I, Tyler Hicks, apply for core-dev.

Who I am

I'm an Ubuntu Security Engineer. I also maintain the eCryptfs module in the Linux kernel, co-maintain ecryptfs-utils, and am one of several upstream AppArmor developers.

My Ubuntu story

I first became involved with Ubuntu when eCryptfs was made available in the Ubuntu installer for ~/Private directory encryption in Ubuntu 8.10. I became the maintainer of the eCryptfs kernel module a couple months after the 8.10 release. The sharp increase in usage uncovered a number of eCryptfs bugs and I worked closely with Ubuntu users and developers to get fixes in place to ensure a stable user experience with ~/Private directory encryption. It wasn't long after that when I started using Ubuntu on my primary workstation.

My involvement

I joined the Ubuntu Security team in August 2011. I was initially focused on providing security updates for Ubuntu's stable releases. Performing security updates allowed me to touch a wide array of packages with varying packaging techniques.

I eventually became familiar enough with the AppArmor code base that I stopped doing Ubuntu security updates for some time to focus on AppArmor feature development for the Ubuntu Touch application confinement model.

I'm now back to doing a mix of Ubuntu security updates and security feature development to support the application confinement requirements of Ubuntu Touch and Snappy Ubuntu Core.

Examples of my work / Things I'm proud of

My single biggest effort while being part of the Ubuntu Security team is AppArmor mediation of D-Bus traffic in order for application confinement on Ubuntu Touch. I took the existing design and a partially implemented set of patches and polished them in a way that made them acceptable for upstream inclusion in the AppArmor and D-Bus projects. This included fully designing and implementing a way for userspace processes to query permissions allowed by AppArmor policy loaded into the kernel, finishing the partially implemented AppArmor hooks for dbus-daemon, landing the changes in Ubuntu, and eventually getting the feature fully merged in upstream D-Bus.

I'm also very proud that through the years of performing security updates, I've introduced very few regressions. I can only recall a couple of regressions. I attribute it to the shared mindset of the Ubuntu Security team to produce high quality updates without interrupting users. We're able to do this through careful patch review, backporting, and testing. This is a value that I've carried over to my own software development where I try very hard to only implement necessary features while adding a good amount of tests.

Areas of work

• My uploads sponsored by others

• Ubuntu Security updates that I've performed

• Security pocket uploads that I've sponsored for others

• Perform security design and code reviews for features that will land in Ubuntu

• Upstream AppArmor bug fixes and feature development in support of Ubuntu technologies

• Occasional eCryptfs bug fixes as needed (kernel and userspace)

Things I could do better

The Ubuntu Security team, in general, has a lot of things that come across the desk each day. It can sometimes be difficult to weigh the priorities of new work against existing, partially finished work. I feel like I could do a better job by seeing the items that I've nearly completed through to completion before allowing myself to become fully consumed by the latest interruption.

Plans for the future

General

I plan to continue to provide rock solid security updates and security features to Ubuntu users.

An upcoming AppArmor feature that I will help land in Ubuntu is AppArmor profile stacking. It will allow LXC based containers to confined at the host level with an overarching AppArmor profile that defines how the container as a whole is expected to act while the container itself can load additional AppArmor profiles for processes inside of the container. The kernel will mediate the actions taken by the container's processes based on the intersection of the per-container and per-process profiles.

What I like least in Ubuntu

Please describe what you like least in Ubuntu and what thoughts do you have about fixing it.

One significant area of improvement would be to leverage static code analysis and fuzzing tools in Ubuntu. We have automated testing infrastructure and that could be taken a step further by routinely scanning and fuzzing code that we ship the distribution. Some of that's already being done on a package-by-package basis, and Seth Arnold of the Ubuntu Security team has been utilizing fuzzing as part of the security review process for Main inclusion requests, but there hasn't been a large effort across the entire distribution to enable these tools and, ultimately, analyze their results.

Comments

If you'd like to comment, but are not the applicant or a sponsor, do it here. Don't forget to sign with @SIG@.

Endorsements

As a sponsor, just copy the template below, fill it out and add it to this section.

Jamie Strandboge (jdstrand)

General feedback

I've worked with Tyler very closely for years. I've sponsored many uploads, discussed feature development, observed his testing methodologies and his thoroughness. He cares about users, is highly technically skilled and asks questions when needed. To say that he is capable and ready is the definition of understatement. Ubuntu needs more people like Tyler and I whole-heartedly endorse him for core-dev. -- jdstrand 2016-02-23 16:21:48

Marc Deslauriers (mdeslaur)

General feedback

I've had the pleasure of working with Tyler on numerous security updates, and have sponsored multiple uploads for him. His attention to detail is remarkable. He is very knowledgeable and meticulous in the important details required to maintain the high level of quality present in the Ubuntu archive. I fully endorse Tyler becoming core-dev.

DustinKirkland (kirkland)

General feedback

Tyler has been my colleague and co-maintainer of eCryptfs for over 7 years. I have limitless respect for Tyler's technical expertise, diligence, and social interactions. Tyler has been a fantastic security lead for Ubuntu, providing hundreds of fixes for CVEs and vulnerabilities throughout the distro. The quality of Tyler's work, and his reach into the distro should make him a very easy Core Dev. I completely endorse Tyler for core-dev. -- kirkland 2016-02-24 15:47:42

TEMPLATE

== <SPONSORS NAME> ==
=== General feedback ===
## Please fill us in on your shared experience. (How many packages did you sponsor? How would you judge the quality? How would you describe the improvements? Do you trust the applicant?)

=== Specific Experiences of working together ===
''Please add good examples of your work together, but also cases that could have handled better.''
## Full list of sponsored packages can be generated here:
## http://ubuntu-dev.alioth.debian.org/cgi-bin/ubuntu-sponsorships.cgi?
=== Areas of Improvement ===

CategoryCoreDevApplication