Sprint Planning Meeting 2021 06 03
Erik Moeller edited this page Jun 3, 2021
·
1 revision
What we said we would do:
- Safe Deletion: Land first iteration PR with minimal UX; land API for change for 2.0.0
Goal partially met. API landed, SDK changes & Client Changes are very far along and PRs will be ready for review soon.
- Keyring update: Deliver signing key update (round 1) to SecureDrop Workstation users
Goal fully met. SecureDrop Workstation 0.5.4 RPM was released, which includes the new key and other changes that have landed in main.
- Prep for 2.0.0: Complete release blockers for SD 2.0.0
Goal partially met.
- API for Safe Deletion landed: https://github.com/freedomofpress/securedrop/pull/5964
- Cryptography updated landed: https://github.com/freedomofpress/securedrop/pull/5964
- tailsconfig fixes landed: https://github.com/freedomofpress/securedrop/pull/5965
- Other changes still pending.
Other team comments
What worked well:
- New signing key delivered to Workstation (both dom0 & domU)
- Good coordination with Tor, re: HTTPS-Everywhere Onion Names ruleset key rotation
- Piecemeal inclusion of rust bits into the build logic+1+1
- good coordination on review of potential Babel security issue +1
- Let's improve our process on moving things from internal to public repos
- Overall, team coordination has been pretty tight! Passing review back and forth, collaborating on fixes
- Wire release channel is useful for hand-offs and updates (just need to transfer some major updates to the tracking issue)
What can be improved:
- Work on 0.5.4 uncovered complexity in our signing key story (key being shipped to sys-firewall) that can potentially be simplified
- Release tracking issues are helpful but we could add more organization around order of operations and keeping the tracking issue up-to-date with the status of all the moving parts
- Potential ACTION: Reorganize the messy README into clearer dev/maintainer docs
- We have to get the debian package build streamlined like the workstation
What's still a puzzle:
- Tails Admin Workstation needs cryptography updates, which implies rustlang requirement. What do? (Install wheel, I can get the sha256sums verified from the maintainers' laptop) +1+1
- What does diff review look like for the cryptography wheel? can you compare the shipped 3.4.7 wheel to the previously-reviewed tarball? <-- bam. the .so or whatever other binaries won't have a point of comparison, though
- How often is qubes rpm repo down? +1 good question, we should add that to internal monitoring, i'll open a ticket (done)
- Potential ACTION: Can the updater itself be smarter?
Learning time debrief
- Kushal: Read back over Rust code I wrote to re-familiarize myself with it
- Review key dates and time commitments
2021-06-08 : SecureDrop 2.0.0 feature freeze
2021-06-04 : PTO: Erik
2021-06-14 to 2021-06-25: PTO: Conor
After sprint period:
(TBD) : Conor reduced availability during the summer
2021-06-22 : SecureDrop 2.0.0 release
2021-06-30 : SecureDrop Legacy Release Key Expires
TBD : SecureDrop Workstation component releases (Client, SDK, Export)
2021-07-28 to 2021-07-29: SecureDrop Summit
- 2021-06-23 to 2021-06-25: John PTO
- 2021-07-12 -> 2021-07-16: KOG PTO
- 2021-07-29 -> 2021-08-03: cfm UPTO (will clear/coordinate with Erik) ~ August/September : Erik's trip to Canada?
- Someday : Kushal wants to run away from India
- Ro: ? time off in the summer (~2 wk depending on others' schedules) ~early/mid august for ~2 weeks: PTO: Allie
Let's chat briefly about summer PTO plans & SecureDrop Summit
- Land Safe Deletion support for SecureDrop Client and associated SDK changes
- Land remaining release blockers for SecureDrop 2.0.0 and begin QA
- Organize knowledge-shares focused on:
- CI improvement opportunities (collaboration w/ infra)
- SecureDrop Workstation provisioning logic2
Project board: https://github.com/orgs/freedomofpress/projects/1