I, Marc Deslauriers, apply for MOTU.
Who I am
I am from Lévis, Québec, Canada, and have been working for Canonical Ltd. as a Ubuntu Security Engineer since November 2008. Previous to working for Canonical, I was a security and open-source consultant.
My Ubuntu story
I have been a Linux user since 1997.
I first tried Ubuntu when Breezy Badger came out, and was immediately impressed with the large quantity of packages in the repositories. For the Linux distribution I was using at the time, I had to maintain a large number of packages for my own use in order to get everything I needed. With Ubuntu, everything was already in the repositories, save for a few exceptions.
Since my packaging experience at that time was limited to building rpms, I started looking into deb packaging. By the time Dapper Drake came out, I switched to Ubuntu as my preferred distribution.
I mainly do the following:
- Triage security issues and CVE numbers in Ubuntu
- Maintain the Ubuntu CVE Tracker
- Produce updates packages that include security fixes
- Backport upstream security patches to older releases we support
- Write test scripts for all updates we publish
- Write and publish Ubuntu Security Notices (USN)
- Participate in the Security Team wiki, and roadmap
- Develop active security features in Ubuntu
- Participate with other teams on security issues
Examples of my work / Things I'm proud of
A list of Ubuntu Security Advisories I've published is available here.
I added a feature to the aide application to simplify reports by filtering files that got changed by security updates. See the Specification.
In my own time, I have produced security updates for packages in Universe, such as phpmyadmin and vlc.
Things I could do better
I would like to spend more time writing documentation.
Plans for the future
I plan on continuing to produce high-quality security updates for packages in Ubuntu.
One of the areas I would like to work on in the future is to get a stronger Ubuntu security community going to try and address the large number of security vulnerabilities in Universe and Multiverse packages.
I would also like to get more involved in the authentication and smart card features of Ubuntu.
What I like least in Ubuntu
One of the things I like the least in Ubuntu right now, is the lack of a complete out-of-the-box solution for addressing typical security requirements for enterprise use. This includes secure authentication, logging, delegated administrative control, desktop lock-down, etc.
I would like to get more involved into producing use cases, documentation, and blueprints for enterprise usage.
If you'd like to comment, but are not the applicant or a sponsor, do it here. Don't forget to sign with @SIG@.
As a sponsor, just copy the template below, fill it out and add it to this section.
== <SPONSORS NAME> == === General feedback === ## Please fill us in on your shared experience. (How many packages did you sponsor? How would you judge the quality? How would you describe the improvements? Do you trust the applicant?) === Specific Experiences of working together === ''Please add good examples of your work together, but also cases that could have handled better.'' === Areas of Improvement ===