Sprint Planning Meeting 2020 06 03

Sprint Planning Meeting, SecureDrop, June 3, 2020

Sprint timeframe: Beginning of Day (PDT) 2020-06-03 to End of Day (PDT) 2020-06-17

0) Retrospective

What we said we would do:

QA and release SecureDrop Workstation (must-do) and SecureDrop Client/Proxy (stretch goal).

Goal met, including stretch goal. First successful component releases since pilot launch.

Land critical changes for SecureDrop 1.4.0 in develop and prepare RC1

Keyring update: https://github.com/freedomofpress/securedrop/issues/5274
Deletion fix: https://github.com/freedomofpress/securedrop/issues/5233
sdconfig validation & config checks

Goal partially met. Deletion fix and keyring update landed, sdconfig validation & config checks approved by one reviewer.

Land fedora-31 upgrade as part of SecureDrop Workstation 0.3.0 RPM release

Goal met. No issues reported by users during upgrade.

Retrospective:

What worked well:
the release process for client + proxy was very pleasant +1
having designated SDW component "RMs" (though unnamed), made resolution of blockers fairly straightforward
(ro) Wire release channel comms were informative (speaking as a lurker)
Tech meetings are interesting and seem helpful
Team eager to improve docs and comms strategies based on feedback, that's great to see!
What can be improved:
Release manager is useful in core release contexts (the informal approach did work well in this case)
- "informal approach" worked well, worth calling that DRI "RM" for clarity?
(ro) being behind on hardware tasks (delaying Workstation rebuild) took me out of QA
writing test plans for lfs prs is repetitive, perhaps a PR template would be helpful
even more clarity in docs would be grand, we're still catching some implicit assumptions. rotating responsibilities helps to shake out +1
gap between releases (date/time wise)

ACTION: Designate RM and Deputy RM for next workstation component release(s) ACTION: Conor/Allie will take on LFS PR template as part of 1.4.0 release

What's still mysteeerious:
point releases for workstation packages (since we don't have release branches) +1

1) Review important dates and time commitments

2020-06-03 to 2020-06-05: Training: Jen
2020-06-05              : PTO: Allie, John, Conor
2020-06-08 to 2020-06-19: PTO: Mickael
2020-06-12              : FPF Holiday
2020-06-17              : SecureDrop 1.4.0 Release
TBD                     : Keyring update release(s) for SecureDrop Workstation

After sprint:

2020-06-18 to 2020-06-23: Kanban period
2020-06-22              : Lead Developer change
2020-06-22 to 2020-07-17: Break: Jen
2020-06-19              : FPF Holiday (Juneteenth)
2020-06-30              : SecureDrop Release Keyring Expires

Time check:

https://docs.google.com/spreadsheets/d/1lUhzuJ7Ft35hnYkgKNTF9sUglZFvlcr5pO41a_c9fBg/edit#gid=0

2) Agree on top 3 goals for this sprint

Release SecureDrop 1.4.0
- keyring update
- deletion fixes
- sdconfig improvements
Prepare SecureDrop Workstation keyring update and upload kernel update to staging
Apply black code formatter & isort to client/proxy/SDK repos

3) Agree on learning objectives

Nominated so far:

Preflight updater walkthrough
SecureDrop Client queue architecture
Qubes Admin API tooling +1
- last week's learning time: https://github.com/conorsch/hexagon
Rust /+1
- any particular projects, or focusing on learning the language? Learning to be okay at the shouting by the rust compiler. Insanely difficult for my brain to be friendly with that. =D It's not shouting, it's teaching. :^)
- we could do a long-term project called nand to tetris and write the compiler in Rust
Wireguard mesh routing (E2E VPN with proxy hosts) +1
Qubes-rpc protocol (and how various qubes tools communicate between VMs) +3
Qubes VM provisioning automation (via Salt or other) +1 I have one blog out on that series https://kushaldas.in/posts/maintaining-your-qubes-system-using-salt-part-1.html
IDS options for SecureDrop Core (+2, also there are some long-standing issues open around this, could be interesting low-priority investigation to either improve or swap out OSSEC)
restart cryptopals group playthrough? For bonus points, in anything but Python+3 but after Jen's back
Understanding/debugging Ansible, molecule and friends+1 +1
Maybe some group learning/share-back around working with community contributors? (Or some other process-related learning goal?)
Enterprise IT devices--what should we know? (Cisco, Palo Alto etc)
I would really like to learn more from the training team about journalist processes and redaction tools etc. +3 This would be good for informing workstation additions

Groupings during this sprint:

Cryptopals or similar cryptography-related learning group: Allie, Kev, Mickael, John

Ansible, Molecule, and friends: Ro, Erik, (Conor), (Kev)

Rust: Kushal, Conor

ACTION: Set up an "Ask Each Other Anything" w/ the DigiSec team (Erik)

4) Task estimation

https://docs.google.com/spreadsheets/d/1l8kNNagGJZ59qYBCkJN2VluHQJomEAA2PhqOgVOg_-c/edit#gid=0

Provide feedback

Saved searches

Use saved searches to filter your results more quickly