-
Notifications
You must be signed in to change notification settings - Fork 690
Sprint Planning Meeting 2022 06 08
- Time period: 2022-06-08 to 2022-06-22 (mid-day PST)
- Markdown: https://gist.github.com/cfm/7fb7d36921a71dd58f5a871b2e4f3e48
- Standing draft for ongoing feedback: https://docs.google.com/document/d/1gGrdgym8MCBY2UmrmAiwPdcP2a0X4oDDL7C16O1FYFQ/edit
- Standing scratch pad for process ideas: https://docs.google.com/document/d/1QMH6VAjah2RP6_mvMPwT1T99mOMhNjvSKD-w3mU77ek/edit
Async before the meeting: Erik/Kev/Allie fill in section (1). Everyone fills in section (2). No need to sign your comments unless you feel so moved; Etherpad colors will mark authorship before and during the meeting but don't need to be captured for posterity.
Sync during the meeting: Any highlights, observations, concerns?
- Create a full Qubes 4.1/bullseye fresh install in preparation for QA
Status: In-progress; all SDW packages are on apt-test, but we still need a way to switch over to nightlies which is in development (work in progress in securedrop-workstation#762) and to build the template and push to yum-test (blocked: issue described in qubes-template-securedrop-workstation#25). Cory is ready to do a fresh install once the template is on yum-test and a test plan is in-progress. Erik+Allie+Michael getting ready for QA.
-
Tested, documented, and HCL-reported Qubes 4.1 on 2nd-gen ThinkPad T14
-
Get "inverted flow" for Source Interface into a state that could be user-tested
Status: Backend changes for prototype done. Fixing up test suite and finalizing UX in progress. User testing strategy TBD.
- Finalize strategy/scoping for SecureDrop Server/Workstation unified build/release model
Status: Productive strategy planning on 2022-05-31, see notes: https://github.com/freedomofpress/securedrop/wiki/Build-and-packaging-strategy-2022-05-31 - additional issue/scoping work TK.
- [many] SDW 0.6.2 package released to migrate users to fedora-35 templates
- Giulio made significant progress on the server-side sessions PR
- [several] Officially launched SecureDrop Client translation (monitoring for new translations)
- [many] Support Engineer hiring (details in meeting as needed)
- [many] Dangerzone hiring (details in meeting as needed)
- Work on DraftReply handling in the Client revealed a blocking problem in our Alembic tests
- Fiddled with sprint-planning agenda
- [all] Started collecting sprint-planning ideas
- Ro worked on sd-export refactor, adding fedora-35 support, and the sdw-dom0-config rpm release
- Worked on release management + https://github.com/freedomofpress/securedrop-client/issues/1513 with Gonzalo
Async before the meeting: Add your comments to sections (1)‒(3). +1 points you agree with. +! points you'd like to nominate for discussion.
Sync during the meeting: Discuss flagged points. If there's a concrete next step (including just research or a follow-up discussion), ask for a volunteer to take it on.
- [cfm] Kunal's suggestion of a dedicated PR-review day was a really nice, collaborative way to start the week.
- [giulio] I was happy to have a fixed objective and spend most time coding it (session pr), also learnt a lot from kunal fixes
- lots of pairing, troubleshooting, team communication +1 team comms and opening the floor to new processes
- [ro] comms with a news org that is interested in working on/contributing to SDW - it was nice to have outside collaboration + 1
- good collaboration and response on sdw rpm config release issue
- [cfm] Hiring discussions/collaborations feel smooth and instructive all around.
- [kunal] The hiring task is well designed and super easy to review
- [cfm] Spontaneous pairing can be difficult across time-zones. Might start experimenting with a fixed "pairing office hour" on the days we don't have a meeting in this time-slot. (hat tip: Gonzalo's "pairing station")
- I feel like we need more release management planning and coordination but don't give ourselves the time to do it +1!On the other hand, if it requires a ton of planning to do releases, it's an indicator that the process itself needs some simplification/automation attention
- still struggling to find focus time (slight improvement this sprint?) +1
- +1, on both counts. "Slight improvement" for me meant "accepting focusing on things other than what I might have wished/intended". :-) +1 +1+1
-[alp] how our future support engineer is going to fit into the team (big question, don't expect to solve here today) +1+1+1, let's pair on prepping the on-boarding calendar early - What is our onboarding strategy? - Separate question: How do they fit into the team, long-term? - [kev] Should we onboard in person at FPF office (when possible)? (alp +1) → Abigail will set next meeting! <3
- reviewing long-term roadmap, how do we envision using the roadmap?+1+1+1+1+1
→ We have a Q3/Q4 roadmap meeting on the cal for 6/14, maybe we can get started today on async prep+1 to quarterly cadence
- Some of the roadmapping is for stuff that's farther off than the next quarter or two, a bit hard to find time for/figure out right timing for +1
- ^true
- I feel like I'm often trying to get help on unblocking issues I'm running into on high priority issues, and it's going pretty well from my perspective (becuase we've clearly identified what is high priority), but not sure if others feel the same. It also might indicate that we need to pair folks on tasks more.
