-
Notifications
You must be signed in to change notification settings - Fork 685
Standup Notes 2021 07 08
eloquence 8 hours ago
Yesterday:
- Sprint planning and associated follow-up
- Docs reviews
- Hiring fun Today:
- Help w/ SD 2.0.1 release as needed
- Ops Assistant hiring panel
- PFT redesign planning
- Maybe Safe Deletion UX chat Blockers:
- None; I do encourage folks to catch-up on SecEng candidates and hiring challenges when you have a gap.
creviera 8 hours ago Yesterday: Reinstall SDW, bumped the version of a dev dependency causing a safety alert (PR coming soon after I test on a mac), ordered more hardware and caught up on some internal key management docs Today: Safe Delete UX and code review! SDW install with Martin. CoC review with Kirstin. Review https://github.com/freedomofpress/securedrop-docs/pull/199. Open dependency update PR (also followup for following this new rule (to reduce security alerts on dev dependencies because we'll be staying up to date and catching more errors by using later versions of linters): https://github.com/freedomofpress/securedrop-proxy/pull/88). Work on client-side of responding to new export return code for drive already unlocked if time. Blockers: None (edited)
ro 8 hours ago yesterday: support comms, release comms draft, hiring assignment stuff, couple meetings today: same, plus ops assistant hiring panel no blockers
Kev 8 hours ago yesterday:
- cutting 2.0.1-rc1 release, associated docs, QA
- troubleshooting apt.freedom.press buster channel breakage
- sprint planning, sd-e2e discussions today:
- final QA for 2.0.1, updating builder, reviewing docs, cutting 2.0.1 release packages blockers:
- none
john 8 hours ago yesterday: one safe deletion tweak which with Qt required 1.5 hours; sprint planning and e2ee meetings; 2.0.1 qa today: builder update review; 2.0.1 release as required; and got nerdsniped by https://github.com/ossf/scorecard, since they've checked SecureDrop and we're apparently in their BigQuery results table, and I'd like to know what they found (I did see that there are problems, but you have to run with --show-details to know what, and it takes hours if you don't give them a GitHub API token). related (hey @kushaldas): they're developing a supply chain certification framework (https://thehackernews.com/2021/06/google-releases-new-framework-to.html), which I had not heard about.
The Hacker NewsThe Hacker News Google Releases New Framework to Prevent Software Supply Chain Attacks Supply chain Levels for Software Artifacts (SLSA) : A New Framework to Prevent Software Supply Chain Attacks. (59 kB) https://thehackernews.com/2021/06/google-releases-new-framework-to.html
cfm 8 hours ago
- Yesterday (apart from meetings): securedrop#5986 Source Interface template refactoring
- Today: more of same; Rust learning time
- Blockers/asks: @Kev, if you have a chance to weigh in on https://github.com/freedomofpress/securedrop/issues/5986#issuecomment-870827774, I'll do my best to have an as-painless-as-possible PR for you to review when you return from vacation. :-) (edited)
Comment on #5986 semantic (HTML5/ARIA) page structure in Source Interface @zenmonkeykstop, I'm starting work on this with the assumption that this and #5987 will each take the form of an omnibus PR consisting of:
- refactored templates; and
- stylesheets updated accordingly, with the goal of making it as close as possible to a pixel-perfect markup-only refactoring, with no (visually apparent) UI/UX consequences. Given this scope, is there a particular sequence or structure you'd like to see the PR follow for ease of review? https://github.com/freedomofpress/securedrop|freedomofpress/securedropfreedomofpress/securedrop | Jun 29th | Added by GitHub
kushaldas 8 hours ago Did experimental work including a new build container for the reproducible wheels and debian packages. https://github.com/freedomofpress/securedrop-debian-packaging/pull/252 I will convert it into a proper PR in the morning tomorrow. There were a few other PR reviews. No blockers (edited)