=== Varka_ is now known as Varka
mruiz@schedule Santiago05:19
ubotuSchedule for America/Santiago: 12 Mar 17:00: Server Team | 14 Mar 16:00: MOTU | 14 Mar 17:00: REVU Coordination | 19 Mar 17:00: Server Team | 26 Mar 17:00: Server Team05:38
=== cjwatson_ is now known as cjwatson
* ogra feels like sh*t06:57
* asac waves (in time)06:57
cjwatsonwe are out of coffee! argh06:58
* cjwatson attempts to survive on juice alone06:58
* ArneGoetje waves06:58
ograhard thing06:58
TheMusocjwatson: I've always found a morning walk gets me woken up. :)06:58
cjwatsonbit late :)06:58
TheMusoYeah I know, but nevertheless, its the suggestino that counts.06:58
cjwatsonta :)06:58
ograel suggestino ?06:59
cjwatsonso just waiting for doko06:59
ograhe was in distro ...06:59
calcevand: early enough for you? :)06:59
TheMusoogra: yeah slip of the fingers.... twice.06:59
cjwatsondoko: ping06:59
ograTheMuso, sounds like some kind of southamerican pimp :)07:00
dokogood morning07:00
TheMusoogra: I know.07:00
evandcalc: pff, a cakewalk07:00
cjwatsonaha, welcome07:00
cjwatsonright, I only have two activity reports this week; I hope that the rest are stuck in a mail queue (I think my mail reception doesn't work so well overnight for some reason)07:00
* cjwatson blinks and realises he clearly can't count07:01
* TheMuso saw a lot on the ml./07:01
ArneGoetjeI just submitted mine a few minutes ago... sorry for that07:01
* ogra just sent his ... with wrong date first place ...07:01
calccjwatson: more coffee?07:01
cjwatsonah, I counted ogra twice and made it nine without bothering to check all the names :) sorry Steve07:01
cjwatsonok, somebody else will have to say if there are agenda items in activity reports07:02
ograyeah, we're easy to mix up :P07:02
ArneGoetje2 in my one07:02
cjwatsonso I wanted to talk first about scim, since there has been a lot of user confusion about scim accidentally being enabled for them, and I want to make sure we have a clear plan to ensure this is fixed for beta07:03
ArneGoetjecjwatson: it is fixed already07:03
cjwatsonat the moment it looks like live CDs and fresh installs don't have it switched on, but that users sometimes get it enabled on upgrade07:03
cjwatsonArneGoetje: somebody reported breakage on upgrade just yesterday07:03
asaci don't know if i forcefully uninstalled it, but its not enabled for me anymore. it was rather annoying a week ago.07:03
ArneGoetje * scim enabled by default for non-CJK locales: This has been resolved07:04
ArneGoetjewith the latest scim and scim-bridge updates. On a current Live CD the07:04
ArneGoetjeold behaviour, where scim is by default disabled for non-CJK locales can07:04
ArneGoetjebe observed. Upgrading from Gutsy to Hardy should work fine also,07:04
ArneGoetjehowever I haven't tested it yet. For users who followed the Hardy07:04
ArneGoetjedevelopment manual interaction is required though. Calling07:04
ArneGoetjeLanguage-selector, unchecking the checkbox and doing a re-login should07:04
ArneGoetjebe sufficient.07:04
calci had to go back to gutsy for my vmware session for other reason so i didn't see if it got fixed for my issue07:04
cjwatsonArneGoetje: ah, is that a change since yesterday?07:04
calcbut it hasn't seemed to have affect my two hardy systems07:04
ArneGoetjecjwatson: no, I updated the packages a few days ago.07:04
cjwatsonArneGoetje: there have been reports since then; the evidence suggests that upgrades are still broken07:05
cjwatsonsomebody just yesterday reported upgrading from alpha-6 to current and having scim enabled07:05
ograi didnt have any trace of scim on yesterdays classmate image07:05
=== _czessi is now known as Czessi
ArneGoetjecjwatson: for users who follow Hardy for a longer period, manual interaction is required to fix this. Language-selector -> uncek the checkbox -> re-login should fix it.07:06
slangasekwell, presumably neither I nor the other bug reporter followed the "calling language-selector" step?07:06
