Cory Francis Myers

Based on discussion today with @zenmonkeykstop, the release plan above assumes that we are comfortable doing "diffoscope-only" QA of a translations-only point release prior to preflight testing. @freedomofpress/securedrop-maintainers, please do...

Deferred to next week to allow more time for review of new translations.

We plan to fininsh preflight QA of freedomofpress/securedrop-apt-prod#148 tomorrow for a ~Monday~ Tuesday release.

- [x] Preflight clean installation - [x] Installed successfully - [x] Source and Journalist Interfaces show v2.10.1 - [x] Can submit - [x] Can reply - [x] Locales spot-checked

We all know Tor's latency penalty firsthand, but when I say $$O(1)$$ instead of $$O(n)$$, I mean: ```sh-session # Just a GET to the Source Interface, but the difference is...

I'm moving this out of draft status just so discussion will appear on Slack. It's still WIP. We discussed this today and concluded: - We're open to making non-breaking ~changes~...

@zenmonkeykstop, to clarify from backlog-pruning, I have no further implementation work planned here. There's a naïve test plan here already, but I need to add tests. Let me know if...

I've marked this for v2.11 for discussion when we plan our next sprint.

Deferred to v2.13, unless I happen to be able to get this ready for review this sprint.

Based on , I think it might be worth a research spike someday soon on Semgrep's [cross-file](https://semgrep.dev/docs/semgrep-code/semgrep-pro-engine-intro) [taint analysis](https://semgrep.dev/docs/writing-rules/data-flow/taint-mode), in service of the requirement that ["attacker-provided text should be rendered...