Skip to content

Sprint Planning Meeting 2021 09 29

Erik Moeller edited this page Sep 29, 2021 · 1 revision

Sprint Planning Meeting, SecureDrop, 2021-09-29

Sprint timeframe: Beginning of Day (PDT) 2021-09-29 to Beginning of Day (PDT) 2021-10-13

1) Retrospective

Previous sprint priorities:

  • Review key changes for SecureDrop 2.1.0, with priority on community PRs (2FA improvements, scrypt/session management)

    • Above changes have landed, and we are considering an additional fix to help journalists/admins with Tails updates
  • Land CI performance improvements and fixes, including moving staging-test-with-rebase to nightly & release branches

    • Significant CI improvements, including improved test parallelization
  • Finish bugfixes/QA and aim to release SecureDrop Client 0.5.0

    • Bugfixes still in progress; Allie/Conor have been pairing on resolving

Other accomplishments:

  • Landed first round of accessibility improvements, focusing on SecureDrop Source Interface
  • Fixed issue with staging environment failing during multiple provisioning runs
  • Created a more prod-like development environment for SecureDrop Client on Debian systems/VMs
  • Landed SecureDrop Client translation workflow changes, some infra changes (and actual translation workflow rollout) still pending
  • Dependency updates across the board
  • Hiring, hiring, hiring!
  • We received a $5.8M multi-year grant largely dedicated to the future of SecureDrop, a huge step in the project's long term sustainability and technical viability.

Other team comments & learning time notes:

  • Big thanks to Kushal for his time @ FPF and for staying on as a SecureDrop maintainer!

  • Proposal: Let's explicitly agree to slow down release cadance a bit after next round of releases.+1

    • Kev: Some concern around build-up of work -> longer testing cycles.

    • Conor: Good point! If we merge complex changes, that will balloon testing obligations. Let's be mindful of complexity of changes we are merging.

    • Ro: Are you proposing that entire dev cycle be slowed so that we're not merging tons of stuff and letting it pile up, or that we release less frequently?

    • Conor: Both.

    • Erik: Recommend we do a quarterly planning check-in soon.

    • Kev: We've previously said every second Tails release before.

    • Conor: I would suggest explicitly decoupling from Tails schedule for now.

    • Kev: In favor of being mindful of when to release, but want to make sure we do releases, which will help everyone get up to speed.

    • Allie: In favor of slowing down a bit for now. Acknowledging reality.

    • Agreement for now: We will be more explicitly discussing release schedules and obligations, with an eye to team capacity.

  • Learning time: Great Rust content in the #learning channel recently, thank you to all contributing there. -Conor

  • cfm learning time: Little bit of Rust; recently mostly Terraforming QA environments (https://github.com/cfm/terraform-metal-securedrop-production). :-)

  • Thanks to Allie for making a lot of time for pairing (in addition to onboarding and hiring meetings!). Really helping to orient me on client/qt dev -Conor

  • Moving a google doc or sheet to a shared folder is hard +1

  • Thank you guys for taking the time for onboarding!!! I've participated in some amazing walkthroughs :) <3

2) Key dates and time commitments

2021-09-29              : SecureDrop 2.1.0 branch cut: QA / feature freeze
2021-09-30              : Abigail's first (half-)day as Newsroom Services Coordinator

October                 : Outreachy contribution period (if we are approved)

2021-09-30 to 2021-10-01: PTO: Allie
2021-10-01              : PTO: Erik
2021-10-04              : Allie switches to 3*10 schedule
2021-10-05              : Tails 4.23 release
2021-10-06              : SecureDrop 2.1.0 pre-release announcement
2021-10-08              : PTO: Erik
2021-10-11              : US/Canada: Holiday (Indigenous People's Day / Thanksgiving)
2021-10-13              : SecureDrop 2.1.0 release [maybe defer to Thursday given ^^]

Past sprint period:

2021-10-15 to 2021-10-18: PTO: Conor
2021-10-25 to 2021-10-29: cfm reduced availability (TBD)
2021-10-15 to 2021-11-15: PTO: Ro
Sometime in October     : Erik travels to Canada, for reals

3) Top priorities

Release-specific discussion

  • Testing of session management

    • In initial testing, we hit some issues when there were multiple wsgi worker processes running. Will add specific steps to the test plan for that.
  • Testing TLSv1.3 changes

    • Change by evilalive. Requires that server is set up with HTTPS enabled, for which we have a helper script - will add notes to the test plan.
  • Testing new 2FA secret length

    • Also evilalive change. Should be backwards-compatible -- existing 2FA secrets should still work, but new secrets will be longer, and corresponding QR code will be larger.

    • requires docs screenshots run

Task selection and estimation

https://github.com/orgs/freedomofpress/projects/1

Clone this wiki locally