-
Notifications
You must be signed in to change notification settings - Fork 685
Sprint Planning Meeting 2021 09 29
Previous sprint priorities:
-
Review key changes for SecureDrop 2.1.0, with priority on community PRs (2FA improvements, scrypt/session management)
- Above changes have landed, and we are considering an additional fix to help journalists/admins with Tails updates
-
Land CI performance improvements and fixes, including moving staging-test-with-rebase to nightly & release branches
- Significant CI improvements, including improved test parallelization
-
Finish bugfixes/QA and aim to release SecureDrop Client 0.5.0
- Bugfixes still in progress; Allie/Conor have been pairing on resolving
Other accomplishments:
- Landed first round of accessibility improvements, focusing on SecureDrop Source Interface
- Fixed issue with staging environment failing during multiple provisioning runs
- Created a more prod-like development environment for SecureDrop Client on Debian systems/VMs
- Landed SecureDrop Client translation workflow changes, some infra changes (and actual translation workflow rollout) still pending
- Dependency updates across the board
- Hiring, hiring, hiring!
- We received a $5.8M multi-year grant largely dedicated to the future of SecureDrop, a huge step in the project's long term sustainability and technical viability.
Other team comments & learning time notes:
-
Big thanks to Kushal for his time @ FPF and for staying on as a SecureDrop maintainer!
-
Proposal: Let's explicitly agree to slow down release cadance a bit after next round of releases.+1
-
Kev: Some concern around build-up of work -> longer testing cycles.
-
Conor: Good point! If we merge complex changes, that will balloon testing obligations. Let's be mindful of complexity of changes we are merging.
-
Ro: Are you proposing that entire dev cycle be slowed so that we're not merging tons of stuff and letting it pile up, or that we release less frequently?
-
Conor: Both.
-
Erik: Recommend we do a quarterly planning check-in soon.
-
Kev: We've previously said every second Tails release before.
-
Conor: I would suggest explicitly decoupling from Tails schedule for now.
-
Kev: In favor of being mindful of when to release, but want to make sure we do releases, which will help everyone get up to speed.
-
Allie: In favor of slowing down a bit for now. Acknowledging reality.
-
Agreement for now: We will be more explicitly discussing release schedules and obligations, with an eye to team capacity.
-
-
Learning time: Great Rust content in the #learning channel recently, thank you to all contributing there. -Conor
-
cfm learning time: Little bit of Rust; recently mostly Terraforming QA environments (https://github.com/cfm/terraform-metal-securedrop-production). :-)
-
Thanks to Allie for making a lot of time for pairing (in addition to onboarding and hiring meetings!). Really helping to orient me on client/qt dev -Conor
-
Moving a google doc or sheet to a shared folder is hard +1
-
Thank you guys for taking the time for onboarding!!! I've participated in some amazing walkthroughs :) <3
2021-09-29 : SecureDrop 2.1.0 branch cut: QA / feature freeze
2021-09-30 : Abigail's first (half-)day as Newsroom Services Coordinator
October : Outreachy contribution period (if we are approved)
2021-09-30 to 2021-10-01: PTO: Allie
2021-10-01 : PTO: Erik
2021-10-04 : Allie switches to 3*10 schedule
2021-10-05 : Tails 4.23 release
2021-10-06 : SecureDrop 2.1.0 pre-release announcement
2021-10-08 : PTO: Erik
2021-10-11 : US/Canada: Holiday (Indigenous People's Day / Thanksgiving)
2021-10-13 : SecureDrop 2.1.0 release [maybe defer to Thursday given ^^]
Past sprint period:
2021-10-15 to 2021-10-18: PTO: Conor
2021-10-25 to 2021-10-29: cfm reduced availability (TBD)
2021-10-15 to 2021-11-15: PTO: Ro
Sometime in October : Erik travels to Canada, for reals
- QA and release SecureDrop 2.1.0
- Finish key SecureDrop Client bugfixes for 0.5.0 release:
- Complete first round of candidate review for open positions
-
Testing of session management
- In initial testing, we hit some issues when there were multiple wsgi worker processes running. Will add specific steps to the test plan for that.
-
Testing TLSv1.3 changes
- Change by evilalive. Requires that server is set up with HTTPS enabled, for which we have a helper script - will add notes to the test plan.
-
Testing new 2FA secret length
-
Also evilalive change. Should be backwards-compatible -- existing 2FA secrets should still work, but new secrets will be longer, and corresponding QR code will be larger.
-
requires docs screenshots run
-