Standup Notes 2020 11 24
Participants (alphabetical): Conor, Erik, Kevin, Kushal, Mickael, Nina, Ro
(Mickael) PR for Qt debug docs is ready for review, links Qt system libraries with debug symbols. I'm not sure, however, what useful information we can gain from these logs. It would be good for someone else to weigh in on whether this adds useful info for debugging, and to attempt to reproduce these instructions. The PR is:
https://github.com/freedomofpress/securedrop-client/pull/1089
(Kushal) I'll take a look!
(Mickael) Re: https://github.com/freedomofpress/securedrop-client/pull/1165, right now there is a discrepancy between the pyqt wheels fetched by pip and the system pyqt packages. One suggestion in that PR is to bundle a pyqt wheel as part of the Debian package. There are many implications (build process, code integrity, etc.) to that, wondering if folks have strong thoughts.
(Kushal) Another option to consider is pyside2 -- the official Python bindings for Qt. Micah is considering that for OnionShare. Major work is on the import statements.
(Mickael) What's the difference really?
(Kushal) Very different implementations; pyside2 is the officially supported version. Pyqt was always done by a separate company called Riverbank Computing. When Nokia bought Qt, they said we should release our own bindings.
(Erik) We have to ship Qt itself with deb package if we bundle PyQt?
(Kushal) Yes, that's why it goes to 100MB+. We could store it in our own mirror. Even with pyside2 we might end up doing the same thing.
(Erik) Let's discuss more with Allie; sounds like we may want to focus first on seeing if we can fix seen/unseen issues without major migration.
(Mickael) We should think about build & code integrity story as we make any changes here.
-
We're still in the sprint until EOD tomorrow. After that, we'll transition to a Kanban model through December.
-
We've populated the "Nominated for Kanban period" column with some high priority cards, but you're also welcome to advance other cards from the backlogs.
-
This is a temporary change to allow for some sustained attention to technical debt & known improvement opportunities.
-
Please use self-assignment judiciously to avoid stepping on each other's toes.
- +1 =)Yuuuppp
-
All findings are in comment https://github.com/freedomofpress/securedrop/issues/5635#issuecomment-732985479
-
(Mickael) Have you confirmed that messages are received by mon?
-
(Kushal) Not yet.
-
(Mickael) You can look at /var/log/ossec/alerts.log to confirm. Have you looked at upstream OSSEC to see how they handle the service files?
-
(Kushal) Last I looked I didn't find anything. One of the services related to OSSEC should run in app. ossec-agent or something?
-
(Mickael) Do we need a conditional in the test?
-
(Kushal) We can keep the same test I think.
-
(Conor) Sounds reasonable.
-
(Kushal) General note: Please write code comments explaining implementation specifics when writing tests.
Yesterday:
- 0.5.2 release
Today:
- First look at reproducible wheels https://github.com/freedomofpress/securedrop-debian-packaging/issues/196
- Reading up on OSSEC in Focal issue https://github.com/freedomofpress/securedrop/issues/5635#issuecomment-732985479
- Reading up on PyQT build issue https://github.com/freedomofpress/securedrop-client/pull/1089
Blockers or Asks:
- none
Yesterday:
- 0.5.2 testing & support
- UxR outreach (2 interviews lined up for next week, more in the works)
- Accounting/payroll fun
Today:
- Cont'd UxR outreach
- Back to git workshop prep & other technical work as time allows
Blockers or Asks: None
PTO
Yesterday:
- 0.5.2 release
- Tor UA detection update, based on Harris' findings
Today:
- Reviewing Mickael's Tor update PR. Failing CI, updater GUI tests are having issues. Maybe we can use a different Qt plugin for the tests.
- Reviewing John's PR QA loader script.
Blockers or Asks: None
Today:
-
Researched & Commented my thoughts on the https://github.com/freedomofpress/securedrop-client/pull/1165
-
OSSEC fingings https://github.com/freedomofpress/securedrop/issues/5635#issuecomment-732985479
Tomorrow:
- sprint tasks Blockers or Asks:
- None
Yesterday:
- As noted, Qt debug build PR is ready for review https://github.com/freedomofpress/securedrop-client/pull/1089
Today:
- Opened PR for CI issue; Kev will push commit to my PR
- Look again at PyQt issue for seen/unseen
Blockers or Asks: None
Yesterday:
- Meetings and comms
- Ansible/molecule/testinfra learning
- DST process meeting debrief + next steps
Today:
- https://github.com/freedomofpress/securedrop/pull/5330 ready for review but I did not run testinfra locally
- Support comms
- Continuing Redmine and Icinga cleanup
- Work through workstation provisioning (today or tomorrow)
Blockers or Asks:
- no blockers
- ask: if anyone sees any low-urgency