I, Marc Deslauriers, apply for MOTU.
Who I am
I am from Lévis, Québec, Canada, and have been working for Canonical Ltd. as a Ubuntu Security Engineer since November 2008. Previous to working for Canonical, I was a security and open-source consultant.
My Ubuntu story
I have been a Linux user since 1997.
I first tried Ubuntu when Breezy Badger came out, and was immediately impressed with the large quantity of packages in the repositories. For the Linux distribution I was using at the time, I had to maintain a large number of packages for my own use in order to get everything I needed. With Ubuntu, everything was already in the repositories, save for a few exceptions.
Since my packaging experience at that time was limited to building rpms, I started looking into deb packaging. By the time Dapper Drake came out, I switched to Ubuntu as my preferred distribution.
I mainly do the following:
- Triage security issues and CVE numbers in Ubuntu
- Maintain the Ubuntu CVE Tracker
- Produce updates packages that include security fixes
- Backport upstream security patches to older releases we support
- Write test scripts for all updates we publish
- Write and publish Ubuntu Security Notices (USN)
- Participate in the Security Team wiki, and roadmap
- Develop active security features in Ubuntu
- Participate with other teams on security issues
Examples of my work / Things I'm proud of
A list of Ubuntu Security Advisories I've published is available here.
I added a feature to the aide application to simplify reports by filtering files that got changed by security updates. See the Specification.
In my own time, I have produced security updates for packages in Universe, such as phpmyadmin and vlc.
Things I could do better
I would like to spend more time writing documentation.
Plans for the future
I plan on continuing to produce high-quality security updates for packages in Ubuntu.
One of the areas I would like to work on in the future is to get a stronger Ubuntu security community going to try and address the large number of security vulnerabilities in Universe and Multiverse packages.
I would also like to get more involved in the authentication and smart card features of Ubuntu.
What I like least in Ubuntu
One of the things I like the least in Ubuntu right now, is the lack of a complete out-of-the-box solution for addressing typical security requirements for enterprise use. This includes secure authentication, logging, delegated administrative control, desktop lock-down, etc.
I would like to get more involved into producing use cases, documentation, and blueprints for enterprise usage.
If you'd like to comment, but are not the applicant or a sponsor, do it here. Don't forget to sign with @SIG@.
As a sponsor, just copy the template below, fill it out and add it to this section.
I work closely with marc watching the security of ubuntu, he is high technically skilled and he even answer the questions i've from time to time, i'm sure he will be an awesome addition to the team. Because of my access i haven't have had the opportunity to sponsor any of his uploads, but i've take a look at some of them and have had technical talks with him, so i'm sure he is ready.
Marc and I are on the same team and we work very closely together on a day to day basis. I absolutely recommend him for MOTU. His technical abilities are very high, he is experienced with bug triage and very good with the community. I have trusted his work as a member of the Ubuntu Security team for some time, and he has free reign for all stable releases of Ubuntu, so it only makes sense that he should be able to upload to the development release.
Specific Experiences of working together
There are too many to count really. Lately I sponsored uploads for apparmor and aide, and worked with him a little on flashplugin-nonfree. He is pleasant to work with, stands up for his opinions and willing to change his mind when appropriate. I regularly bounce ideas off of him and ask his opinion on security and user experience issues as well as peer code review. He is a great asset to our team and Ubuntu at large. I very much appreciate his work (thanks Marc!).
Areas of Improvement
Marc is great and a fast learner. The only area of improvement I can think of is for him to also pursue core-dev.
Marc has been a fantastic addition to the Ubuntu Security Team and the Ubuntu Community. I think he would be a very valuable addition to MOTU. He has a large amount of packaging experience, and is quite conscientious about testing, which is a rarely an easy task. Marc will carefully study anything he doesn't understand, and if he still has questions, he'll find someone to answer them.
Specific Experiences of working together
While I work every day with Marc and see his excellent work on all kinds of packages in main, I'll call attention to a universe upload I sponsored. The work done on aide was discussed with a group of interested parties at UDS, analyzed and designed, implemented, and finally tested. By the time I got to sponsoring it, I could nothing significant to recommend as an improvement. It was a great example of his solid end-to-end development and packaging abilities.
Areas of Improvement
I would only suggest that Marc be slightly more forward with his changes for packages in Ubuntu. I have found him very slightly shy to make changes in some areas. While I appreciate caution as a general rule, I regularly find he has done a fine level of due-diligence and that there's no more reason to hesitate seeking a sponsor. (Or, once he has MOTU, doing the upload directly!)
I work with Marc at Canonical and he is a fantastic addition to the Ubuntu Server Team. Marc is very easily to get along with and very skilled technically. I think he would be a valuable addition to the MOTU team as well.
== <SPONSORS NAME> == === General feedback === ## Please fill us in on your shared experience. (How many packages did you sponsor? How would you judge the quality? How would you describe the improvements? Do you trust the applicant?) === Specific Experiences of working together === ''Please add good examples of your work together, but also cases that could have handled better.'' === Areas of Improvement ===