Contributing to SecureDrop¶
If you have time, one hour or a year, we welcome your help in various areas. We are committed to make it as easy as possible for you to contribute.
- Programmers, to help us develop SecureDrop.
- DevOps, to work on the community maintained SecureDrop infrastructure.
- Release Managers, to create and maintain Debian GNU/Linux packages and repositories.
- Writers, to help improve the documentation.
- Translators, to translate SecureDrop.
- Moderators & Support, to answer on the forums.
- Designers, for SecureDrop source and journalist web interfaces and Tails customization.
You will find a developer to answer any questions you may have at the SecureDrop instant messaging channel, whatever your timezone is. You should also register to the forum for longer discussions and to look for answers.
SecureDrop is a system including Flask based web applications for sources and journalists and is deployed on multiple machines with Ansible.
Here is a list of bugs and features you can work on.
Issues Sorted by Topic¶
- User experience
- Internationalization (i18n)
- Source and journalist applications
- Source and journalist applications cleanup
- SecureDrop Workstation
- Source experience
- Journalist experience
- Improve ansible logic / smoother install
- Operations and Deployment
- Improve threat model
- Reduce IDS noise
If you would like to contribute on a regular basis, you should read the developer documentation to setup a local development environment, run part of the tests locally etc.
If this is your first time helping with SecureDrop documentation, consider working on low-hanging fruit to become familiar with the process.
Documentation tasks (bugs and improvements), ordered by priority:
The SecureDrop web site and the GitHub
repository are controlled and
maintained by Freedom of the Press Foundation employees. The resources under the
securedrop.club domain name (listed below) are financed, controlled and
maintained by a horizontal community of volunteers.
You will find a list of the pending tasks to improve the
securedrop.club services in
the contribution guide.
All software deployed with SecureDrop is installed via Debian GNU/Linux packages via Ansible. The primary repository is controlled and maintained and signed by Freedom of the Press Foundation employees. An alternative repository is signed by a community of volunteers and must not be used for production purposes but is convenient for tests and demonstrations. The current responsibilities of the release manager is documented in this detailed documentation.
If you are a Debian Developer you can help improve packaging and the release process:
If English is not your native tongue, your are kindly invited to help translate SecureDrop using the web interface. It is straightforward but we also provide a detailed guide to use as a reference for details such as the meaning of placeholders etc. If you’re in doubt, feel free to reach out to the translation section of the forum or even sub-sections where non-English discussions are welcome to facilitate discussions.
Last but not least, if you are a professional proofreader you may want to reach out to Localization Lab and become part of their team of reviewers. This is an important part of the process to ensure quality translations and there are never enough talents to complete this on-going task.
Moderators & Support¶
People running a production instance of SecureDrop are encouraged to read the support documentation to get help from the Freedom of the Press Foundation. For less sensitive topics such as running a demo or getting help to understand a concept, a public forum section is better suited.