-
Notifications
You must be signed in to change notification settings - Fork 685
Sprint Planning Meeting 2022 05 25
- Release SecureDrop 2.4.0
Status: Released with revised date to allow for additional translation (which ensured that European Portuguese made it over the finish line!).
- Make it possible to create a full Qubes 4.1/bullseye fresh install
Status: Significant progress on multiple fronts:
-
Template builder changes merged, template RPM successfully built, debugging paxctl issues
-
securedrop-keyring and securedrop-workstation-grsec Bullseye packages are needed to build the new template
- We do now have Bullseye versions of these packages on apt-test
-
We're in the process of getting the new template onto yum-test
-
Next up are main/nightly package Bullseye builds for all SDW Debian packages; initial packaging logic changes have been merged
-
4.1 sys-usb fixes/export fixes pending, but root cause identified
-
Update keyring expiry by 1 year and prepare packages with said update for server and workstation
Status:
- Server keyring package update released as part of SecureDrop 2.4.0, OpenPGP has the new key; securedrop.org updated;
- Workstation keyring package ready for QA on apt-test.freedom.press
Facilitator: Kev
What worked well:
-
Extra time for translation & good coordination with L10NLab
-
SD 2.4.0 has multiple wins: big design changes to SI, security fix, keyring update with time to spare, new language support, etc.! +1+1+1
-
UX mental models meeting (to be continued?)+1!+1+1+1
-
Pairing with Kunal on building the Debian package for the Client made it super smooth! 🙌 +1+1 :jealous:
-
Workstation and Server hangouts both generating good conversations about long-term questions, research, and work-planning/sharing.+1+1+1+1
- E.g.: Server wishlist (https://wiki.freedom.press/wiki/SecureDrop_Development/Wishlist)
-
Pairing UX with devs for 1:1 sessions has been helpful+1!+1
-
Qubes community manager commented on an issue of ours and bumped up an upstream issue (Fedora templates) after we cross-linked to their open issue: thanks @andrewdavidwong <3
-
Lots more folks hopping on reviews
-
Focused directory listing meeting was helpful
What can be improved:
- time management/competing demands for time? (meetings/side-quests/struggling to find focus time to finish sprint tasks)+1
- feature implementation
- research
- maintenance/security/support response
- upstream
- learning time
- (organizational commitments)
- Duplicated CI between sd-debian-packaging and sd-{client,export,proxy,...} repositories that is subtly non-identical causing weird failures
- UX still figuring out its roadmap and ways to document work and interface with the dev team
- time estimation?
What's still a mystery:
- qubes-builder (omg) +1 (lol)
- How to avoid having to drop languages that (a) instances are using but (b) translators aren't translating.
- translating hangout chats into concrete development/R&D goals (having time to plan and execute goals?)
- Meta observation on this retrospective: Some of us are concerned about (tactical) meeting load (and context-switching) and there are lots of important (strategic) conversations emerging and developing. Both are true! Remote work.
- we might need some together collaboration/planning time where we aren't tied up with/managing sprint tasks. (like quarterly/twice-yearly together time?) I'm wondering if this could reduce recurring meeting load - could we get a bunch done at once?
- Gonzalo and I have been discussing how we could aim to use the hangout time for more of this by removing the standup update in the beginning and continuing the discussion of what folks want from this meeting (I think only Erik, Gonzalo, Cory, and myself were in this meeting at the time)
- kinds/contexts/trajectories of meetings → team operating model
- we might need some together collaboration/planning time where we aren't tied up with/managing sprint tasks. (like quarterly/twice-yearly together time?) I'm wondering if this could reduce recurring meeting load - could we get a bunch done at once?
- Erik alternating 48+PTO / 410, always off Fridays
- Cory @ 4*10 Mon-Thu
- Allie @ 4*10 Mon-Thu [change!!]
- Ro @ ~4*8-10 Mon-Thu
- Giulio ~20 hours/week
- Gonzalo ~24 hours/week Mon-Wed
- Tina @ 4*10 / Mon-Thur
2022-05-26/27 : Kunal PTO
2022-05-31 : SecureDrop.org blog post: SecureDrop Client translation
TBD : SDW RPM release (Fedora) and keyring update
2022-05-31 : QA begins for SecureDrop Workstation releases
2022-06-07 : fedora-34 EOL
2022-06-13 to 2022-06-24: Ro PTO (2wk) to move
2022-06-13 : QA begins for SDW releases
2022-06-28 : SDW releases
2022-06-29 to 07-06 : KOG PTO (relocating to IE for July/Aug)
2022-07-04 : SecureDrop release key expires
2022-08-02 : Debian Buster EOL / Qubes 4.0 EOL
Vulnerabilities triage: Kunal Support triage: Allie
- Create a full Qubes 4.1/bullseye fresh install in preparation for QA
Rationale: Qubes 4.0/Buster EOL August 2
Allie, Michael, Kunal, (Ro), (Cory), (Gonzalo)
- Get "inverted flow" for Source Interface into a state that could be user-tested
Rationale: Major potential UX win for sources
Kev, (Michael), Tina
- Finalize strategy/scoping for SecureDrop Server/Workstation unified build/release model
Rationale: Longstanding discrepancies in build processes cause frustrations
Kunal, (all)