David. Luigi is my favorite video game character from growing up. When I first started using the internet in the mid-90’s, one of my first destinations was nintendo.com. I created my first online account there, originally Davidwalser, which I soon realized wasn’t exactly what you wanted an online screenname to be, so I changed it to Luigiwalser. My first, and still current, e-mail account, firstname.lastname@example.org, was created a few months later.
I also learned about IRC in my early internet days, and didn’t use it much, but I learned that you don’t typically want to use your real name while on IRC. This was more true of generic IRC, like DALnet that I used back then occasionally. Obviously it doesn’t really apply on Freenode. Anyway, I created the IRC name Luigi12 way back then (12 being my favorite number), and have always used that on IRC ever since. People in Mageia sometimes call me Luigi primarily because of my IRC name. One fellow distance runner that I know IRL also calls me Luigi because of my e-mail address. I don’t really mind that, but I prefer people call me David, as that’s my real name :o)
Can you introduce yourself in a few words?
I am generally a man of few words, but I probably need a few more to introduce myself. I have been using Linux for 15.5 years, and Mandrake/Mandriva/Mageia for 15 years. I have been contributing since the summer of 2001 to some degree. I did a fair amount the first few years, not much for the next seven, and have done quite a bit since I joined Mageia at the end of 2011.
I am 33 years old, am a former high school math and computer science teacher, still am involved with high school track & field, and now teach Linux/Unix fundamentals to adults. I am a distance runner and I enjoy watching American football and listening to music.
So you are our cerberus for security update for some time now. Why did you choose to contribute on security side? This part of contribution is often seen as quite boring comparing to working on new functionnalities.
Security has always been important to me. It is something I always took seriously in setting up Linux systems for myself and my family in the early years, as well as Linux and Solaris systems that I administered for my college department in 2002. In fact, my very first contribution to Mandrake was a patch to a script in their CUPS package, whose purpose was to automatically generate cupsd.conf, to make it not listen on a network interface connected to your WAN, i.e. a security hardening :o).
I stumbled into my current role at Mageia completely by accident. I had upgraded my sister’s laptop from Mandriva 2010.2 to Mageia 1, and noticed one Mandriva package left on the system because it had a newer release tag than the Mageia package. The reason was because Mandriva had done a security update for the package, but when it was imported into Mageia, the release version was imported rather than the updates version. I was concerned about other security updates that might have been missed, and began investigating this. I started filing bugs for missing security updates and helping the QA team test updates that got packaged, to help the updates get released more expeditiously.
I also joined as a packager because there were a couple of packages that I wanted to import. Once I had packager access, I had the ability to help package some of the security updates. Over time this lead me to my current role, of keeping track of security issues and packaging some of the updates. I’m fortunate that I’m able to do some sysadmin work at my job as we’re a small team and support less than 50 students at a time, so I use Mageia on several of our servers as well as my desktop at work, so I’m able to spend some work time on Mageia stuff.
Could you explain us what your job is about in security team?
Managing security updates for the distribution. I use whatever sources of information I can to be informed about security issues that affect our distribution, file bugs for these, and try to help ensure that updates get packaged. I do much of the packaging myself, involve other packagers to help with this work, and work with the QA team to help the updates get tested and released.
So Mageia 3 is now EOL. What does that mean exactly? What would you advise to Mageia 3 users?
The EOL means that Mageia will no longer be releasing updates for Mageia 3. Any new security issues or bugs that come to light will not be fixed. Mageia 3 users should upgrade to Mageia 4 as soon as possible. Most Linux distributions are supported for a fixed amount of time after they are released. Mageia releases are supported for 18 months.
Beyond this amount of time, it becomes more difficult to obtain fixes for security issues for many packages. As a community run mostly by a small number of volunteers, our resources for providing support are rather limited too.
This last question is for you :). What would you say to recruit new contributors to help in security team (aside from promising coffee or beer ) ?
I suppose it’s good that coffee and beer weren’t offered in the beginning, as I don’t drink either of those (nor anything carbonated, caffeinated, or alcoholic :o). Anyone that uses Mageia should understand that the updates that seem to magically appear periodically don’t actually get there by magic. It’s a lot of work done by a small amount of people.
Anyone that is concerned about the security of the software that we ship and has the ability to contribute to this effort can help ensure that Mageia continues to have a good security posture by helping out. It isn’t the most exciting work, but it is very important and impacts all of our users, so it can be rewarding when you look at it that way. Contributing to this effort is a good way to have a positive impact on the distribution, and it gives you the opportunity to become more familiar with our overall package set.
The security team also acts as a kind of bridge between the packaging and QA teams, and it is fun interacting with these great groups of people.
You can join me on IRC or by mail.