ograi mean of it getting in my way ... its installed indeed07:06
slangasekOTOH, where *is* language-selector? I don't seem to have it on my system07:06
ArneGoetjecjwatson: Live CD from Mar 9 had it fixed already07:06
cjwatsonArneGoetje: OK, I'll be happy if gutsy->hardy (and ideally also dapper->hardy) are tested for this before beta07:06
cjwatsonArneGoetje: could you organise that?07:06
ArneGoetjeslangasek: System -> Administration -> Language Support07:07
cjwatsonslangasek: we should add Arne's comment above to the release notes07:07
slangasekcjwatson: ack07:07
ArneGoetjecjwatson: will do.07:07
cjwatsonArneGoetje: is there any way to sanely spot the breakage and revert it without also overwriting user customisations?07:07
cjwatsonthree's been a lot of noise on #ubuntu-devel, #distro, #canonical, well just about everywhere about it07:08
cjwatsonScott has been taking a lot of heat for it too07:08
cjwatson(since everyone assumes it's a desktop thing)07:08
ArneGoetjecjwatson: not really... see my comments in bug #19903007:08
slangasekoverride the alternative on upgrade only if it's set to the expected value and we're upgrading from the problematic version?07:08
ArneGoetjecjwatson: short explanation:07:09
ArneGoetjecjwatson: some time in the past the function to enable/disable scim in language-selector broke and the link in /etc/X11/xinit/xinout.d/ for all_ALL was set by default.07:10
ArneGoetjecjwatson: as we cannot detect which user enabled it on purpose and who didn't, we cannot fix it by script, can we?07:11
ograyou could ask07:12
slangasekby "set by default", you mean "update-alternatives was misused from a maintainer script"?07:12
slangasekor something else?07:12
ogralike the directory conversion tool does07:12
ograits ugly but helps07:12
ArneGoetjeslangasek: I'm not sure what caused it actually.. I just remember that I couldn't uncheck the checkbox anymore...07:12
cjwatsonI'm not convinced that all these users had ever seen the language-selector UI07:12
slangasekI hadn't :)07:13
cjwatsonit feels much more like an update-alternatives accident to me07:13
ArneGoetjecjwatson: as I said, I'm not sure what caused the breakage...07:13
calcit affected my vmware image when i hadn't done anything with it, of course it wasn't a local fresh install (got it off the site)07:13
cjwatsonthat means we need to be extra-careful about testing it07:13
calcit was a image that was upgraded from gutsy07:13
cjwatsonif you aren't sure what caused it, it doesn't seem that you can say that it happened during hardy development07:13
cjwatsonand we should probably put some effort into tracking down what *did* cause it07:14
cjwatsonreport is that alpha-6 -> current reproduces it, so perhaps we should start there07:14
ArneGoetjethe bug was triggered recently with the seeding of im-switch. when im-switch is not installed on the system, scim can't be started at all. that's why it hadn't surfaced earlier.07:14
cjwatsonbut it's a very serious problem when it does show up, so it is our responsibility to understand it as much as we can07:15
slangasek  * debian/scim.postinst: disable u-a calls for all_ALL; remove the07:15
slangasek    scim-bridge entries again... they should go into the scim-bridge package.07:15
cjwatsonwhile I'm happy with "hardy users have to do some magic to recover" if that's necessary, it would be better for that not to be required07:15
slangasekArneGoetje: that's from the most recent changelog on scim; what was the u-a call being disabled?07:16
ArneGoetjeslangasek: that was the fix, yes07:16
cjwatsonalso, was the removal of those alternatives from postinst accompanied by a prerm change to remove existing alternatives on upgrade?07:16
slangasekArneGoetje: "what" was the u-a call being disabled? :)07:16
cjwatsonhmm, apparently those alternatives are unconditionally removed on upgrade07:17
cjwatsonslangasek: it's the one that's commented out in scim.postinst at the moment07:18
cjwatson        #ua_inst all_ALL scim  007:18
