A way of getting feedback from sources about the SecureDrop software itself could be to run our own SecureDrop and include a note and link to it in the footer of the SecureDrop source interface base template. The access to the user feedback SecureDrop could be shared among maintainers, who could check the SecureDrop (thus also serving as a useful dogfooding exercise), and create tickets based on the feedback for implementation.
Of course, including this feedback link in the footer of the SecureDrop source interface should be optional. I suspect some organizations may worry that a source may send incriminating information to us and they might be more comfortable if all communications went directly to the news organization. This is totally reasonable, so we should build that functionality in if this were to be implemented.