Hlibk ~ubuntu-security membership application

Team Memberships

I am currently a member of the following teams:

  • Canonical - Joined on 2024-10-01
  • Canonical Security Team - Joined on 2024-10-01
  • Ubuntu Security Apprentices - Joined on 2024-10-01
  • Customer PPAs Security Team - Joined on 2025-01-20

Verified Identity

I am a member of ~canonical-security, my identity has been verified through a background check, in person, and during the onboarding process.

History of high-quality sponsored security updates

I have made multiple security updates for different packages, with their respective USNs. These are listed below:

These updates have provided a diverse set of challenges. As an example, in the python-urllib3 update, a failing test was identified that was causing build failures from source on one of the Ubuntu releases (Launchpad bug number: 2084715), which was promptly fixed along with the USN.

One of the packages that proved to be challenging was vim, as the package had many code differences between releases, and the backports were not as straightforwards because of it as with other packages. There were also some tests that were failing both locally and when building on Launchpad, and therefore deep analysis had to be made as to whether those test failures were caused as a result of those backports, or if they were unrelated. Some of the tests ended up being skipped.

After thorough running and testing of the salt package after the backport fixes, an issue was identified with the package which made testing troublesome. This issue was consequently assigned a bug report (2091653) and subsequently released along with the USN.

All USNs also included previous research of the vulnerabilities and CVEs. In some cases, the CVE patches were not clearly identified (such as with shiro and recutils packages) which required investigation into which patches applied the fix for the respective CVEs.

Demonstrated understanding of required tools and systems

I have worked primarily with UCT by researching, identifying, and updating the tracker with the corresponding information from previous research and published USNs.

Some examples are:

I have also implemented several QRT tests to test for potential regressions in packages. Some examples are:

Through the CVE patching process, I was also able to identify and make improvements to the existing security team scripts that are used for it, such as scripts in ubuntu-security-tools and ubuntu-qa-tools. Some examples of these are:

I have also made improvements to scripts in private repositories.

Continued, on-going security updates

As a member of the Security Engineering team, I will continue to work on security updates on a regular basis.

Demonstrated responsive and respectful communication

I have signed the code of conduct. I regularly monitor Launchpad bugs for packages I have patched, as well as relevant mailing list announcements, looking for possible regressions. I was only once inquired about a security update, which I responded to promptly by providing the needed information and resources about the respective CVEs.

Demonstrated understanding of the responsibility of ~ubuntu-security membership

I am following credentials best practices, my disk is fully encrypted, and have 2FA enabled for all accounts.

+1 from me! Hlib has contributed a lot and he absolutely deserves full membership.

+1 from me as well! Hlib has made great contributions to the security of Ubuntu.

+1 from me. Hlib has shown a lot of quality in the many updates he has already done. also, I’m very glad to see Hlib’s awareness of the big picture finding the balance between security x usability. making sure we have our packages safe and usable.
Thanks for you hard work and commitment !

+1 from me. Hlib proved to be a solid contributor to the team with many quality security updates over the months here. He sure deserves to be a member of ubuntu security. Thanks for the updates and tools improvements, Hlib!

Hlib has shown, through the quality of their work and sheer numbers, to have a solid grasp on the patching process.

They have tackled a varied set of packages, done well, and contributed additional improvements. Obtaining this membership will remove the remaining hurdles in their way regarding access and I expect that it will boost its throughput.

I see no compelling reason why they should not receive a +1 on their application.

+1 from me too. Hlib has demonstrated a solid understanding of the process, the steps, how to handle a number of exceptions and how / when to reach out for advice for those cases. I’m happy with the quantity, diversity and quality of the security updates that have been completed as well as tooling improvements along the way. I recommend that Hlib gets ubuntu-security membership.

+1 from me for Hlib to join ~ubuntu-security!!

+1 from me too! Hlib has made great contributions and deserves to be a member of ubuntu security.
Thanks for all the hard work Hlib!

Thank you @hlibk for your application, and thank you to everyone who gave feedback on the application. Voting is now closed.

The following votes were cast by existing Ubuntu Security members:

The application is approved with a balance of 8 affirmative votes making up 100% of the total votes cast.

Congratulations and welcome Hlib Korzhynskyy! You will be added to the Ubuntu Security team, please exercise caution with your new rights.

Thanks,
Stephen Clarke