cjwatson        #ua_inst all_ALL scim-immodule 007:18
ArneGoetjeslangasek: before it was set to scim-bridge, as well as additiinal entries to scim and scim-immodule, but with lower priority. that was amistake07:18
slangasekok, those are just removals of calls to ua_inst(), which currently DTRT07:18
cjwatsonoh, no, I'm wrong07:18
slangasekso it's not the culprit for the manual u-a07:18
cjwatsonArneGoetje: we have some empirical evidence that update-alternatives has ended up in manual mode for the xinput-all_ALL alternative07:18
cjwatsonin the buggy cases07:18
cjwatsonthis class of problem is traditionally an absolute bastard to track down, but usually worth it07:19
cjwatson(and sometimes is a bug in update-alternatives, which is one of the least reliable programs in the dpkg toolchain)07:19
ArneGoetjecjwatson: they will also be removed in prerm07:19
cjwatsonworst case, as ogra suggests, a debconf question on upgrade might be the least ugly solution07:20
slangasekhrm, I don't remember if u-a --remove DT"R"T if called for an alternative in manual mode that's pointed at the entry you're removing07:20
slangasekso the alternative was reported to be wrong in the alpha-6 liveCD?07:21
cjwatson    if ($mode eq "manual" and $state ne "expected" and (map { $hits += $apath eq $_ } @versions) and $hits and $linkname eq $apath) {07:21
cjwatson        &pr(_g("Removing manually selected alternative - switching to auto mode"));07:21
slangasekshould be traceable in that case07:21
cjwatson        $mode = "auto";07:21
cjwatson    }07:21
cjwatsonit's supposed to, at least07:21
cjwatsonI'm not sure if it was desktop or alternate, the report wasn't detailed enough07:21
slangasekcjwatson: well, that means that every package upgrade resets the value...07:22
slangaseksince they're all being unregistered in prerm and reregistered in postinst07:22
cjwatsonhah, yes, apparently07:22
cjwatsonthis is one of the broken modes of update-alternatives use07:22
cjwatson(which is UNDOCUMENTED, gah policy rant)07:22
slangasekso I'll dig into the livefs and see if I can confirm the broken alternative there07:23
ubotuLaunchpad bug 199030 in scim "Can't close SCIM" [High,Fix released] https://launchpad.net/bugs/19903007:24
doko_fixing bugs in update-alternatives for hardy+1 would be nice ...07:24
* cjwatson would just like to say http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=7162107:24
ubotuDebian bug 71621 in debian-policy "No policy on calling update-alternatives (was Re: update-alternatives)" [Wishlist,Fixed]07:24
cjwatson(which Manoj closed out of hand)07:24
slangasekyou could reopen it now that Russ is a policy maintainer :-)07:25
cjwatsonI think I might07:25
cjwatsonslangasek: could you continue to work with Arne to try to nail this down?07:26
cjwatsongreat, thanks07:27
cjwatson * Beta status07:27
cjwatsonI know we aren't quite frozen yet - anything interesting to report?07:27
TheMusoWubi installs onto FAT32 partitions are currently a non-event.07:27
cjwatsonI wonder if those should just plain be blacklisted07:27
cjwatson"doctor, it hurts when I do this"07:28
slangasekbeta is the milestone where aaaaaall the bugs have landed that weren't critical for the alphas07:28
TheMusoSpent time with Agostino today debugging a few things, but still an issue somewhere, where abouts I'm not sure yet.07:28
* ogra is heavily disappointed by ram usage of the i810 driver on the classmate ... 07:28
slangasekso there's some triaging to be done, but more importantly there's plenty of bugfixing we should be doing too :)07:28
TheMusocjwatson: Sounds sane to me, since NTFs allows for much larger files, and we can now write to it anyways.07:28
ograi tried the intel driver by accident, it takes over 30M less reserved ram :(07:29
slangasek(.oO wubi to umsdos...)07:29
TheMusoslangasek: Yes, installing onto FAT32 bails out on first attempted boot from the loop mounted FS.07:29
slangasekTheMuso: oh, sorry, I thought I was making a umsdos joke07:30
cjwatsonthat is rather a lot of bugs07:30
calcugh no umsdos die die die07:30
evandZipSlack will make a comeback someday ;)07:30
calcumsdos on fat16... really good way to eat up all clusters07:31
cjwatsonbug 193842 looks complex, and better sooner than later if it's going to land07:31
ubotuLaunchpad bug 193842 in acpi-support "Please sponsor cherrypicked fixes for acpi-support into Hardy" [Medium,Triaged] https://launchpad.net/bugs/19384207:31
ograare we sure these scripts are executed at all with the new power management structure ?07:33
* ogra knows modules he lists in /etc/default/acpi-support are definately not unloaded anymore07:33
slangasekwell, I know things aren't firing that I'm expecting to on my Thinkpad07:33
slangasekbut I'm not sure whether that's a kernel issue07:34
ograall i know is that with hardy the PM structure changed a lot leaving everything to hal, having mjg59 taking a look at that bug would be a good thing imho07:34
calcbtw are systems supposed to make noise now on sleep/wake?07:34
cjwatsonit wouldn't hurt, but since he's formally left the project we cannot rely on him to do it07:34
calci noticed my laptop started doing that a while back07:34
doko_had a lot of problems with the lcd brightness not coming up again after sleeping07:35
doko_but current kernel works07:35
ogracalc, it does that on lid open/close as well ... gpm doesnt have a fine grained scheme for it and just makes noise for everything or nothing07:35
calcogra: ah07:35
slangasekcalc: there's a g-p-m change, if you look under preferences there's "Use sound to notify in event of an error"... it seems to believe that everything is an error07:35
dholbachacpi-support has ~18 bugs with patches attached: http://daniel.holba.ch/really-fix-it07:35
ograi had disabled it in the past because i didnf fid it suitable without being able to tag events for noise specifically07:36
cjwatsonok, we could probably keep on looking at ACPI bugs all day, but I gathered there were a few other agenda items07:36
calcslangasek: yea it always claims my system doesn't suspend properly but it seems to afaict07:36
slangasekwho else do we have that's versed in the current power management structure then?07:36
ograslangasek, ted does the frontend and matthew the acpi and parts of the kernel stuff07:36
cjwatsonpitti is usually a good start for matters of hardware-from-userspace07:36
bryceit suddenly got awfully quiet - is this thing still on?  *pff pff*07:37
ografor hardcore kernel things amit is also a good resource07:37
cjwatsonand as ogra says Ted has been taking on gnome-power-manager maintenance07:37
cjwatsonbryce: there's been pretty steady conversation for the last 30+ minutes07:37
bryceweird, irc was being hangy.  seems better now07:38
dholbachg-p-m has 14 bugs open on http:/daniel.holba.ch/really-fix-it - if we can't review them, maybe we should forward them upstream and see what hughsie says07:38
cjwatsoncould somebody volunteer to review and sponsor that acpi-support change, please?07:39
cjwatsonI suspect that, if it's any good, Daniel Hahler may end up as the de facto acpi-support maintainer ;-)07:39
slangasekI've already followed up to an acpi-support sponsor request, because some of the proposed changes affect my hardware07:39
slangasekI can follow through07:39
cjwatsonmuch appreciated07:40
cjwatsonArneGoetje: you said you had some other agenda items?07:41
ArneGoetje * There is a crash report for scim-bridge which has lots of duplicates07:41
ArneGoetjeby now. However, I cannot reliably reproduce it. People claim07:41
ArneGoetjescim-bridge crashes on startup. However, on a recent Live CD and also on07:41
ArneGoetjemy local system, there is no crash.07:41
ArneGoetjeWhen installing the Live CD from 3 days ago, after reboot, I activated07:41
ArneGoetjescim support in Language-Selector and did a reboot. After then I opened07:41
ArneGoetjea terminal and toggeled scim repeatedly by pressing crtl+space multiple07:41
ArneGoetjetimes. The crash happened once and never again. Also inputting complex07:41
ArneGoetjescripts with scim worked. So, as I cannot reliably reproduce this crash,07:41
ArneGoetjeI'm asking for help.07:41
slangasekno apport retracer data on it07:42
ArneGoetjeslangasek: the bug has apport data attached.07:42
slangasekbug #?07:42
ArneGoetjebug #19959207:43
* slangasek whimpers07:44
slangasekthat looks like conflicting libstdc++ versions to me07:44
ArneGoetjeSo, basically my question is, why it happens only in some situations, and whether it really is a scim-bridge bug or libscim, which is in the scim package, or somewhere else...07:45
ArneGoetjeI noticed there were some linstdc++ updates in the past days...07:45
slangasekI'm thinking of the class of crash that's caused by having two different libstdc++ sonames loaded in memory at the same time07:46
* ArneGoetje has no idea about that07:46
slangasekit classically affects XIM because XIM is one of the few things that's dynamically loaded by a large range of apps, *and* is written in C++07:46
cjwatsonthis is the actual scim-bridge process though, not a random client07:46
doko_but even the fglrx driver now uses libstdc++.so.607:47
slangasekright; I don't know for sure that's the same problem here, but it's the first thing I think of when I see unreproducible crashes in a C++ deconstructor07:47
cjwatsoncould of course be a poorly-written destructor07:47
doko_hmm, when was scim-bridge built the last time?07:48
slangasek6 days ago07:48
cjwatsonscim::Module::unload is not exactly trivial ...07:49
cjwatsoncalls a bunch of other stuff, does dlclose, etc.07:49
cjwatsonbut the crash doesn't always seem to be there, either07:50
cjwatsonit might be worth running scim-bridge under valgrind07:50
cjwatsondoko_: could you help Arne out with this?07:51
doko_cjwatson: trying, but probably not before Tuesday07:51
cjwatsonok, if the other problems with scim being started by default get fixed, then it will only affect CJK users (for whom presumably it isn't a regression)07:52
ArneGoetjefor CJK users it's expected behaviour07:52
cjwatsona crash is not expected behaviour07:53
cjwatsonwithout loss of generality07:53
ArneGoetjeI mean scim being started by default :P07:53
cjwatsonright, but I didn't :-)07:53
ArneGoetjegot it07:53
cjwatsonI meant that the crash has presumably been around for a while07:53
cjwatsonI'll un-private that bug and stick it on the hardy list07:54
cjwatsonany other business?07:54
asactwo quick questions:07:54
TheMusoYes, a quick one re minutes.07:54
TheMusoasac: go07:54
asacNetworkManager: does anyone experience issues since 0.6.6? i am especially interested in ipw2X00, madwifi and broadcom things.07:54
cjwatsonbroadcom seems OK for me so far07:55
doko_cjwatson: some things ...07:55
* ogra is very happy with it on his laptop and on the classmate07:55
* TheMuso hasn't used his ipw2100 for a fair while, but will try with the latest daily.07:55
ogra(laptop == broadcom as well)07:55
asacTheMuso: please do07:55
asaci dropped a bunch of driver tweaks07:55
doko_do we want to have bash-completion installed on the desktop?07:55
asacand its hard to judge from bugs if that is just after-upgrade-"noise"07:55
asac2nd. did anyone retrieve my activity report last week?07:55
* ArneGoetje has ipw2200... will try tonight... (no wireless here right now)07:55
doko_some users think so, but others disagree. if it's installed, it is enabled by default07:56
ogradoko_, is it big ? does it do any harm sitting on the disk ?07:56
cjwatson3010     Mar 05 Alexander Sack  (  74) [ACTIVITY] Feb 27 - Mar 04 (asac)07:56
cjwatson3069   L Mar 12 Alexander Sack  (  59) [ACTIVITY] Mar 05 - Mar 1107:56
doko_no harm on the list07:56
asacArneGoetje: highly appreciated. i have reports about it being broken07:56
Hobbseeasac: wfm, ipw3945 (know it's not exactly your target group)07:56
slangasekwasn't it installed by default before (as part of bash)?07:56
ArneGoetjeasac: orz07:56
