I, Andreas Hasenack, apply for Ubuntu Core Developer
Who I am
I graduated in Electrical Engineering. Worked for a few years in a company in the aerospace industry, but in the civilian area, in a project about installing "black boxes" in trucks and buses to monitor several driving and engine parameters. I then came in contact with a customer who had a nice "intranet" (that's what it was called back then), with internal web sites and a big database backend (oracle). We had to do some development for them, but didn't have access to Oracle, and someone told me that I should try this thing called "linux", "postgresql" and "apache". I did, then installed it at home, and never looked back.
In 1998 I took a post-grad specialization course in the University (a degree higher than graduation, but below masters) in computer networks and went to work for Conectiva, the Brazilian Linux distribution, later renamed to Mandriva, where I stayed until 2008 doing lots of packaging work (RPM) and consulting for enterprise customers in the server area. My main area of expertise was email, authentication (kerberos, pam) and LDAP, and I also spent about half the time working in Conectiva's security team and doing security updates for the distro.
My Ubuntu story
Tell us how and when you got involved, what you liked working on and what you could probably do better.
In 2008 I applied for a job in the Landscape team (https://landscape.canonical.com), and got hired as a QA engineer. I had never done any Debian packaging before, just had some ideas about how it worked, had grabbed a few packages here and there to inspect them, looked at patches, etc. apt-get wasn't a stranger, since Conectiva developed apt-rpm back in the day, and the concept of dependency resolution is the same everywhere.
Landscape has a client component, and that means a Debian package that gets installed on machines. It obviously needs to be QA'ed. So that's how I got exposed to Debian packaging "for real" that time.
In April 2017 I started working in the Ubuntu Server Team. That got me back in touch with my "Linux roots" (no pun intended) and immediately I started looking into my old friends kerberos, ldap, samba, etc and searching for bugs to fix. It is in the Ubuntu Server Team that I got introduced to the Debian Merge process, and how this team is looking into improving that process via the Git Ubuntu tooling.
In December 18th, 2017, I became an Ubuntu Server Developer: https://lists.ubuntu.com/archives/ubuntu-devel/2017-December/040101.html
Examples of my work / Things I'm proud of
My direct uploads: https://launchpad.net/~ahasenack/+uploaded-packages
DEP8 tests I added
Bug #1696823: samba: extra dep8 tests
Merged in Debian: https://salsa.debian.org/samba-team/samba/merge_requests/1
Pushed to Debian via https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=901554
Merged in Debian: https://salsa.debian.org/debian/krb5/merge_requests/2
Now in Ubuntu in krb5-1.16-2ubuntu1, which can be dropped after Debian makes a new release of the package
FTBFS fixes I uploaded
squid3 (during gcc7 migration): https://bugs.launchpad.net/ubuntu/+source/squid3/+bug/1712668
libcloud, which I hit after doing strongswan and paramiko uploads: https://bugs.launchpad.net/ubuntu/+source/libcloud/+bug/1788931
fixes were submitted upstream and accepted, last one being https://github.com/apache/libcloud/pull/1237 that will make i386 and armhf tests green as well
libcloud tests have been red forever, and were fixed by this upload: https://launchpad.net/ubuntu/+source/libcloud/2.3.0-1ubuntu1
fixes submitted upstream: https://github.com/apache/libcloud/pulls?utf8=%E2%9C%93&q=is%3Apr+is%3Aclosed+author%3Apanlinux
Cooperation with debian and/or upstream
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=901554: please add dep8 tests. There is no salsa repository yet for autofs, so I just attached a debdiff.
Pushed up a small DEP8 fix: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=905151
https://salsa.debian.org/samba-team/samba/merge_requests/7: Drop deprecated syslog options from default smb.conf
https://salsa.debian.org/samba-team/samba/merge_requests/8: logrotate: only try to reload the services if they are running
- tests that failed with -Wl,-Bsymbolic-functions enabled (default in ubuntu):
https://salsa.debian.org/sssd-team/sssd/merge_requests/1: Create the secrets directory used by sssd-secrets
squid4 dep8 fixes pushed to debian. Debian had adopted most of our DEP8 tests previously, but they never passed in their infrastructure (https://ci.debian.net/packages/s/squid/testing/amd64/):
https://salsa.debian.org/dns-team/bind/merge_requests/1 I opened it against bind, but it should have been bind9. Debian merged the fix into the right repository.
