Standup Notes 2021 04 01

Participants (alphabetical): Allie, Conor, Erik, John, Kevin, Kushal, Ro

Top 3 priorities during 3/24-4/7 sprint

1. Finalize and land key deliverables for SecureDrop 1.8.1 release
2. Restore reproducibility for SecureDrop Workstation build artifacts; update docs
3. Finalize design for SecureDrop Client Safe Deletion and begin implementation

Topics and Call-outs

Reproducible wheels

• Kev solved git-lfs issue; this surfaced a new Python version mismatch w/ CI. Solved by building a new cython wheel.
• Kushal is requesting another round of review of https://github.com/freedomofpress/securedrop-debian-packaging/pull/238 to verify that results match his testing
• If this PR is merged, wheels need to be rebuilt and sha256sums updated
• Conor will do more testing/review on #238 today

Expected benefits of #238

we can ensure that the localwheels/*.whl files are built reproducibly, even when pip upgrades introduce breaking changes

we can potentially build the packages offline and without code execution

we can make CI faster, by installing the build deps from wheels, rather than building from source 

we avoid repetition of costly build times for packages with complex dependencies (e.g., cryptography)

we avoid a dependency on third party wheels, mitigating risk of supply-chain attacks

30 minute UX mtg today

• Walkthrough of Nina's Qubes app menu work

securedrop-export urllib update

upgrade boxes: let's use the vagrant/tails setup for 1.8.1

Allie

Yesterday:

• Finished reviewing John's PR
• Started debugging double export issue: https://github.com/freedomofpress/securedrop-export/issues/66

Today:

• UX meeeting on new Qubes designs
• Continue https://github.com/freedomofpress/securedrop-export/issues/66
• Review https://github.com/freedomofpress/securedrop/pull/5885

Blockers or Asks:

• None

Conor

Yesterday:

• upgrade boxes for focal spike, no working setup yet. disk problems in libvirt, possibly efi-related

Today:

• review reproducible wheels PR
• file follow-up issues related to reproducible wheels

Blockers or Asks:

Erik

Yesterday:

• Safe Deletion Client kick-off
• Still no repro on updater hangs

Today:

• Will poke at making updater & xfce script more resilient, even in the absence of a clean repro
• Phone screen for Internews fellowship
• Docs/support work

Blockers or Asks: None

John

Yesterday:

• finishing #5881
• meeting

Today:

• reviewing #5696 (JI delete user confirmation modal)
• trying to sort out the CI apparmor failures for #5878
• Upgrade scenario investigation

Blockers or Asks:

• qubes focal staging users: are you having consistent problems installing local copy of securedrop-grsec?

  • Conor may have an existing workaround and will poke around

Kev

Yesterday:

• logo backup PR
• reproducible wheels PR

Today:

• support issues
• cont'd work on disable-SSH-in-backups ; refreshing config on Tails as well

Blockers or Asks:

Kushal

Today:

• Updates to the reproducible wheels PR
• Trying to figure out a way to do everything on Debian Buster, so that we can verify new wheels in CI. Tomorrow:
• HOLIDAY !!!!! Blockers or Asks:
• None

Mickael

Time off

Ro

Yesterday:

Today:

Blockers or Asks: