-
Notifications
You must be signed in to change notification settings - Fork 685
Sprint Planning Meeting 2022 03 30
Erik Moeller edited this page Mar 30, 2022
·
7 revisions
- Complete QA for SecureDrop 2.3.0 and release it
Current state: Released with one day delay to allow for additional translations
- Get Qubes 4.1 compatibility PR to be ready for review, including full test plan
Current state: PR is in great shape and ready for further testing
What worked well:
- Server/Client hangouts, including focused architectural discussions on the agenda (+1+1+1)
- From a mostly outider's perspective, the server release seemed really smooth and well-organized with lots of participation still
- Release-day troubleshooting was responsive and supportive (+1)
- Rolling PR reviews and merging, feels like a good rhythm (at least on the server side) (+1)
- CoverDrop chat was nice, good discussion (+1+1+1)
- [cfm] I have another team in mind that might be interested in talking with us if we're interested back (will mention out of band).
What can be improved:
- Translation coordination. We're lagging behind on a few target languages despite Localization Lab's considerable outreach efforts. +1+1
- [l10n] securedrop#{6156,6366} compel us to revisit the "language-support lifecycle". → cfm is happy to take point on these this sprint + check in with Localization Lab.
- Because i18n changes were only merged at the very last minute, issues spotted had to be dealt with under release pressure rather than standard process. +1
- Which i18n change specifically? The fix for the gettext() invocation? (Yes, and the missing message.)
- Perhaps we need to more systematically review that all expected strings end up in Weblate?
- [i18n] Server source strings are susceptible to trivial code errors (that we've made progress in catching in the Client via Semgrep :-) in securedrop-client#1272).
- [i18n] The more-aggressive approach here would be the "developers write strings in Pig Latin" approach we've discussed previously. Eep!
- Late game discovery of 405-error bug related to language change on /generate - great it was found, but perhaps indicates that we were a bit too ambitious in scope of changes for this release?
What's still a mystery:
- For translations, should we continue to use Weblate, or switch to Transifex? (The latter is more commonly used by orgs that LL works with.)+1
- For Qubes 4.1 migration, do plan to recommend full reinstall, or upgrade in place? (More testing required to make a call.)
- qubes in-place upgrade was pretty smooth for me, but haven't spent time testing https://github.com/freedomofpress/securedrop-workstation/pull/751 or troubleshooting sdw issues yet
- Erik alternating
4*8+PTO/4*10, always off Fridays - Conor ~4*8 until April 30
- Cory @ 4*10 Mon-Thu
- Allie @ 3*10 Mon-Wed
- Ro @ ~4*8-10 Mon-Thu
- Giulio ~20 hours/week (temporary increase)
- Gonzalo on break through March
- Michael off April 13+14 (buffer+travel)
- Ro ? some PTO in late April or May, TBD
2022-04-04: Tina's first day
2022-04-05: Tails 4.29 released
QA kick-off for SecureDrop Workstation releases
2022-04-07 - 2022-04-12: cfm offline (PTO + 4*10 offsetting)
2022-04-12: SecureDrop Workstation releases
- Vulnerabilities triage: Ro
- Support triage: Kev
Rationale: Precondition for the "flow inversion" work, which itself is expected to significantly simplify the user authentication story for sources.
- Michael, Kev, Kunal
- cfm available to chat about accessibility/screen-reader considerations
Follow up with news organizations regarding spam mitigation and spam survey responses. That includes: encouraging folks to try new features & report results; clarifying questions re: survey.
Rationale: Deletion performance continues to be a significant pain point for end users; faster deletion can help mitigate spam.
- Kev, Abigail, Michael, (Erik - but don't schedule around me)
- Allie, Ro, Cory, Erik (QA)
Prioritization for changes yet to land:
- Highest: Deletion performance improvement
- High: Token reuse on logout/login
Rationale: This will be our first set of releases following the new "release train" model, which will always take priority over non-critical ongoing work.