https://salsa.debian.org/exim-team/exim4/merge_requests/2: Add distro banner (our only delta with Debian). Unfortunately rejected, but we tried
https://salsa.debian.org/debian/dovecot/merge_requests/1: More DEP8 tests for Dovecot
libvirt apparmor bug investigation and SRU: https://bugs.launchpad.net/ubuntu/+source/libvirt/+bug/1707400. Apparmor was being called in post manually, not via dh_apparmor, and that missed the cached profiles. The new profile was never applied.
MIR: http-parser, for sssd: https://bugs.launchpad.net/ubuntu/+source/http-parser/+bug/1638957
bug-pattern contribution for a samba bug: https://code.launchpad.net/~ahasenack/apport/samba-security-share-bugpattern
- NEW packages:
all history showing how the lintian warnings/errors were addressed: https://code.launchpad.net/~ahasenack/ubuntu/+source/ndctl/+git/ndctl/+ref/master
all history showing how the lintian warnings/errors were addressed: https://code.launchpad.net/~ahasenack/ubuntu/+source/pmdk/+git/pmdk/+ref/master
bug showing dialog with upstream about pmdk and ndctl: https://bugs.launchpad.net/bugs/1752378
- Apache update changed behavior which broke one regression testing test. Made an MP to fix that:
- backport that became an SRU to bring a new zstd version back into stable releases. *Lots* of testing involved. This included creating a transitional package in bionic.
- SRU DEP8 investigation and fixes:
A normal apache2 SRU that failed DEP8 in xenial, artful, bionic: https://bugs.launchpad.net/ubuntu/+source/apache2/+bug/1766186
new bug filed for libapache2-mod-perl2 DEP8 fixes in xenial: https://bugs.launchpad.net/ubuntu/+source/libapache2-mod-perl2/+bug/1779400. Normally we don't do SRUs with only DEP8 fixes, but this package in particular would always fail during an apache2 SRU, which is more common.
britney hints MP for ocfs2-tools: https://code.launchpad.net/~ahasenack/britney/ocfs2-tools-hints-1.8.5-5ubuntu1/+merge/351928
- Mini migration for bind9
- While looking at the reverse dependencies, I missed bind-dyndb-ldap, thinking it was part of bind9, but it's a separate source. Got it sponsored.
- Then I thought isc-dhcp wasn't needed, because the old bind package with the old soname would still be around. Even tested that scenario, but had to rebuild it as well:
jul 31 15:44:10 <ahasenack> and upgrading just bind, leaving isc-dhcp without a rebuild, also works: https://pastebin.ubuntu.com/p/zkw8nzryYV/
- The packages would still not migrate. Looking at the update_output.txt, I found out that debian-installer is a reverse dependency as well. Asked for a rebuild/sponsorship:
ago 01 14:37:54 <ahasenack> hi, my bind9 upload, which bumped the soname, also needs a debian-installer rebuild (ppa at https://launchpad.net/~ahasenack/+archive/ubuntu/bind-merge-9.11.4/+packages). Would someone sponsor this for me? https://pastebin.ubuntu.com/p/HPVtSzkPK7/
- Summary of rebuilds needed for bind9 to migrate:
PPA with my test builds: https://launchpad.net/~ahasenack/+archive/ubuntu/bind-merge-9.11.4
- Bileto usage:
I just got access, and used it to run squid-4.x DEP8 tests in all architectures, prior to an actual upload: https://bileto.ubuntu.com/#/ticket/3351. Since then, I used it for other packages, but abandoned the ticket after I was satisfied with the test results, so I don't have a link for them. I just left the squid4 one open for now.
New team member mentoring: walked a new team member (kstenerud) through the SRU process using git-ubuntu: https://irclogs.ubuntu.com/2018/08/16/%23ubuntu-server.html#t16:45. We continued the next day on the DEP8 tests topic: https://irclogs.ubuntu.com/2018/08/17/%23ubuntu-server.html#t16:59
Areas of work
Let us know what you worked on, with which development teams / developers with whom you cooperated and how it worked out.
