Erik Moeller
Erik Moeller
This implements the logic described in https://github.com/lorenwest/node-config/issues/309#issuecomment-212011422 We also let the user know about whether strict mode is currently on or off for relevant messages. Additionally, runStrictnessChecks has been renamed...
`securedrop-admin` currently still trusts the old signing key for releases. It's been more than a year since the [full key rotation](https://media.securedrop.org/media/documents/signing-key-transition.txt) (not to be confused with the recent expiry bump),...
In order to facilitate pre-release testing for new kernels, it would be helpful to have a preview component on apt.freedom.press, and an associated release/testing procedure which admins can follow to...
Per https://github.com/sass/ruby-sass (which is archived) and https://sass-lang.com/ruby-sass, this gem, which is [used at package build time](https://github.com/freedomofpress/securedrop/blob/develop/install_files/ansible-base/roles/build-securedrop-app-code-deb-pkg/tasks/sass.yml) for CSS generation, has reached end-of-life. We should consider migrating to a maintained codebase,...
On Tails 5, we require python3-distutils to be installed, or the updater will fail on `pip` calls (without an error message explaining the cause). The updater should detect these missing...
Compare: - [German strings in Weblate](https://weblate.securedrop.org/translate/securedrop/securedrop/de/?q=) - a supported language - 302 strings - [Danish strings in Weblate](https://weblate.securedrop.org/translate/securedrop/securedrop/da/?q=) - an unsupported language - 254 strings It looks like the unsupported...
https://github.com/freedomofpress/securedrop-client/pull/1272 added a set of handy `semgrep` rules to the `securedrop-client` repo to catch untranslated GUI strings. It'd be good to investigate if similar rules would be helpful in this...
In the SecureDrop Client, we'd like to be able to show a timestamp that indicates the last action in a given conversation (a journalist reply, a source message or document,...
Since the dev env is intended to support fast changes to the web experience, it should set the same Content-Security-Policy as the production server, as you're likely to otherwise experience...
## Description Tor Browser displays a CSP error on the console when loading a production Source Interface or Journalist Interface (2.1.0), but it appears to have no visible effect. ##...