Juliaphoebe ~ubuntu-security membership application

juliaphoebe · October 16, 2024, 2:02pm

Hey I am requesting membership to ~ubuntu-security. Here you can find all the information gathered to support my request.

Team Memberships

I am currently a member of the following teams:

Canonical - Joined on 2024-07-25
Canonical Security Team - Joined on 2024-07-25
Ubuntu Security Apprentices - Joined on 2024-07-25

Verified Identity - Ubuntu code of Conduct

My identity was verified during my onboarding as a Canonical employee. This process included a background check as well as verification through legal documents submission. Also, I have signed the Ubuntu Code of Conduct.

I will also be attending the sprint next week at the Hague!

Understanding of required tools and systems

As a member of the Security Engineering team, I have triaged multiple CVEs and I have also patched several packages and published the corresponding USNs:

I have also submitted a few bug reports during my security update and triage process:

I have also made a few modifications to our tooling:

I have modified UMT to validate that a line containing some reference to the relevant CVEs occurs in the changelog entry associated with a security update
I have modified UMT to more robustly parse .changes files during the update process, by incorporating the python3-debian parsing package
I have extended QRT to support regression testing for several additional CVEs I supported during the update process
I have built out a design pattern in QRT for jruby infrastructure, which may also allow us to develop a language-agnostic approach to regression testing as we continue to support more and more language ecosystems. MR here

I have also contributed to our “bridge” SBOM project, writing some tooling to easily test the client interface, and that other teams are also taking advantage of to more rapidly scan their packages.

I have also contributed some testing effort to the security scanner client project, including finding a couple small bugs and offering some UX feedback based on my own interactions with the client and my past experience as a full stack developer.

Current Work:

I am one of two engineers responsible for the core engineering work on a new community analytics project we’ll be working on next cycle
I’m helping out with our work to support the Python ecosystem, and will specifically be developing a plan for how to support Ruby in the future
I will be publishing another USN for the oath-toolkit CVE in the near future, now that Oracular is released and also needs the fix
I am undertaking a moderately-scaled process overhaul designed to streamline managing multiple security updates simultaneously (e.g. during work on one package across different Ubuntu releases, which is something we often do), reduce the overall amount of boilerplate work associated with the update process, and hopefully make onboarding easier for future security team members.

I think that’s everything. Thanks for reading

0xnishit · October 16, 2024, 2:17pm

+1 from me to support @juliaphoebe 's application to join ~ubuntu-security. She consistently produced outstanding work with each contribution.

pfsmorigo · October 16, 2024, 6:49pm

I support @juliaphoebe to become a member of ~ubuntu-security. She is a solid contributor to our team and have all requirements for it. Her patient to solve problems is admirable. +1 from me.

emitorino · October 16, 2024, 8:55pm

+1 from me as well to support @juliaphoebe’s application to ~ubuntu-security . The evidence she is providing clearly demonstrates she is meeting the expected requirements meanwhile contributing with excellence to the Ubuntu Security. Thanks for doing such great work!

cav · October 16, 2024, 10:23pm

As presented in the application above, @juliaphoebe has clearly met each requirement to join ~ubuntu-security and has done excellent work with all contributions. +1 from me.

sbeattie · October 16, 2024, 11:30pm

+1 from me on granting membership in lp:~ubuntu-security to @juliaphoebe . Julia has quickly picked up the process of performing updates and takes great care when doing so, is comfortable diving deep into debugging issues when hitting them (in particular, the ruby-rmagick update ended up trying to track down a regression in the imagemagick package), is comfortable asking team members for guidance when hitting aspects that she is not familiar with, and finally in the background has experimenting with prototyiping tools to help improve the update process. Keep doing great work, Julia!

leosilvab · October 18, 2024, 3:34pm

+1 from me as @juliaphoebe has shown amazing work that met all the requirements to join ~ubuntu-security.

rodrigo-zaiden · October 21, 2024, 5:52pm

+1 to add @juliaphoebe to ~ubuntu-security.
Thanks for doing an awesome job.

sbeattie · October 31, 2024, 10:44am

Thank you @juliaphoebe for your application, and thank you to everyone who gave feedback on the application. Voting is now closed.

The following votes were cast by existing Ubuntu Security members:

The application is approved with a balance of 7 affirmative votes making up 100% of the total votes cast.

Congratulations and welcome Julia Sarris! I have added you to the Ubuntu Security team, please exercise caution with your new rights.

Thanks,
Steve Beattie