Motu application for Emanuele Gentili (emgent)

[Jordan Mantha]

On Sun, Jun 29, 2008 at 3:26 PM, Emanuele Gentili <emgent at ubuntu.com> wrote:
>
> Please consider this my application to become an Ubuntu Motu.
>
>
> _Background_
>
> I'm Emanuele Gentili and i joined Ubuntu on July 2005 with 5.04 "Hoary",
> but I started to contribute in September 2007. I created an account (2007-11-09) on
> launchpad and later in forums to give support to people and community.
>
> I'm working to the Ubuntu Motu-Swat [0],  Ubuntu White Hat [1] (I'm coordinator),
> Ubuntu Server [2] (I'm working in Rapache [3] a python + GTK tool that uses the SSH protocol
> to manage and configure apache2 and all of its modules, now in alpha version i'm working to complete
> it for Intrepid+1), Ubuntu Flybook Team [4] (The intent of this team is to collect all Ubuntu users
> that possessing the jewel of Dialogue, The flybook, especially *V5 model*,to make it fully supported
> in Ubuntu.) and Ubuntu Hardened [5].
>
> My primary focus is providing security updates for packages in Universe and some in
> main but i work too in Ubuntu/Canonical infra (auditing), I examined REVU, launchpad,
> Soyuz, and ubuntu.com, blog.canonical.com and I found more security issue, now fixed [6].
> Also i wrote Anteater[7] a python tool for manage Ubuntu White Hat report with launchpad.
>
> More info about me available here:
> https://edge.launchpad.net/~emgent <https://edge.launchpad.net/%7Eemgent>
> https://wiki.ubuntu.com/emgent
>
>
>
> _Security_
>
> I have already uploaded few packages for Ubuntu's stable and development
> releases through security updates. The most important are:
>
> Wireshark, audacity and more other.
>
> The wireshark [8] update was very difficult, as upstream makes many changes to
> their codebase. I worked to backport patches and test it (assigned to me by Stephan Hermann).
>
> Audacity update was very difficult too, Debian and Gentoo wrote a wrong fix in the first time, but in Ubuntu was perfect.
> Comparing Ubuntu's patches against other distributions revealed that our patches
> are the most perfect of any distribution.
>
> About the other Security Fix in main/universe the work has been very long especially for write/testing fix and package testing.
>
> My work in Ubuntu White Hat was hard too.
> I was found a few issue on launchpad, ubuntu.com, Soyuz, canonical.com but i helped canonical coders/webmasters to fix all issue.
>
> Also i have some debdiff in waiting for fix some issue on apache2, fetchmail and tmsnc.
>
> _Packages_
> I am author (and maintainer) of uwha and Rapache (not yet in universe), and i'm maintainer of flickr-poster
> now pending in debian that i will sync it in ubuntu.
> Also I worked in Gosa, fprint-demo [9] and some other packages in Ubuntu and Debian for fix some bugs and optimize packages.
>
>
> _Future_
> I'd like became motu for work direcly in Universe for upload my security and non-security fix and maintain packages.
> Also I`d like to join ubuntu-universe-sponsor and ubuntu-backporters for help in this team to sponsor and backport requested packages.
> I will continue to work in security branch (ubuntu whitehat, motu swat) for try to close the impossible bug #208413.
>

I've worked with Emanuele a little bit, sponsoring a couple packages
some time ago. He definitely has enthusiasm and a desire to work on
security fixes, which I love to see. We definitely need his talents
and willingness in Universe.

However, I view security work to have a somewhat higher bar because it
often involves changes to the stable release. So someone who is
wanting specifically to have "solo" upload access for security updates
should have a quite firm grasp of packaging and policies as well as a
good team relationship. Since I haven't sponsored any security uploads
for Emanuele I can't speak directly to that, however I've seen a few
cases in the past (stuff I did sponsor or bugs he's worked on) where
he seemed to go a bit too fast and made some mistakes. That was around
the time he became an Ubuntu Universe Contributor. It sounds like
since then he's slowed down a bit and tried to be a bit more
deliberate about making sure he does high quality packages. I'm
interested to hear what his -security sponsors have to say about that.

I don't think I'd have any problem with him being a MOTU in a general
sense, but I personally feel he could use some "grilling" on what he's
doing to make sure security uploads are of the highest quality and
what steps he's taking to make sure silly little mistakes don't make
it to end users.

-Jordan