-
Notifications
You must be signed in to change notification settings - Fork 685
Standup Notes 2020 04 21
Erik Moeller edited this page Apr 23, 2020
·
1 revision
Participants (alphabetical): Allie, Erik, Jen, John, Kevin, Kushal, Mickael, Nina, Ro
-
OpenSSL fix today
- Are Xenial versions affected? https://mta.openssl.org/pipermail/openssl-announce/2020-April/000170.html
- Mickael: No, version shipped by Xenial is not vulnerable. Debian Buster is affected but we don't use OpenSSL termination in our uses of Buster.
-
SecureDrop 1.3.0
- OSSEC update: https://github.com/freedomofpress/securedrop/pull/5196 (Mickael reviewing)
- Ansible update: https://github.com/freedomofpress/securedrop/pull/5199 (Mickael reviewing)
- Tor language/UX tweaks: merged
- Kernel update: merged
- Key cache for SecureDrop Workstation: merged
- Tor update: merged
-
SecureDrop Client 0.2.0
- Gracefully handle missing submission key: Ready for review - https://github.com/freedomofpress/securedrop-client/pull/1059 (Allie reviewing)
- Don't cut off long strings / makes messages/replies selectable: WIP - https://github.com/freedomofpress/securedrop-client/pull/1050 (Jen, Allie, Kushal collaborating)
- Reduce timeout errors: merged
-
SecureDrop Workstation RPM 0.3.0
- Copy & paste RPC policy PR: Under review - https://github.com/freedomofpress/securedrop-workstation/pull/528 (Mickael is reviewing)
- Avoid use of qvm-kill due to libxenlight issue: Ready for review - https://github.com/freedomofpress/securedrop-workstation/pull/534
- Mitigate "Failed to resolve" issue during install: https://github.com/freedomofpress/securedrop-workstation/pull/535 - Ready for review
- Single stage updater: Ready for review - https://github.com/freedomofpress/securedrop-workstation/pull/528
- Gentle shutdown of sys-usb: merged
- Clear Salt cache before securedrop-admin operations : merged
-
Test input & acceptance criteria for message/reply bubbles in SecureDrop Client
- Allie: I have a set of strings that I've been using during development - will post to GitHub wiki
- Jen: Looks like scrollbars no longer appear if we reset padding to original value
-
API performance
- Kushal: Asked team members about what major perf issues are; everyone pointed out that sync performance is a major issue. In my own testing, I notice Apache timeouts at >1500 sources for get_sources endpoint. Fingerprint retrieval is fast thanks to key cache; looking up submissions for each source is not -- lots of SQL queries. (Calculating numbers of messages and documents.)
Yesterday:
- PR #1050 (messages/reply bubble wrap) - found a way to calculate height of textedits based on the pixel length of the text of each block using horizontalAdvance. Figured out that setting a QFont onthe SecureQPlainTextEdit class (instead of setting the font using stylesheets) was a way to get precise measurements, which we can also use for our get_elided_text function that we use for Filenames and preview snippets. See comments I made about my progress for more details: https://github.com/freedomofpress/securedrop-client/pull/1050/#issuecomment-616757329
Today:
- Review John's PR re: lack of submission key
- Continue on #1050, write unit tests for all of our test data (which I will ask others to contribute to in the wiki - will share via slack) to test for regregressions.
Blockers or Asks: None
Yesterday:
- Backlog review and sprint prep
- Re-scoped copy & paste PR to just sd-app; updated docs
- Prelim testing of John's PR for #140 in Docker env
Today:
- Cont'd sprint prep
- Copy & paste follow-up: move tag cleanup into
sd-clean-all - Chat with SimplySecure about collab opportunities
- UX catch-up w/ Nina
- Qubes testing if time allows
Blockers or Asks: None
Yesterday:
- Looked at the copy/paste RPC policy PR and commented
- I just pushed two commits to the PR 1050 which I think is very close, I have another locally with test additions (adding some of the QLabel tests to the new class we're using for which I'll push up when github is complying) to try to catch regressions
Today:
- After meetings, happy to help review either for 1.3.0 server release or client, will also ping folks for RM/LM assignments for the 1.3.0 release later, ping me if you want to volunteer for one of those roles
- Otherwise after meetings I'm going to stay on 1050 either review or helping investigate issues
Blockers or Asks:
- None
Yesterday:
- Ansible update
Today:
- Finishing Ansible update (publishing diff review, signed hashes)
- https://github.com/freedomofpress/securedrop-client/issues/1008 (ensuring scheduler runs for adding 1000 sources)
- Learning how to pronounce "elide"
Blockers or Asks:
- Just the Ansible update review
Yesterday:
- Get PR OSSEC ready
Today:
- Poking at changes for how we publish docs for SD core
Blockers or Asks: None
Today:
- https://github.com/freedomofpress/securedrop-client/pull/1050/ testing with the strings, i posted the test strings with wrong UI screenshot in the issue
- https://github.com/freedomofpress/securedrop-client/issues/1025#issuecomment-617097660 Testing API performace drawbacks
Tomorrow:
Blockers or Asks: None
Yesterday:
- Reviewed/approved OSSEC pr https://github.com/freedomofpress/securedrop/pull/5196
- Reviewed/approved test fix: https://github.com/freedomofpress/securedrop/pull/5200 (Update qa_loader for crypto_util changes)
- Opened https://github.com/freedomofpress/securedrop/issues/5201
Today:
- review ansible changes: https://github.com/freedomofpress/securedrop/pull/5199
Blockers or Asks:
- None
Yesterday:
- Support comms
- Meetings
- Report-writing
- Invoice prep
Today:
- Support tasks
- All The Meetings
- Report-writing
- Avail later this week for QA
Blockers or Asks:
- None