- maybe setting up ad-hoc "I'm stumped" meetings with the @sd tag for those who want to/are free to join? maybe, but I think sometimes I really feel like there are 3 things we're blocked on, and we should pull folks in from lower priority tasks to help unblock very good point - this is like a quick daily standup/x-team standup escalation
- [cfm] Gonzalo's pairing station (or a Mumble) allows escalating to synchronicity very easily---which I really like. For some reason I find it less demoralizing to have a conversation change the shape of my afternoon than a Slack message. :-) So I would favor normalizing that, just like finding someone in the hallway.
Async before the meeting: Fill in.
Sync during the meeting: Anything to discuss?
- Erik alternating 48+PTO / 410, always off Fridays
- Cory @ 410 Mon-Thu (48 during weeks with summer Fridays)
- Allie @ 410 Mon-Thu (48)
- Ro @ ~4*8-10 Mon-Thu
- Giulio ~20 hours/week
- Gonzalo ~24 hours/week Mon-Wed
- Tina @ 4*10 / Mon-Thur (week of the 20th is booked with trainings)
2022-06-07 : fedora-34 EOL
2022-06-13 to 2022-06-24 : Ro PTO (2wk) to move
2022-06-13 : QA begins for SDW releases
2022-06-17 to 2022-06-21 : Kunal PTO (then working from Calif until July 4)
2022-06-21 to 23 : Forbes install (remote-Kev & Michael)
2022-06-28 or following week : SDW releases
2022-06-27, 2022-06-29 to 07-06 : KOG PTO (relocating to IE for July/Aug)
2022-07-04 : SecureDrop release key expires
- cfm: possible PTO around the US holiday weekend (TBD)
2022-07-post-release : Allie PTO
2022-07-25 - 2022-07-29 : all-staff meeting
2022-08-02 : Debian Buster EOL / Qubes 4.0 EOL
2022-07-XX : Onboarding Newsroom Support Engineer
Async before the meeting: Erik/Kev/Allie fill in the mini-roadmap. Everyone fills in the radar. No need to sign your comments unless you feel so moved; Etherpad colors will mark authorship before and during the meeting but don't need to be captured for posterity.
Sync during the meeting: Who is overcommitted? What is underresourced? What can be deprioritized?
- Create a full Qubes 4.1/bullseye fresh install in preparation for QA
Rationale:
-
4.0 end-of-life is fast approaching (early August)
-
4.0 is already not installable on newer hardware, preventing new installs
-
4.1 support is therefore on the critical path for wider adoption of the SecureDrop Workstation in Q3 and Q4
-
QA informally begins next week using nightlies as an RC1
-
formal QA begins with a multi-tester test plan → NEED: release-planning meeting for capacity to support June 28/July 5/July 11 release deadline
- presumed RM team: Allie, Ro
4.1 testing: Cory, Erik (T480), Allie, Michael, Gonzalo (T490, NUC11 if useful)
- Prepare a user test environment and research plan for "inverted flow"
Rationale:
- We know from 2019 user testing and additional reports that "codename" terminology is not well-understood by users, which may cause frustration and confusion in use of SecureDrop.
- Hypothesis: inverting flow (passphrase at the end) will further simplify the source experience.
- Validating this hypothesis is on the critical path to UX improvemnts for the source experience in Q3 and Q4.
Kev, Michael, Tina
Supporting roles:
- Vulnerabilities triage: Giulio
- Support triage: Kev
- [maybe] Meeting facilitator:
- [many] Support Engineer hiring & on-boarding prep / DZ hiring
- [many] Workstation 0.6.1 release retrospective
- Client's "supported languages" story needs to be done before feature freeze (https://github.com/freedomofpress/securedrop-client/pull/1497)
- Would like to get at least the Alembic refactoring, if not the bug-fix that presented it, in before feature freeze, or else we lose the window of opportunity to have it included in folks' reinstallations on Qubes 4.1(curious about this G.) (https://github.com/freedomofpress/securedrop-client/issues/1500) <- !
- [giulio] talked a lot with ro about document sanitization. As we are also 'acquiring' dangerzone, I'd like to spend some time (~12?) on that plus https://github.com/QubesOS/qubes-app-linux-pdf-converter
- [kog] as time allows, start review of JI/API session PR
- [kog] super-stretch goal would be to revisit SI captcha options as another anti-spam mitigation
Any last questions, concerns, ideas, things we haven't talked about?