-
Notifications
You must be signed in to change notification settings - Fork 686
Sprint Planning Meeting 2020 09 17
What we said we would do:
- Template consolidation
- Complete consolidation of MIME type handling
- Spike: Create a working branch & draft PR with small/large template provisioning logic (scoped to creation of the templates only, side-by-side with existing templates, we can record/open issues for any unforseen followup)
Sprint goal met: Some leftover work for securedrop-proxy MIME type handling, but exceeded goals of spike (got basic client functionality working)
- Seen/unseen
Complete server-side requirements in preparation for 1.6.0 release:
- Migration to new architecture: https://github.com/freedomofpress/securedrop/issues/5474
- New API endpoints: https://github.com/freedomofpress/securedrop/issues/5475
Sprint goal partially met: Both changes are still being worked on, but quite far along.
- Ubuntu 20.04 transition
- Provide tor, linux kernel, ossec, and securedrop packages for Focal via apt-test
-
make fetch-tor-debs
to pull both Xenial and Focal tor debs - Land initial work on packaging and
make staging-focal
target
Sprint goal partially met: Landed work on staging target and updated make fetch-tor-debs
. apt-test still missing core packages for Focal; staging environment not yet using grsec kernel.
Additional accomplishments
-
Emerging agreements & ad hoc user research regarding journalist account management, to resolve longstanding issues like https://github.com/freedomofpress/securedrop-client/issues/1143 and ensure we properly sync the client database
-
We now control the version of setuptools that's used in our build system, which should prevent sudden regressions due to setuptools changes. See https://github.com/freedomofpress/securedrop/pull/5484
-
Productive backlog grooming sessions, thanks much to Joan for helping with prep
-
Good progress towards standalone docs repo with cleaned up repo history & LFS: https://github.com/freedomofpress/securedrop-docs
-
We've added new Tor packages for 1.6.0: https://github.com/freedomofpress/securedrop-dev-packages-lfs/pull/63
Other team comments
What worked well:
- (Erik) I feel we're getting better at ad hoc small group technical & scoping sessions without overloading everyone's calendar +3
- (mickael) Good progress and documentation of complex research tasks (seen/unseen, template consolidation, focal, setuptools, deletion, reproducible builds) -- quite a few productive brainstorming/design sessions lately, and the collaboration has been really nice.+1+1+1+1
- (kushal) We did good work (with proper handovers) on the setuptools issue, a lot of research/tries were done for that. +1
What can be improved:
-
(kushal) Kernel/grsec, why and how still can be documented beter.referring to build or installation?(both)fair enough
-
We use slightly different tools for same purpose, e.g. paxctl vs paxctld +1
- Let's add https://github.com/freedomofpress/securedrop/issues/4134 to a future sprint
-
not any time soon, but each OS upgrade points out how messy SD core packaging/testing is -- some configuration happens only via Ansible, some in package installation, the Ansible/Molecule inclusion is kind of a rat's nest ... we could use a push to try to buy down that technical debt.+1000000000000000000001+1
-
(Mickael) Perhaps we can combine cleanup work with reproducibility improvements. Would it be useful to separate out the build code a bit more?
-
(John) We were talking about adapting the split strategy from the SecureDrop Workstation from core. A refactoring spike to identify logic that's redundant or could be pulled into an include -- cleanup the directory structure, organize things better.
- sometimes helps to have fresh eyes and more folks looking at the same code and processes
-
(Kev) We may be able to reorganize as part ofupcoming Focal switch.
-
another taking-stock kind of spike: evaluating the server-side database. Allie discovered that we're not enforcing referential integrity, after all these years. we could just review the schema, with an eye to catching things like lack of unique constraints, or things that have been incompletely considered or aren't aging well, like journalist deletion.
-
There's also a database schema diagram that could probably use an update
-
There's so much already that we could start prioritizing (we have github issues and project cards on the board) and the more eyes we have on architecture the better it'll be.
-
What's still a puzzle:
- molecule + Vagrant+ libvirt is PAIN.
- rpm build process isn't easily reproducible, more learning time required
- sometimes python packaging can surprise us
Learning time debrief
(Erik) Reading through Qt5 book, identifying some first small areas of improvement in client codebase. This is the book: https://www.learnpyqt.com/pyqt5-book/#the-book <- it's CC-BY-NC-SA; shared a copy over on #learning
(Conor) Explored reproducible build tooling for .rpm packages, rather than .deb packages. Comparatively foreign, so didn't achieve deterministic builds, but get more comfortable with python -> rpm in general
(Kev, Mickael) learning time fail last Fri :(
(kushal) a lot of network calls
(John) a tiny bit more reading about GitHub/Google APIs for tracker automation, but no code yet
PTO check-in:
2020-09-18 : PTO: Mickael (0.5 days)
2020-09-21 : Go/no-go check-in on 1.6.0 schedule
2020-09-22 : SecureDrop 1.6.0 QA Begins [pending above]
Tails 4.11 release (we'll do a bulk announcement)
PTO: Conor (0.5 days)
CfP deadline for GitHub Universe
https://githubuniverse.com/
2020-09-25 : FPF Holiday
After sprint period:
2020-10-02 : FPF Holiday
2020-10-06 : SecureDrop 1.6.0 Release [pending above]
2020-10-26 : Threat model discussions with auditors begin
2020-11-16 : SecureDrop Workstation audit begins
- Land critical changes for SecureDrop 1.6.0 and test them extensively.
- Server-side changes for seen/unseen. Need to ensure clean migration for long-running instances
- Land preparatory changes to complete template consolidation in the next sprint.
- See breakdown in https://github.com/freedomofpress/securedrop-workstation/issues/471
- Switch staging environment for Ubuntu 20.04 to grsec-patched kernel
https://docs.google.com/spreadsheets/d/1nUXrlIqpB7_dcqsncevBBBcmf_iHQikzi5aDJHrJkC4/edit#gid=0