mickael e.
mickael e.
As noted in https://github.com/freedomofpress/securedrop-debian-packaging/pull/105#issuecomment-566137365 , we should: 1. ~~Add an item in this repo's GitHub PR template to ensure the AppArmor profile is updated in the packaging ero if securedrop-client...
## Description In https://github.com/freedomofpress/securedrop/pull/4008, instructions on how to set up TLS 1.3 were added. We should review existing recommendations for landing page cipher suites, and consider removing TLS 1.0 and...
(this issue was raised at the 2020-01-14 engineering meeting) ## Describe the change Localization and internationalization documentation is dispersed across various sections: - https://docs.securedrop.org/en/stable/development/i18n.html - https://docs.securedrop.org/en/stable/development/l10n.html Release management for i18n...
Pyre [0] allows for further static analysis to ensure untrusted and/or unsanitized input never makes it it's way through to sensitive functions. We should add annotations for sources, sanitizers and...
We run configurations tests on the securedrop-workstation as part of the `test` make target, but it could be useful to run these periodically (perhaps at boot), to provide some sort...
Securedrop-proxy, securedrop-client and securedrop-export write logs to disk and sd-log (see https://github.com/freedomofpress/securedrop-workstation/issues/440) will aggregate logs from all workstation VMs. We should review the size of these logs based on common/expected...
For all packages that package Python wheels, we should use existing scripts (or create a new script) to list all dependencies of a package, their version, and their associated license...
Initially reported by @kushaldas in https://github.com/freedomofpress/securedrop-workstation/pull/447#issuecomment-586180448 Some files are preserved in the virtualenv after uninstalling packages. After running `sudo apt remove securedrop-*`, the following files remain in `/opt/virtualenvs/`: While the...
We should consider adding validation of the PGP payload downloaded from the SecureDrop server in sd-app before sending to sd-gpg. This will ensure the payload is valid, and that the...