I think the previous section is a good example of my areas of work. To summarize:
- DEP8 testing: many fixes for existing DEP8 tests, and new tests that I added
- upstream contributions: I push changes back to Debian and upstream
- assorted server packages bug fixing: apache, samba, sssd, kerberos, bind9, squid, and others
From the past:
- Landscape Autopilot (now discontinued): automated cloud deployments (openstack) using juju charms
automated troubleshooting of failed cloud deployments: together with Ursinha and Francis Ginther we created a cloud deployment log analyser. Hooked up to our jenkins CI, it would fetch logs from a failed cloud deploy and go over it looking for known issues. We had several signatures for known issues. If one was found, it would annotate the jenkins job so we would know right away why the deployment failed. Furthermore, we could use this to also keep the deployment up if an issue which we want to debug manually comes up. We called this "stop the test". Unfortunately it's a private project in LP (https://launchpad.net/autopilot-log-analyser) because it contains samples that have PPPA credentials and other secrets that were hard to remove.
Documentation and release notes: all Landscape release notes, including deployment guides, from https://help.landscape.canonical.com. For example, for the 17.03 release:
- Ubuntu Server Guide documentation fixes:
#1692259: slapd service does not automatically start
#973981: Ubuntu 11.10 help page for kerberos and ldap uses deprecated commands
#1038625: kerberos: never states to create non-admin user principal
#1170876: LDAP Private Key Access
#1239914: ldap installation Server guide implies for default settings that do not happen
#1409392: 'Kerberos and LDAP' instructions show bad ldap_kerberos_container_dn example
#1579209: Samba and LDAP is completely out of date
#1603540: wrong ldif file for altering indexes
Things I could do better
- I stopped helping to update the server guide. It still needs work.
- Create more bug patterns. Experience with triage has showed some patterns in bugs that we can leverage with automation
- Grouping fixes together in a single upload, since migrations are costly
- Expand my work to other packages that are in need of maintenance
Plans for the future
- Keep adding DEP8 tests to the Ubuntu and Debian packages, and improve the coverage of existing tests
- Reduce the delta with Debian by submitting changes to Debian and upstream.
- Improve the LTS Server Guide in the areas of Authentication, Authorization and Samba
What I like least in Ubuntu
Please describe what you like least in Ubuntu and what thoughts do you have about fixing it.
- Lack of proper DEP3 headers in patches. This sometimes makes it hard to find out why a patch was introduced, or if it can be dropped. There are lintian checks for this already, but they are not enforced on upload. "What's obvious today, may not be obvious 12 months from now."
Many SRU bugs I see being accepted lack what I would call proper test cases. In many cases they are way too generic, or do not fulfill this requirement from the SRU template: these should allow someone who is not familiar with the affected package to reproduce the bug and verify that the updated package fixes the problem. We have to reach some sort of balance here. SRUs are already hard for newcomers, but without a proper test procedure, they are also hard on the members of the SRU team.
Communication and coordination in #ubuntu-release is a bit ad-hoc. One could argue it's agile, since pings from trusted people on IRC can be quickly acted upon, but if you happen to not know who is and isn't around, or by chance hit the channel when people are on holidays or in a sprint, you can be greeted by a black hole. Maybe there could be a vanguard for the week, or the day?
- Sites, reports, cron jobs, etc, running all over the place, in all types of domain names. Some look more "official" than others. A few examples:
It feels like someone quickly built a tool to solve an immediate problem, published it under a group account somewhere they had write access to, and that became official because it works and people who need it, know where to find it. I imagine some time ago people thought this would all be part of Launchpad.
- Packages stuck in proposed-migration for way too long. Sometimes they are syncs, meaning no-one specifically uploaded them, so I guess no-one got notified. But they still take up resources, migration is attempted regularly, new DEP8 tests might be triggered if a dependency is updated, etc.
If you'd like to comment, but are not the applicant or a sponsor, do it here. Don't forget to sign with @SIG@.
As a sponsor, just copy the template below, fill it out and add it to this section.
