Decentralized and transparent

Bonjour,

What about setting decentralization and transparency as a goal for SecureDrop in 2018 ? The project is doing well on both but there always is room for improvement. In 2017 there was a lot of progress:

• transparency: lively chat and forum, daily standups (7pm Paris/Berlin time, 10am San Francisco) and weekly engineering meetings open to everyone
• decentralization: community maintained infrastructure hosting translators, forum and git repositories

These are qualities expected from every Free Software project nowadays. But it is even more important for SecureDrop because it faces challenges that can only be addressed properly at the local level. Whistleblowers in a region where freedom of the press is not guaranteed by law and with a network heavily filtered and monitored state wide have different needs from those who benefit from legal protection and can hide among ten of thousands of anonymous web users.

Setting specific goals and a roadmap for transparency and decentralization does not strike me as a good idea. We are likely to deviate, miss the goals and end up disappointed about our inability to deliver what we promised. But it would be a good idea to clearly state that we are going in that direction.

It may not seem much but the benefits of declaring that SecureDrop wants to be a decentralized and transparent project will guide us as well as new contributors. When the time comes to choose between using a centralized resource such as transifex or a self-hosted resource such as weblate we will not only compare the two solutions on their technical merits, decentralization will be an important factor and not something that is nice to have. When new projects are born, such as the Qubes based journalist workstation, discussions will happen in public for transparency is necessary for new contributors to eventually engage and help.

What do you think ?

Ooooohhh I like this idea. I will also add that into 2018 - our server re-architecture efforts will require a lot of outside input/validation. I’d love to have those discussions be more in the open.

Can I also comment that when you did that short reflection up-top on 2017 … those are very important metrics to tout into 2018 to convince potential contributors why SecureDrop is a worthwhile project to help.

My .2 cents: decentralization, transparency, and expanding our community should all be important goals for the SecureDrop project in general and in 2018. In 2017 another (in my view) very important step we took as a project in terms of decentralization of the community is extending maintainership & commit access to people from the community (previously only FPF developers were maintainers). I think we’ll see more community contributors and eventually maintainers in 2018. Our recent shift away from primarily San Francisco to now a primarily remote engineering team at FPF is also helping us with the transparency piece, since our development chat/friendly debates occurs on Gitter or in the public jitsi meetings .