-
Notifications
You must be signed in to change notification settings - Fork 690
Sprint Planning Meeting 2022 01 19
- Complete a time-boxed Qubes 4.1 RC3+ compatibility spike
Status: https://github.com/freedomofpress/securedrop-workstation/pull/751
There's an experimental branch that Conor and Michael have been working on. Ultimately the diff is relatively small. Changes to how template is installed & RPC policies. The branch uses the new 5.0 format; we could also use the same format as before. Some other cleanup required.
You can install now using make dev
on 4.1. Old repo still works but qvm-template tool isn't entirely happy - to properly support it we should create a template repo.
- Complete upgrade of Flask and associated requirements
Status: Mostly there, one dependency review & manual testing pending.
- Get "Download conversation" feature for SecureDrop Client to "Ready for review"
Status: Functionally working including some "nice to have". You can "download all" via menu / shortcut. Optimizing parts of the code / test failures; formal review pending.
Other accomplishments:
- (Infra) docs.securedrop.org now self-hosted
- HOTP validation fixes landed
- Source deletion speedup landed
- Tor packages updated (in test repo, not in prod yet)
- Orientation sessions: Threat modeling, release process
- Dependency updates (pillow, https-e)
- Dev env podman support
- SD client i18n tooling cleanup
- SD client release process more clearly documented
- Ready for review: T14 docs (intermediate notes in Confluence INFRA); DB session mgmt improvements
- Ongoing review: Deleted user mgmt changes; JI accessibility changes; preflight updater error handling
- A pile of new screenshots
What worked well:
- Steady orientation rhythm! Feels good to rotate presentations around the team, dish out some good ol' knowledge transfer +1+1+1+1+1+1
- Really enjoying cross-FPF 1:1s too as a kind of relational orientation. +1
- lightning talks (in their infancy) on sdw are nice +1+1
- Continued progress on hiring front!+1
- Nice to see voluntary/discretionary review feedback from folks unassigned but interested.
- Qubes tooling being developed by the team
- Docker env plus documentation plus tests made it really easy to write database migrations
What can be improved:
-
(cfm) First stint of security triage: glad to do, and my cadence had me miss the one thing that came in towards the end of (my) last week until Erik flagged it. --> How do we want to rotate this responsibility? +1 thanks for volunteering; i suggest handover at sprint-planning is reasonable
- Looks like some Gitter communications too: should this triage/response role be more general?
-
Leverage Qubes direct-dial more often. A lot of the 4.1 debugging maybe could have been a quick question to Marek & team. we had conversations about this, and about being mindful of the Qubes team's issue backlog/prioritizing
-
Qubes troubleshooting is time-consuming/the same Qubes experts end up responding to pings in addition to their original workload +1
-
Better engagement with research community. Some folks have reached with interesting ideas, and follow-up can be sketchy
What's still a puzzle:
-
Cory: you mentioned a tool to synchronize git repos en masse; can you re-share that?
-
Still figuring out best way to run tests locally (slow) vs letting CI run them (a bit spammy for everyone else)
- can isolate tests with
bin/dev-shell bin/run-test <pytest stuff here>
, either by file or by class matches
- can isolate tests with
-
Note that pushing up a branch alone is sufficient to see CI results
- Erik and Conor alternating 48+PTO / 410, always off Fridays
- Allie still on 3*10, Mo-Wed
- Gonzalo still on 3*8, Mo-Wed
- Ro still Mo-Thu, ~8-10 per day
- Cory 4*~10 Mon–Thu
- Giulio TBD, ~10-15 hours/week
2022-01-25: (Tentative) SecureDrop Client QA begins
2022-01-26: Australia holiday
2022-02-01: (Tentative) SecureDrop Client Release
2022-02-01: SecureDrop 2.2.0 QA period begins
2022-02-01 - 2021-02-13: cfm offline; sorry to miss QA :-( (will still attend all-staff &c.)
2022-02-15: SecureDrop 2.2.0
TBD : SecureDrop Workstation RPM release
2022-02-17: Ro PTO? (tentative)
Vulnerabilities triage: Kunal
- Land SecureDrop 2.2.0 prerequisites: Flask upgrade, "deleted" user changes, kernel upgrade
Rationale: hardware upgrades increasingly time-sensitive; Flask upgrade as previously noted
- Release SecureDrop Client 0.6.0 with deletion performance improvement
Rationale: Deletion performance improvement will deliver significant end user benefit especially in spam management.
- Implement experimental 4.1 support that allows SDW to be installed on both 4.0.4 and 4.1 Qubes versions (not necessarily "ready for review")
Rationale: 4.1 may finally be around the corner after RC4, and 4.0.4 may not be supported much longer after that.