SecureDrop 0.4 released, 0.4.2 meeting Aug 1 @ 10am Pacific

@redshiftzero copying your announce here for the record.

Hey all,

Today we released SecureDrop 0.4:

Let us know on GitHub or on the support portal
( if you have any issues with this version
of SecureDrop.

Thanks to everyone who responded to the Doodle poll regarding the 0.4.1
meeting. We’ll be having our first 0.4.1 planning meeting on August 1 at
10 AM Pacific / 5 PM UTC in the following Jitsi room:

Check out the current 0.4.2 milestone here, as we’ll be adding /
removing / refining items during the meeting:

Anyone who is interested in the project is welcome to join. Please come
with your thoughts, comments, questions, and any issues you are excited



Jennifer Helsby
SecureDrop Lead Developer
Freedom of the Press Foundation
GnuPG: F48E CC56 4980 83F1 80DF F943 DA05 B7C5 2ABA F334
Twitter: @redshiftzero

Interesting meeting ! From my point of view I learnt more about what is likely to be implemented for 0.4.2. I did not realize OSSEC improvements were that necessary. Having Tom voicing his concerns and desires regarding alerting was most interesting. I kind of hoped code cleanup & i18n could be done in parallel but … looks like this is not going to be possible.

I suggested we look for ways to have more reviewers: @redshiftzero & @conorsch said a new hire could help with that. I was also interested to hear about @heartsucker plans to contribute to a journalist/source API, in the context of the journalist workstation (but not exclusively). And also very happy at the prospect of having him participate in the review of the i18n PRs. There only are about four weeks before we feature freeze & go to QA for the release scheduled September 5th. It’s going to be quick :slight_smile:

We also discussed security issues preventing the full CI to run on every push to a pull request. This could be simply resolved by taking a chance. IMHO noone will mess with the CI and even if that’s the case, fixing the wreckage will be less time consuming & painful than implementing & maintaining safeguards. @heartsucker suggested whitelisting contributors that landed at least one pull request, which would be a non painful way of doing that.

I also remember discussions about the maintenance of the SecureDrop directory and how to improve things. But it’s not a topic I’m familiar with. Words like nagios monitoring, scripts, reworking, better seemed encouraging :slight_smile:

I’m not good at taking notes, sorry about that. One thing that could be improved is the sound quality in the conference room. I had trouble hearing Tom but no problem when Jen & Conor spoke.

Let’s do that again next month for 0.4.3 !

1 Like