Sprint Planning Meeting 2021 04 15
What we said we would do:
- Finalize and land key deliverables for potential SecureDrop 1.8.1 release
Goal fully met. All deliverables landed (plus HTTPS fix) and released as planned.
- Restore reproducibility for SecureDrop Workstation build artifacts and update documentation
Goal fully met. Reproducibility restored by switching to new build logic.
- Finalize design for SecureDrop Client Safe Deletion and begin implementation
Goal fully met. Design finalized (final prototype pending delivery by Nina), implementation/planning has begun.
Additional accomplishments
- ~12 SDs migrated to Ubuntu 20.04, some with our help
- Double-export bug fixed
- dom0 RPM now builds reproducibly and no longer uses Docker
- Several onion name updates
- Productive meeting with translator community
Other team comments
What worked well:
- Mickael helped a lot in the release process in a level there is no blocking at all.
- Point release geared toward smoothing out admin experience based on frequent testing + 1 to quick release
- Good feedback and development cycle on the reproducible wheels problem.+1
- Great meeting and feedback from translation community+1+1+1
What can be improved:
- keeping docs in sync for some areas
- +1 specifically the unattended-upgrades behavior should be more explicitly documented
- get rid of those xenial codepaths. Cancel Xenial.
What's still a puzzle:
-
there still seem to be some glitches during Focal installs (delays that not everyone sees) +1+1
- ACTION: more research/analysis required on fresh installs
-
should we maintain the molecule "upgrade" scenario for focal? currently not working (with the libvirt thing this seems like actually being "revise develompent enviromments in general for Focal" - which makes sense as there's also a docs part)
- John has Qubes support for upgrade WIP, let's spike and get a PR
- To retain libvirt support, we can use the vagrant/apt setup. Maybe port to Molecule for standard interface, drop Xenial support
- Remove virtualbox support everywhere. Team isn't using it. Was intended for mac support, but now we have containerized "make dev" for that
-
how to manage package builds in "securedrop" as we do in "securedrop-debian-packaging"?
- https://github.com/freedomofpress/securedrop/issues/5901
- ACTION: Conor/Kushal to add some more documentation re: build reproducibility rationale in wiki
- (Erik) Spent a couple of hours reading Qubes codebase re: current logic for updates of dom0 and domUs; Qubes' graphical updater
- (kev) No time for learning lately - original pwk lab time expires Fri so I've extended it.
- (Conor) And now for something completely different: building web-extensions in Firefox. Dug out the prior prototype work on e2e via openpgpjs.
- (kushal) Looked more into Python and Rust. Also learned more bash commands :)
- (mickael) no time for learning due to PTO
2021-04-20: Tails 4.18 release
After sprint period:
2021-04-30: Ubuntu 16.04 end-of-life
2021-05-18: Tails 4.19 release
2021-06-01: SecureDrop 2.0.0 - Removal of Ubuntu 16.04, v2 support
2021-06-30: SecureDrop Relese Key Expiry
PTO:
2021-04-15: Kev (1/2 day), Conor (1/2 day)
2021-04-16: Mickael, Jen, John
2021-04-23: Erik, maybe Conor
-
Complete first iteration of Safe Deletion for SecureDrop Client (ready for review status)
-
Revise SecureDrop threat model based on auditor recommendations
-
Remove Ubuntu 16.04 and v2 onion service support from SecureDrop Core
https://docs.google.com/spreadsheets/d/1iN7rzE80wya__ROhc7JoncNhQJ6uTQZpPyaODYwL0HE/edit#gid=0