I, Thomas Ward, apply for upload rights for the package znc in Universe.

Who I am

I am a 27 year old student finishing up college, for IT security, in addition to being an Ubuntu enthusiast. I somewhat-actively do bug triaging for multiple packages, both as a member of Bug Squad and Bug Control. I specifically work with the NGINX packages as a bug triager, and work to get bugs fixed in nginx where possible, and try and upstream said bugs where necessary. I also helped pioneer getting NGINX into Main, via the nginx-core binary. I now currently work alongside the Server Team in maintaining the nginx package in Ubuntu on a regular basis, including keeping the development release in line with nginx upstream.

With regards to ZNC, however, I am not a developer - however, I do a service to the upstream ZNC group, and those who use ZNC, by providing both PPAs and a Debian repository for those who use ZNC. This enables users to have updated versions of the software for use with older versions of Ubuntu.

My Ubuntu story

Tell us how and when you got involved, what you liked working on and what you could probably do better.

NOTE: This will look similar to my NGINX Per Package Uploader application - my history has not changed.

Initially, I started using Ubuntu several years ago with 9.04 Jaunty and got more and more intrigued with Linux and the capabilities of it.

After that, when I ran into issues I was not skilled enough to work through, I joined ubuntuforums.org and did some support work there, both receiving and providing support, eventually settling to assisting with helping newbies get started.

After a while, I discovered the IRC support, and both received support, and provided support, there for some time, but never super-actively. I eventually learned about Ask Ubuntu, and at the time lost interest in providing IRC support, and gave a lot of support there for users. From my contributions prior to joining Ask Ubuntu, and at the time over a year ago, I applied for Ubuntu Membership for my contributions, primarily focusing on my Ask Ubuntu contributions, and what meager work I had done with packages and bug triage at the time. My membership application was approved, and I was made an Ubuntu Member.

After a while, I became interested in several programs and packages, including nginx, ZNC, and others. I became interested in packaging at roughly the same time, and learned the basics of packaging, and patch management within them.

I joined several mailing lists at the time, and continued to provide support through Ask Ubuntu, while not providing as much in terms of contributions elsewhere.

For some time now I have been working with Ubuntu as a primary operating system on both bare metal and virtualized setups. I continue to work as a bugs triager for nginx. I also continue to work in Ubuntu with the Server Team to keep the nginx package maintained in the repositories, since being granted PPU rights for the package.

My Involvement: ZNC

Outside of Ubuntu, I have contributed to the ZNC package some minor patches, standardizing message output formats, and improving the balance between vague messages and verbose messages. I have also done work in the upstream repository to fix minor issues in the web administration interface. In all, I have contributed 11 commits to the code-base since 2012. I also do development in some third-party forks of ZNC, and maintain a customized version for myself which includes certain changes not implemented upstream.

My latest contributions are of a packaging and building nature. Within the past year, thanks to increased budgets and time, as well as better hardware for myself, I have taken it under my wing to provide both a PPA for Ubuntu, and a Debian repository server for ZNC, so that other individuals can have access to the latest version of ZNC. (While the Debian repository server has since been taken offline, I am still providing what could be considered the 'official' PPA for stable ZNC builds.)

I also provide PPAs for ZNC upstream's automated builders - providing swig3.0 and other dependency PPAs for their automated build processes. I also provide my opinions on issues as well, such as pull requests and other proposed changes; I have also provided bounties on security-related changes to permit customized SSL settings in order to protect against some SSL vulnerabilities (POODLE included).

I have also collaborated with the Debian maintainer of the ZNC package in Debian, with regards to the ZNC release of 1.6.0 and 1.6.1 where some packaging changes were necessary.

I am also an administrator of the ZNC wiki site, and a channel moderator for the #znc channel on Freenode.

Example of my work / Things I'm proud of

For the most part, I try to keep this package in sync with Debian and Upstream. I also have worked to fix things in the past, with some specifics that I can quote (though they also go into the Security pocket as well).

This is a bug in which a POODLE risk was found in the default listeners; I worked with the Security team to get this reported and looked at.

I have other bugs with fixes for multiple CVEs for Lucid at one point for the ZNC software.

I worked to get a null pointer dereference in the ZNC webadmin module fixed with upstream patch changes (CVE-2013-2130).

This is a bug identified by myself, confirmed in Debian, with a fix suggested and applied in Debian and fixed in Ubuntu Wily.

For the most part, however, these bugs are Security related. I have had multiple sync requests for this package sponsored, and had this backported in the past as well.

Areas of work

Let us know what you worked on, with which development teams / developers with whom you cooperated and how it worked out.

With regards to ZNC, I've worked with the MOTUs (for backports), with Micah Gersten in the past fairly often on this with regards to backports.

I've also worked with various Security team members for Security bugs in the ZNC package.

There are multiple people who have also sponsored my sync requests or updates or backports, though I do not have a complete list.

As a per-package uploader, please give us some insight into the package maintenance and bug situation since you're working on it.

The ZNC package is extremely stable. At the Ubuntu level, there are very rarely bugs reported on the 'znc' package, and I have not seen any crash reports in the errors.ubuntu.com outputs.

The package is maintained in Debian, and I have contributed some 'missing items' to them, which enabled other features, or I've caught Lintian headaches, of which were then addressed.

In terms of Security, there are not frequent CVEs on the software. When I am aware of such CVEs, though, I file a bug, and work with the Security team to attempt to get things fixed here in Ubuntu.

Within Ubuntu, however, the ZNC package seems to not get as much love from the community, and having the 'sponsorship' hurdle there makes it a little bit difficult to get non-security patches for issues into updates.

Things I could do better

Similar to how I work with the NGINX package, I rely heavily on upstream for bugfixes. I do contribute to ZNC's codebase in a more minor way, and I do keep an eye on all the ZNC issues reported. I also work to determine if any of these issues apply to Ubuntu, though there's not usually any need to do so.

Plans for the Future

My plan for the future for the ZNC package is to continue to provide bugfixes and maintenance for the package in Ubuntu. I also plan to continue to handle bug triage as necessary, and to coordinate with MOTU and Security teams for keeping the package up to date and maintained. I also plan to keep the package up to date in development cycles to keep it as the latest Stable release.

Why do I want PPU rights for the 'znc' package?

I wish to have PPU rights for the ZNC package in order to keep it maintained and up to date during the development cycles, within the bounds and confines of freezes and the policies. This is due to the headaches observed in supporting ZNC in their support channel.

One of the constant issues we see in the ZNC support channel on IRC is that people use the older versions in the repositories. We also get cases where a new version is uploaded but never made available in the release, so it misses security fixes.

To try and mitigate this, I provide a PPA for the software in Ubuntu. I also used to provide a third-party Debian repository with Debian builds for the software, to try and help mitigate these things, though that Debian repository has since gone offline.

Comments

If you'd like to comment, but are not the applicant or a sponsor, do it here. Don't forget to sign with @SIG@.

Endorsements

As a sponsor, just copy the template below, fill it out and add it to this section.

ENDORSEMENTS TEMPLATE

== <SPONSORS NAME> ==
=== General feedback ===
## Please fill us in on your shared experience. (How many packages did you sponsor? How would you judge the quality? How would you describe the improvements? Do you trust the applicant?)

=== Specific Experiences of working together ===
''Please add good examples of your work together, but also cases that could have handled better.''
=== Areas of Improvement ===

CategoryPerPackageUploaderApplication