Roadmap development

[ronaldtse]

We need better roadmap development in planning releases of RNP in order to provide transparency and certainty for users who need such information.

There are few things we need to decide:

1. How long should a release be? 4 weeks? 8 weeks?
2. When do we decide priorities for every release?
3. We need someone to act as release manager, e.g. setup the Project board/milestone. Can we rotate?

Here's the priority list suggested:

Priority (next 4-8 weeks)

• FFI interface for signature stripping (@ni4 is working on)
• Issues regarding key/signatures edge cases. (@ni4 is familiar and working on)
• Security issues
• Windows compatibility (we need to make CI run well again)
• Other issues reported by Thunderbird team
• tests for edge cases on FFI level

Later

• Refactoring (unless it make impact on performance/security)
• new CLI features and tests
• new OpenPGP features unless they represent incompatibilities with other implementations
• smartcards
• better key management

[dewyatt]

3. We need someone to act as release manager, e.g. setup the Project board/milestone. Can we rotate?

Just a quick comment on this, I can help on what's needed but my preference would not involve handling releases, I'm a bit exhausted with that role generally.

[ronaldtse]

@dewyatt sure, could you help list out the responsibilities within a release so that we spread the load?

[starix]

Hello guys. May be you will fix this one reffered in rnp.h: /* TODO define functions for encrypt+sign */

[ronaldtse]

Thanks @starix for the suggestion! @dewyatt @ni4 do we have this issue posted somewhere?

[ni4]

@ronaldtse This is actually should-be-removed comment. Encrypt-and-sign is already implemented via rnp_op_encrypt_add_signature() function.

[ni4]

And my comments to the initial questions:

1. How long should a release be? 4 weeks? 8 weeks?

I think in normal case it should be 8 weeks or even more. But currently, till TB release and first month-two of polishing it in a real world it could be 4 weeks.

2. When do we decide priorities for every release?

Right after the previous release, in some per-release issue? Of course, being able to update some of the goals or add new if something urgent appears.

3. We need someone to act as release manager, e.g. setup the Project board/milestone. Can we rotate?

I can do that, if there is nobody else willing to take care of.

[ronaldtse]

Sounds good -- let's do:

1. 4 weeks per release
2. Decide priorities per release, as soon as we can update goals.
3. We will rotate responsibility of being the release manager starting with @ni4 first and then whoever has time later

@ni4 could you help setup a release milestone for the next 4 weeks with the appropriate priorities (realized as tasks) and the tickets placed into milestone?

Thanks!

[ronaldtse]

Ping @ni4 on milestone setup. Thanks!

[ni4]

@ronaldtse Sorry for a delay. Here it goes: https://github.com/rnpgp/rnp/milestone/5 High-priority tasks are marked with the corresponding tag, other are of normal priority, and no low-prio in this milestone yet. Does this look good?

Probably there are more things which should be added, ping @rnpgp/developers

[dewyatt]

I think https://github.com/rnpgp/rnp/issues/1135 and https://github.com/rnpgp/rnp/issues/839 would be good for the next release

[ni4]

@dewyatt Agree, added them. Regarding #839 - I plan to add large PR soon with some more C++ additions.

[seamustuohy]

The various features/issues reported by the Thunderbird team which are on your priority roadmap are part of a critical project for the groups that my community of security trainers support. Since the RNP roadmap is deeply tied into their success I wanted to ask what, if there was anything that we could do, that would be useful for the core RNP team? (i.e. try to rally some trusted developers in our community to start contributing on these issues, try to get some donors in our space to pay for a RNP familiar freelance developers time to support this work, etc.)

The timeline for PGP in TB is short (two months or so) and I know you have other priorities on your roadmap as well. So, if the answer is to leave y'all alone so you can work I'm happy to. But, i wanted to check first in case there was anything we could do.

[ronaldtse]

@seamustuohy thank you for the support and the offer!

We welcome any kind of contribution -- contributors, code, users/testers, donations, or even just spreading of word. Both ways you suggested: rallying contributors, donating to the project or to other developers, are all greatly appreciated.

There are a number of issues outside the current "TB-focused" roadmap that we won't have time to take care of in the near-term; these are all posted as issues in this repo.

We usually encourage people who wish to contribute to prioritize their own use cases -- as they will be most familiar to their own context and needs. Short of asking you to go through the list of issues, if we have some context on how your community uses RNP, we might be able to point you to specific (pending) issues that you might be interest in.

For offline communication you can always find us via email or LinkedIn!

[ni4]

@seamustuohy Thanks! As for me, very valuable help would be with possible edge cases discovery - i.e. checking old and new messages/keys/signatures, different their combinations, issued by different implementations.

[rrrooommmaaa]

What priority tasks should I take?

[ni4]

@rrrooommmaaa Feel free to take any issues which is not assigned yet. While TB is already released with RNP, most priority is on security and other fixes. Not major new functionality, CLI and so on. Ones floating around for a while are #1110, #1071, #1188, #1185, #1106