I have accompanied Andreas from him joining the server Team - with an already great technical background and emphasis on testing things before pushing changes - to the clearly core-dev material engineer that he is today - where I'm close to create aliases to sponsor his work. So far I sponsored 45 uploads of Andreas (see sponsor ship miner). I have seen a great progression of quality over time and it reached a a state where I mostly find style suggestions and similar things, but no actual packaging/Ubuntu issues as part of the upload. I'd judge the quality of his uploads really high and having seen his improvements over the past I'm sure he can adapt to changes as needed. I appreciate that he has grown as much as being a great resource for reviewing my work recently. Due to that he really has my trust and I'm confident he would be a good Ubuntu Core Dev.
Specific Experiences of working together
Out of recent memory squid4 comes to my mind, where he nicely carried Ubuntu Delta through a Debian source rename. Worked on extended tests, did well on submitting plenty of things to Debian so that Delta stays maintainable and so on ...
Also the rather complex ndctl (new packaging) and libzstd (was a mess on backward/forward compatibility) cases further increased my confidence.
I'm also proud how he took active responsibility of the samba/sssd/ldap area in Ubuntu-server. He combined his former experience with his eagerness to learn and made this somewhat orphaned area great again - great for Ubuntu and great for our team.
Areas of Improvement
He was part of seed changing activities but not yet driving a lot on his own. There more work could be done to get a better grip of these as well. I'm convinced that he'll do great and not start pushing crazy things on day one.
Andreas is a colleague of mine on the Canonical server team. According to the sponsorship miner, I've sponsored only 11 separate uploads for Andreas. I'm surprised; I thought it'd be a lot more. We operate a peer review policy on our team. This means that I see his work on a daily basis. I suppose much of what I review of his work he can already upload himself, or other colleagues sponsor.
However we keep hitting uploads that he cannot do without being a core dev. samba and bind9 are a couple of examples.
Much of my endorsement for Andreas' previous successful server packageset application still applies: "I am continually impressed by Andreas' attention to detail and the general comprehensiveness and correctness of his work upon first review. He doesn't just throw a patch at a sponsor to see if it sticks; by the time he requests review, he typically has done far more extensive investigation and testing than I would do before uploading. He mostly asks all necessary questions in public on Freenode before preparing an upload for sponsorship. I've seen him find tangential edge cases and fix those up as well while working a particular bug."
Andreas understands well what he doesn't know and is appropriately cautious, asking others before committing to an action to make sure that it is correct. I think his overall knowledge of packaging and Ubuntu processes surpassed the bar for core dev a while ago.
I have sponsored 19 uploads for Andreas as a former member of the Canonical Ubuntu Server team. In all cases, Andreas demonstrated a commitment to high-quality packaging, even going out of his way to point out potential issues with his changes.
I have no qualms with Andreas being granted core dev rights, based upon his knowledge of Ubuntu processes and packaging.
Specific Experiences of working together
My sponsorship list is here. While I am no longer working for Canonical, I have sponsored a few things, or reviewed them as a core dev, and Andreas has mantained the same level of high quality work that I experienced as his teammate.
Additionally, Andreas has provided excellent feedback to the git-ubuntu team, both in the form of bugs and in documentation.
Areas of Improvement
I do not have any specific areas of improvement for Andreas at this time. I do not expect he will overstep any of his bounds, and will continue to ask questions when he is unsure of something in the various workflows that exist.
I have known of Andreas Hasenack's work since Mandriva times two decades ago. I am unsurprised that the upload which I sponsored for him was straightforwardly correct and required no iteration. I also did NEW processing of the new packages ndctl and pmdk which he prepared on behalf of the Ubuntu Server Team, and which were impeccably handled, requiring only a corner-case discussion of copyright file handling when no copyright holder is listed. I have no reservations about recommending him for core-dev, despite the relatively narrow interactions I've had with him directly on Ubuntu packaging.
== <SPONSORS NAME> == === General feedback === ## Please fill us in on your shared experience. (How many packages did you sponsor? How would you judge the quality? How would you describe the improvements? Do you trust the applicant?) === Specific Experiences of working together === ''Please add good examples of your work together, but also cases that could have handled better.'' ## Full list of sponsored packages can be generated here: ## http://ubuntu-dev.alioth.debian.org/cgi-bin/ubuntu-sponsorships.cgi? === Areas of Improvement ===