Sprint Planning Meeting 2020 05 06

Sprint Planning Meeting, SecureDrop, May 6, 2020

Sprint timeframe: Beginning of Day (PDT) 2020-05-06 to Beginning of Day (PDT) 2020-05-20

0) Release Check-in and Retrospective

SecureDrop 1.3.0 Check-In

RC2 testing in progress (Ro, Mickael, Kev, Kushal)
test plan and QA Matrix updated (each RC has its own worksheet now! exciting times)
Pre-release messaging done
New Tails version out today, 4.6, probably should split further testing between it and 4.5
New release bug: https://github.com/freedomofpress/securedrop/issues/5232 - do we need to make deleted an invalid journalist name?
- only effects the client, but we do check by uuid on the client side and the username is only used for display in the UI. the uuid is also deleted client-side so that can be used to distinguish "journalist user named themselves deleted" and "this is a journalist user was deleted".
- We use uuid for uniqueness, but having reserved usernames will create a bit more safe space for future.
- Agreed to defer to 1.4.0
New non-release bug: https://github.com/freedomofpress/securedrop/issues/5233 - mass deletes can fail leaving system in inconsistent state - will investigate but defer to 1.4.0

Retrospective

What we said we would do:

QA & release SecureDrop 1.3.0 including all agreed upon changes.

Goal partially met. - Given scope of the release, we agreed early to add a week to the QA period. - We're at RC2 and on track for a release per revised schedule, including all agreed upon changes.

Get SecureDrop Client (incl. SDK/Proxy) release-ready with, at minimum, the following changes:
- current master
- copy & paste solution
- text wrapping solution
- missing submission key handling solution

Release-ready means that we can start the QA process on nightlies, but may not cut a release yet.

Goal partially met. - SDK was released - missing submission key handling change was merged - text selection/copy & paste support was merged - "wipe clipboard after login" change was merged - text wrapping change was deferred as impact is more narrow than initially understood - QA has not started yet

Get SecureDrop Workstation release-ready with, at minimum, the following changes:
- current master
- Copy & Paste RPC policy change

Release-ready means that we can start the QA process on nightlies, but may not cut a release yet.

Goal met.

RPC policy change was merged
QA has not started yet

Other notable accomplishments:

Good progress towards separating CSS out and making stylesheet changes testable
Productive conversations w/ Tor re: HTTPSEverywhere integration & potential future UX collab
Collaborated w/ fundraising team on submission of major SD-related grant proposals

Other team comments:

What worked well:

We have really good test plans, compared to many other projects. +2 (the shade!)
Lots of collaboration around GUI issues
Fielding pilot feedback among the group has been a pleasant experience
Good scope/quantity of tasks for this sprint

What can be improved:

More automation of QA testing would be grand +1+2
replacing/augmenting basic testing with testinfra reuse has been on todo list for a while, could try for 1.4.0
- https://github.com/freedomofpress/securedrop/issues/4216 also https://github.com/freedomofpress/securedrop/issues/4846
- API testing needs work
  - Consider development of integration API tests
  - Consider tools like openapi/swagger
    - replacing basic application acceptance testing with existing functional test suite
    - Upgrade testing molecule scenario for core still needs a bit of attention
  - Weblate showing some rough edges, John has been v helpful in suggesting improvements and upgrades
  - We need more GUI testing to catch regressions that are hard to spot
  - We should add in our client docs how to compile PyQt from source in debug mode so that we can figure out if an issue is upstream or not

ACTION: More testing/automation focus for SD 1.4.0

What's still a puzzle:

Are the active pilot participants sufficiently representative of our target users/orgs?
- (Some discussion about this, agreement that we need to reach a broader set of participants soon)

1) Review important dates and time commitments

2020-05-12              : SecureDrop 1.3.0 Release
2020-05-18              : Holiday (Canada): Victoria/Patriot's Day (Mickael, Kev, Ro)
2020-05-19              : Potential SecureDrop Client/Proxy Release
2020-05-18 to 2020-05-22: Training: Kushal - not available for SecureDrop

Time check: https://docs.google.com/spreadsheets/d/11ZwrRNieJfTUGNMfxqDNpgsLGozdGzyda39ljcfSGco/edit#gid=0

2) Agree on goals for this sprint

Must-achieve sprint goals:

Release SecureDrop 1.3.0
QA and release SecureDrop Client 0.2.0 and SecureDrop Proxy 0.3.0
Get a fedora-31 PR close to release-ready

3) Task selection and estimation

https://docs.google.com/spreadsheets/d/1h2rn6Lx4eH-kxuAkTHF2oe-SRsUx-Bk8toXIIH0hTgA/edit#gid=0

Sprint Planning Meeting 2020 05 06

Sprint Planning Meeting, SecureDrop, May 6, 2020

Sprint timeframe: Beginning of Day (PDT) 2020-05-06 to Beginning of Day (PDT) 2020-05-20

0) Release Check-in and Retrospective

SecureDrop 1.3.0 Check-In

Retrospective

1) Review important dates and time commitments

2) Agree on goals for this sprint

3) Task selection and estimation

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!