedomofpress/securedrop-client/issues/770

Reorganized file storage in client, mirroring planned export format: https://github.com/freedomofpress/securedrop-client/pull/737 - NOTE: You will need to re-download submissions you've previously downloaded; see https://github.com/freedomofpress/securedrop-client/issues/758

Managed a security issue with our Weblate install: https://securedrop.org/news/security-disclosure-configuration-error-on-securedrops-translation-platform/

Finalized release schedule & started scheduling provisioning

USB auto-attach was merged, thanks to upstream changes landing

Team observations:

What worked well: - Feels like I've settled into a good sync/routine as a remote worker. Appreciate the pointers etc. - lots more eyes on the client - prod-readiness progress is solid: we'll soon be signing with prod key to rehearse new procedure - One again, many large changes have been introduced

What could be improved:

  • Regression rate in client is still very high in absence of functional testing. Perhaps also lack of testing in Qubes? - Part of the issue (which we can discuss) is that bugs have arisen when PRs with related changes are merged without rebasing in a short time window. Each branch works in isolation but bugs will hit master. - Almost all of the bugs have not been Qubes-only - ACTION: provisionally enable force-rebase setting in securedrop-client repo, devs are asked to re-test as well after rebase

    • more client reviewers are needed sometimes (anyone can point things to kushal before logging off, as kushal is in a totally different timezone, can help sometimes).[note: I (and maybe others) would be happy to help if we know how to plug in usefully]

    • Would be helpful to have some sense of priority WRT tickets in sprint backlog (I've been used to highest priority at top of backlog).

    • Still looking for a consolidated place to list troubleshooting/diagnostic steps ("is it a bug or is it me?", is it a well-known issue, are there workarounds that devs know that others are not aware of)

      ACTION: Make wiki page with known issues & workarounds specifically w/ dev-focus (Erik)

    • it would be helpful to have a freeze period between implementing a bunch of new features and making sure we're ready for pilot, there were many regressions these past two weeks and the cleanup/ learning about the new state of the client slows us down

    • sometimes prs are merged without running through our test plans so we need to be more diligent, especially while getting close to pilot release

What's still a puzzle:

  • Nervous we have not yet begun planning for Pilot UxR, or establishing a clear plan for goals beyond "woo, they're using it!"
  • several cyclical dependencies / chicken-and-egg challenges with workstation provisioning (templates and packages configuration of dom0 repositories)
    • In order to build prod template, we need prod kernels/metapackage, etc.
    • To review staging PR, we needed to build RPM to install
    • Jen: At some point next week, we'll need to do prod release of kernel metapackage & kernels
  • assigning review for "staging" workstation scenario (we're mandating test-only hardware)
    • Conor: We're asking folks to run staging scenario only on test-only hardware. Let's get clarity on who's on the hook for these reviews. It's Jen, Mickael, Kev so far.
  • Initial workstation provisioning steps / configuration (prod scenario)

1) Review important dates and time commitments

2020-02-05 to 2020-02-07: Nina meeting/co-working with Qubes team 5th-7th
2020-02-06 to 2020-02-07: PTO: John
2020-02-07              : PTO: Kev (0.5 day)
2020-02-12              : SecureDrop 1.2.1: code freeze (EOD pacific time)
2020-02-17              : Holiday (US/Canada - Ontario): President's Day / Family Day
2020-02-19              : SecureDrop 1.2.1: release 
2020-02-20              : Next sprint planning mtg

After this sprint:

2020-03-16              : SecureDrop Workstation 0.2.0beta release
2020-03-18              : Earliest possible provisioning date with news orgs.
2020-04-15 to 2020-04-23: PyCon 2020 in Pittsburgh, PA

Team coverage during provisioning tracked in internal "Team coverage" spreadsheet.

Time check for this sprint: https://docs.google.com/spreadsheets/d/1DcsBJ2D4eD844OR2RCTbbLiWaRMVnYyKVuqc2Z6Uvig/edit#gid=0

2) Agree on must-achieve sprint goals

Proposed goals:

  • Address recently discovered and WIP release blockers. Calling out new issue: Test large file download reliability (may have implications for 1.2.1). https://github.com/freedomofpress/securedrop-client/issues/767
  • Release SecureDrop 1.2.1, pending ^^
  • Aggressive testing in dev, including with >100 - <1000 sources. Identify final set of release blockers for next sprint (feature freeze: 2/28)

Unless a newly discovered release blocker is easy to resolve, let's touch base before adding it to the sprint, to avoid overloading ourselves.

3) Task selection and estimation

https://docs.google.com/spreadsheets/d/1WPRNd0Fk4S4PuTfcKMGR7X5mAexoYFsbsgtQyRlwyes/edit#gid=0

Clone this wiki locally