securedrop
securedrop copied to clipboard
GitHub repository for the SecureDrop whistleblower platform. Do not submit tips here!
## Description Currently, we have different practices regarding license notices in different parts of the SecureDrop project. - SecureDrop Client uses full [AGPL-3.0-or-later][spdx-agpl] headers in each file ([example][client]) - SecureDrop...
## Description An upcoming release of `itsdangerous`, 2.1, will drop support for JSON Web Signatures. The project maintainers recommend switching to `authlib` instead. Encountered the deprecation notice while performing a...
## Description `test_no_ecrypt_messages_in_logs` in `molecule/testinfra/common/test_system_hardening.py` triggered by `securedrop-admin verify` hangs indefinitely when confronted with a `/var/log/syslog` that's larger than approximately 2.125MB. ## Steps to Reproduce * SSH into app server...
## Description Harica and Digicert now apparently require that CSRs for certs for onion services be signed with the service's private key. Harica have written a tool to support this:...
## Description [Accessibility Lab recommendation](https://docs.google.com/document/d/1jZlKco2YgOrrI4PmTkG_Q8lKuV5VxCds/edit#): > * **Keyboard** > The tab key must be constrained within the dialog. Users cannot tab out of the dialog. The focus goes to the...
## Steps to reproduce (To see production-like behavior below, make sure to test in Tor Browser against a staging or production instance.) In the Source Interface, upload a file that...
## Description Currently we create and edit the `/var/lib/securedrop/keys/gpg-agent.conf` file in the `postinst` of the securedrop-app-code package. Aside from being a bit precarious to be grepping for certain strings and...
It should be possible for independent folks to compile SecureDrop from source and achieve exactly the same binary. Once this is possible, SecureDrop's normal release process should rely on multiple...
## Description **Do we want to move SecureDrop to Weblate's continuous-localization workflow?** *This is a stub issue pending freedomofpress/securedrop-client#239.* ## User Research Evidence - freedomofpress/securedrop-client#239 ## User Stories As a...
## Problem Today's text guiding GPG usage in the SI is likely to be alienating to many users. It assumes the reader understands BASH and how to use a Terminal...