Sprint Planning Meeting 2019 12 05

Sprint Planning Meeting, SecureDrop, December 5, 2019

Sprint timeframe: Beginning of Day (PST) 2019-12-05 to End of Day (PST) 2019-12-18

0) Retrospective

What we said we would do:

• SecureDrop Core: Successful release of SecureDrop 1.2.0 with no issues on supported hardware

Sprint goal fully met: SecureDrop 1.2.0 released with no detected or reported outages

• SecureDrop Workstation: Complete transition to Debian Buster

Sprint goal fully met: Buster transition completed as of 12/5, including nightly builds. Stretch support can be removed in a month or so.

• SecureDrop Workstation: Complete iteration of export acceptable for beta (UI may still be in unpolished state)

Sprint goal partially met: Auto-attachment PR close to landing, messaging updates close to landing. Bugfixes, upstream device widget PR, and refactoring pending.

Additional accomplishments:

• Landed improvements to SecureDrop Workstation updater logic: sd-svs-disp upgrade now enforced on login, cron job limited to SD Workstation templates
• Landed improvements to make clean for SecureDrop Workstation, restoring system state more closely to pre-install config
• Landed initial print integration: you'll now see a print button next to a document, should work w/ supported LaserJet/Brother printer
• Landed functional tests for new feature to make submissions disallowable (community PR by DrGFreeman)
• Landed bugfix for admin UI checkbox labels (community PR by DrGFreeman)
• Updated Tails network hook to use Python 3

Other observations:

What went well:

• we had peeps do new roles for the release which was a great learning experience all around, we should keep rotating responsibilities for the sake of knowledge sharing
  • +1 ^ coordination in new roles was a great exercise, let's keep doing it!
• finally have some working upgrade-in-place logic for the tricky template updates. great to have this in before pilot!
• Ro helped Allie do QA for the first time and it was a lot of fun!+1 great to have cross-team support on fillin' in that matrix
• QA process being documented in confluence -- as a newbie (ro) helps to have this stuff written down somewhere
  • (Erik) ACTION: maybe move to SD wiki

What can be improved:

• could standardize and document the process for building debs and capturing build logs, this is a minor point tho as the build process is pretty clean overall

  • this is written a bit in https://github.com/freedomofpress/securedrop/wiki/Build-logs#what-should-be-saved but might need fleshing out

• Reaching out to other open source translation teams (say gnome+kde+fedora+debian) for helping out in our translation.

  • I'm concerned about the extra work of coordinating disparate teams; we do need more i18n resources to make the release cycle more reliable, but it's a lot of work that Erin saves us.

• kernel packages were missing from prod lfs PR initially, not sure what to do about this, some kind of dependency checker?

  • ^ not the first time that particular omission has been made. rather than tests, a checklist might help.
  • on second thought, we could indeed write tests...

• ^ Create a Release ticket checklist for release day to prepare git-lfs branch for deb packages: remove old kernels, and linux-image and tor debs (if required)

• ACTION: document current process for adding production debs to the repo

• potential ACTION: add tests in the lfs repo to ensure that if e.g. grsec deb is added but linux-headers is missing, a test fails

• potential ACTION: upload kernels prior to release

What's still a puzzle:

• triaging/labelling of pull requests (we do this very well for issues, but we could apply for PRs as well)
• also compare cpython auto-labeling: https://github.com/python/cpython
• potential ACTION: revisit Bill Budington's previous implementation for auto-labeling PRs based on what code paths they touch

1) Review important dates and time commitments

2019-12-16 to 2019-12-22: Travel: Conor in Philadelphia
2019-12-13              : John 1/2 day PTO

After sprint period:

2019-12-19 to 2020-01-08: Kanban mode: Work still organized on the board, but without a sprint plan.
2019-12-24 to 2020-01-01: FPF closed over the holidays; emergency coverage: https://docs.google.com/spreadsheets/d/1CGo75HCtbqxcqpI4IX4Fai15ClI78HL5oRqTlMkyxW8/edit#gid=0

2020-01-07              : Tails 4.2; no SecureDrop release
2020-02-11              : SecureDrop 1.3.0 (TENTATIVE)

Time check: https://docs.google.com/spreadsheets/d/1Sw6fKHFOWPR7pgnbBATcnQq_8p5Z2R9GxlDx5vPYUX8/edit#gid=0

Also see:

• Workstation Beta timeline: https://docs.google.com/spreadsheets/d/1cCPzwr70p_HZZroP3oNURsjRyzoVYsqU9aqc_mBWfwc/edit#gid=0
• Client User Stories: https://docs.google.com/spreadsheets/d/1DQEQp-0e6zN-pCPa0qqY-MGtmpc2SN5mzUsR4nEkpCQ/edit#gid=0

2) Agree on must-achieve sprint goals

• SecureDrop Workstation: Move off Whonix 14 EOL templates

Critical deliverable for the pilot to ensure we're not running EOL templates

• SecureDrop Workstation: Complete iteration of print/export acceptable for beta (UI may still be in unpolished state)

Out of scope for this sprint: finalizing dialog designs, help screens

• SecureDrop Workstation: Complete iteration of global network error handling acceptable for beta

In scope for this sprint: handling metadata syncs, deletion via the queue; fixing proxy exception handling for more consistent error message/retry behavior; reply-level error indicators

Out of scope for this sprint: reply-level retries/deletion

3) Task selection and estimation

https://docs.google.com/spreadsheets/d/1PyAeXOWo9p8APApYPQkEcrRIazZaUqyoO8KeZl-x74E/edit#gid=0