Sudhackar ~ubuntu-security Membership Application

sudhackar · October 16, 2024, 7:51am

Hello everyone!
I am requesting membership to ~ubuntu-security. The information requested in the spec is listed below:

Team Memberships

I am currently a member of the following teams:

Ubuntu Security Apprentices - Joined on 2024-04-30
Canonical Security Team - Joined on 2023-10-18
Canonical - Joined on 2023-10-16

Verified Identity

My identity was verified through the general Canonical employee onboarding process, which includes a background check, and verification of my government issued identity documentation.
I have also attended the Canonical Engineering Sprint in May 2024, where during a PGP key signing party, several members of the Ubuntu Security team were able to verify my identity.
I have attended the Canonical Engineering Sprint in October 2023, where I met most of the team in person.

My PGP signed “Ubuntu Codes of Conduct” is attached to my Launchpad account, and available here

History of high-quality sponsored security updates

While being at Canonical I have taken part in the PSIRT initiative - working on validating vulnerability reports, crafting PoCs and publishing patches

CUPS

USN-6844-1 - CUPS vulnerability - part of a chain, worked on validating and backporting the patch, upstream fixes lead to regression leading to
USN-6844-2 - some public feedback and personal chats later

netplan.io

USN-6851-1 - internal report - part of another chain, worked on testing and backporting, upstream fixes lead to another regression (you see a pattern here!)
USN-6851-2

wpa

USN-6945-1 - part of the chain from earlier USNs - tested and working on Marc’s patch

Demonstrated understanding of required tools and systems

I have worked with UCT as a part of my CVE patching process, example merge requests are listed below:

468041
468311
464632

For UST
467150

I have undertaken MIRs and related upstream contributions
sysprof and related PR fixes
python-boto3, python-botocore, python-s3transfer and related PR fix
authd

PR/Patch review - might 403 - private vuln reports
netplan.io
cloud-init

While working on patches - upstream fixes
python-versioneer

Demonstrated responsive and respectful communication

I have signed the code of conduct. I regularly monitor Launchpad bugs for packages I have patched, as well as relevant mailing list announcements, looking for possible regressions.
This can be verified by the regression chain for cups linuxmint-forum and related lp

Demonstrated understanding of the responsibility of ~ubuntu-security membership

I am following credentials best practices, my disk is fully encrypted, and have 2FA enabled for all accounts.

0xnishit · October 16, 2024, 8:00am

+1 from me to support @sudhackar 's application to join ~ubuntu-security. He consistently produced outstanding work with each contribution.

alexmurray · October 16, 2024, 9:25am

+1 from me for @sudhackar to become a member of ~ubuntu-security - he clearly meets the requirements outlined in [spec] ~ubuntu-security membership and has been a strong contributor to the team during the past 12 months as a member of ~ubuntu-security-apprentices.

cav · October 16, 2024, 10:51am

+1 from me as well! @sudhackar clearly has demonstrated the requirements to join ~ubuntu-security and has continuously produced excellent work with all contributions.

pfsmorigo · October 16, 2024, 6:45pm

@sudhackar has all the requirements to become a member of ~ubuntu-security. His skills are highly valuable to the team. +1 from me.

eslerm · October 16, 2024, 6:47pm

+1 to add ~sudhackar to ~ubuntu-security. Sudhakar does quality work and takes the initiative. Sudhakar has been helping drive coordinated vulnerability responses as an analyst. I appreciate Sudhakar’s analytical skills and his initiative to help communicate issues internally and externally.

sbeattie · October 17, 2024, 12:05am

I am +1 on granting lp:~ubuntu-security membership to @sudhackar based on his body of work; taking responsibility to address regressions regardless of origin is an important aspect of being a team member, and Sudhackar has done that well. Similarly, pushing fixes to upstreams is an important part of being part of the broader open source community. Keep up the great work!

leosilvab · October 18, 2024, 11:02am

+1 from me for @sudhackar to become a member of ~ubuntu-security. He has consistently produced outstanding work.

techalchemy · October 18, 2024, 8:15pm

+1 on granting @sudhackar membership!

rodrigo-zaiden · October 21, 2024, 5:47pm

+1 to add @sudhackar to ~ubuntu-security.
Appreciate your commitment

sbeattie · October 31, 2024, 10:47am

Thank you @sudhackar for your application, and thank you to everyone who gave feedback on the application. Voting is now closed.

The following votes were cast by existing Ubuntu Security members:

The application is approved with a balance of 9 affirmative votes making up 100% of the total votes cast.

Congratulations and welcome Sudhakar Verma! I have added you to the Ubuntu Security team, please exercise caution with your new rights.

Thanks,
Steve Beattie