Sprint Planning Meeting 2020 11 12

Sprint Planning Meeting, SecureDrop, 2020-11-12

Sprint timeframe: Beginning of Day (PDT) 2020-11-12 to End of Day (PDT) 2020-11-25

1) Retrospective

What we said we would do:

QA and release SecureDrop Workstation 0.5.0

Sprint goal fully met. SecureDrop Workstation 0.5.0 released and first orgs updated.

Review and land seen/unseen changes in SecureDrop Client

Sprint goal partially met. DB migration landed and SDK updated; main PR is functionally complete but review still ongoing.

Land pending Focal support PRs & fixes, and fix additional test failures

Sprint goal fully met. Focal app tests now running in CI and known app-test failures resolved. Infra test fixes still pending.

Additional accomplishments

Officially added NUC8 to our hardware recommendations after extensive testing by Kev and Ro
Identified and resolved DB migration issue with draft reply authorship prior to release. QA/Client test plan updated to ensure we catch regressions earlier.
Identified and (temporarily) resolved cryptography/Xenial compatibility issue.
Identified workaround for updater failures due to Salt changes (worth noting that Mickael's issue was the first report to upstream)
Landed SD Core community PR by @DrGFreeman to improve error handling for files that are missing on disk, and another to improve functional tests
Audit discussions ongoing, focusing on threat model documentation; this work is now close to completion and in-depth testing is about to begin

Other team comments

What worked well: - Strong community engagement on "securedrop" repo PRs +1+1 - We have SecureDrop applications tests running on Focal - We are slowly getting better for Future (example: upcoming cryptography release) - (Erik) With only minor hiccups, we were able to release the whole SecureDrop Workstation + components with Conor on PTO :)

What can be improved:

Updater for SDW is a bit brittle for full Salt runs - most updates so far have required manual intervention
- New code to manage template consolidation does not include error handling :/ - https://github.com/freedomofpress/securedrop-workstation/issues/638 - that, also need to find a way to avoid double update cycle as experienced in core GUI updater - failing back to last known good state would also be worth having
- Updater, update thyself
- improve granularity of salt commands to better handle erros
- Wrapping the qubes GUI updater would offload much of the update logic, we can still run dom0 updates separately
We could add more local client db data for testing in the run.sh script (perhaps have a --dev option to include entries like draft replies)
We could improve totp code handling by skipping it entirely during cassette generation for the sdk
DrGFreeman has been making some good improvements; this might be a good time to schedule some work on the source interface?+1+1
- we can find some historical issues in backlog grooming
- suggest client
The client could use a release branching strategy that matches how we do it for the server +1+1
- (Action) Let's address this for the next release

What's still a puzzle:

QA provisioning code takes a long time
- RPM caching behavior in dom0 was confusing: 0.5.0 did not show up when expected, until a reboot
- (Conor) Can we set up a testing box to catch issues in provisioning?
When did make prod go away?
- Full history: https://github.com/freedomofpress/securedrop-workstation/pull/587

Learning time debrief

Kushal: Have a private patch to remove python-gpg and use johnnycanencrypt in securedrop, still many failing tests, but because the way tests were written to make sure gpg is happy.

2) Review key dates and time commitments

2020-11-13              : PTO: Allie, kushal (holiday)
2020-11-16              : Kushal (holiday)
2020-11-16              : PTO: Mickael
2020-11-13/16/17        : PTO: Allie
2020-11-17 to 2020-11-18: Conference: Conor
2020-11-20              : PTO: Erik
2020-11-23 to 2020-11-25: PTO: John
2020-11-24              : fedora-31 end of life (est.)

After sprint period:

2020-11-26 to 2020-11-27: US Holiday: Thanksgiving
                          Transition to Kanban model until January 2021

Looking ahead to Q1 2021:

Complete Focal support and test migration story
Removal of v2 support for fresh installs (February)
Outreach/messaging related to the above
Preparing for pilot closeout
"Export to VM" feature

3) Agree upon top 3 priorities for the next two weeks

Merge and release fedora-32 and Qubes 4.0.4 support for SecureDrop Workstation
Release version 0.4.0 of SecureDrop Client:

Support for seen/unseen
Design polish of source list layout per https://github.com/freedomofpress/securedrop-client/issues/1174

Merge testinfra support for Focal: https://github.com/freedomofpress/securedrop/issues/5509

4) Select and estimate tasks

https://docs.google.com/spreadsheets/d/1QKEqlaTazLSADpO1DZcUUNMXOvTubq2qtokmvoR4aJE/edit#gid=0

Provide feedback

Saved searches

Use saved searches to filter your results more quickly