Skip to content

Sprint Planning Meeting 2022 01 05

Jump to bottom
Erik Moeller edited this page Jan 19, 2022 · 1 revision

Sprint Planning Meeting, SecureDrop, 2022-01-05

Sprint timeframe: Mid-Day (PST) 2022-01-05 to Mid-Day (PST) 2022-01-19

0) Welcome new team members: Kunal & Giulio

1) Roadmap review

Proposed Q1 priorities

Must-do:

SecureDrop Workstation:

  • Deletion performance improvements [pending PR]
  • Deleted user cleanup (potentially dependent on server changes)
  • "Download conversation" [pending draft PR]
  • Updater: network error handling [pending PR], "Update now" reminder [merged]
  • Qubes 4.1 readiness [initial findings in issue]

SecureDrop Server:

  • 2.2.0 release. Merged changes plus:

    • Flask update
    • JI accessibility improvements [pending PR] + incremental follow-up refinements
    • "Deleted" placeholder user

  • NUC11 hardware support (can be done independently of 2.2.0 if needed)

  • Feature branch for Source Interface "inverted flow" (phase 1)

    • SI User research for inverted flow. :)

Stretch goals:

SecureDrop Workstation:

  • Read receipts
  • "Remember passphrase" for exports
  • VeraCrypt support
  • Launch SecureDrop Client translation (by Jan 31 per Internews BASICS fellowship)

Research:

  • E2EE encryption options; PGP pre-encryption via JS
  • User testing of "inverted flow" for Source Interface

SecureDrop Server:

  • Threat model discussion regarding JavaScript use in the Source Interface
  • Build automation & reproducibility improvements
  • Code formatting standardization

2) Previous sprint priorities

  • SecureDrop Workstation: Release SecureDrop Client 0.5.0

Current state: completed.

  • SecureDrop Server: Prepare update of Flask to version 2.0, along with associated requirements

Current state: mypy preparatory work close to completion, changes to error handling pending

  • SecureDrop Workstation: Implement "Download all files for a given Source" and finalize scope and UX for "Export all" MVP

Current state: Draft PR open: https://github.com/freedomofpress/securedrop-client/pull/1388

3) Key dates and time commitments

Work schedule notes:

  • Erik and Conor alternating 48+PTO / 410, always off Fridays
  • Allie still on 3*10, Mo-Wed
  • Gonzalo still on 3*8, Mo-Wed
  • Ro still Mo-Thu, ~8-10 per day
  • Cory 4*~10 Mon–Thu
  • Giulio TBD, ~10-15 hours/week
2022-01-05  : Kunal's & Giulio's first day
2022-01-06  : Orientation session: Tooling & repos overview
2022-01-10  : Orientation session: SecureDrop threat model
2022-01-17  : US Holiday: MLK Day
2022-01-18  : Orientation session: Release process

[to be scheduled]: Orientation session: SecureDrop server code

After sprint:

2022-01-25  : Orientation session: SecureDrop Workstation code
late January: SecureDrop Workstation RPM release (updater improvements)
            : SecureDrop Client release (source deletion performance, updater)
2022-01-31  : Internews BASICS fellowship ends; cfm out Feb 1–14
2022-02-08  : Tails 4.27 release - potential SD 2.2.0 release date

4) Next sprint priorities

  • Complete a time-boxed Qubes 4.1 RC3+ compatibility spike

Rationale: We may be close to a final release for Qubes 4.1, and we won't want existing users to sit on 4.0.4 for too long to ensure they receive security updates.

  • Complete upgrade of Flask and associated requirements

Rationale: Addressing longstanding technical debt and unblocking future security updates

  • Get "Download conversation" feature for SecureDrop Client to "Ready for review"

Rationale: On critical path for "Export all", which is a high priority for user convenience.

5) Task selection

https://github.com/orgs/freedomofpress/projects/1

Clone this wiki locally