cjwatsondoko_: I never wanted it enabled by default in the first place, but considered that I'd lost that battle07:56
* TheMuso wondered where his useful completion went.07:56
asaccjwatson: ok thanks. i still didn't get that. just want to be sure because it contained some valuable content about mozilla translations imo07:56
TheMusoI can live with not having it by default.07:57
ogradoko_, pfft07:57
doko_slangasek: yes, but I got tired, never getting any replies from upstream07:57
ograthats nothing07:57
asacok if you could try all the chipsets you have around i would be happy to receive feedback07:57
ograimho we should have it ... its comfortable07:57
TheMusoasac: Will keep you posted.07:57
asacTheMuso: go07:57
cjwatsonthe only thing that ever concerned me about bash-completion was shell startup time07:57
doko_in the case we still want it, I'd like to seed it for desktop, so that people can uninstall it on the server07:57
calcasac: not sure if this is expected but it seems nm still drops connection on upgrades07:58
cjwatsonmainly affecting people like us who start lots of shells07:58
TheMusoOk. re minutes, this is the 4th week I've done it. While I don't mind doing them, I wonder if people would be up for doing 4 weekly stints of minutes, and then moving onto someone else?07:58
asaccalc: thats expected. i will fix that for final (e.g. don't restart at all)07:58
calcasac: ok07:58
doko_ok, but the lots of you can then remove or disable it07:58
ogracjwatson, well, give that the terminal we use already grabs 20-25M and is slow anyway, who cares ...07:58
asacnot restarting is the official advice from upstream :(07:58
cjwatsonogra: might be the terminal *you* use :-P07:58
ogracjwatson, i use the one *we* install by default :)07:59
doko_any disagreement to seed bash-completion again?07:59
ograthe one our users use :)07:59
cjwatsondoko_: remove/disable> indeed, I do, but still07:59
cjwatsondoko_: bash-completion is a Recommends at present, so it looks like it can be removed already07:59
doko_we can keep it in universe as well07:59
cjwatsonin fact, I appear not to have it installed, presumably by accident08:00
cjwatsonogra: (yeah, this is my one deviation from that rule which I normally do apply to myself)08:00
doko_next thing: shorewall - do we want to have this in main?08:00
cjwatsonI have no objection to bash-completion either being seeded or unseeded; if it is seeded, it should be as a recommends (" * (bash-completion)")08:01
ograi use xterm on the classmate i must admit :)08:01
cjwatsonhang on, let's serialise these agenda items08:01
ogradoko_, i thought that was gone after th discussion a month ago08:01
cjwatson07:58 <TheMuso> Ok. re minutes, this is the 4th week I've done it. While I don't mind doing them, I wonder if people would be up for doing 4 weekly stints of minutes, and then moving onto someone else?08:01
cjwatsonI have no objection to rotating the secretary job if there are other volunteers08:02
cjwatsonTheMuso: BTW, as a small tweak, it would be good to have an explicit Actions section at the end with any specific follow-on tasks that have been agreed; I find that useful when it comes to the next meeting08:03
TheMusocjwatson: Ok thanks for feedback.08:03
cjwatsonwould anyone else like to do this after Luke, with the knowledge that it's for a bounded time?08:03
TheMusoOk, I'm quite happy to keep doing them for the time being.08:04
doko_I volunteer, but not for the next two weeks08:04
bryceI can take May08:05
cjwatsonthanks, I'm sure even a rotation of three will help; sort it out among yourselves :-)08:05
cjwatsondoko_: so, shorewall08:05
cjwatsonas contrasted with ufw, presumably08:05
doko_ok, I'll re-add it to the seeds, with a comment08:06
cjwatson... (I didn't think that was a decision)08:06
cjwatsonshorewall was in main up to gutsy, so I certainly have no objection to it being added back08:06
doko_once the bashims were fixed it looks rather stable08:07
cjwatsonyou removed it, I see08:07
cjwatson  - remove shorewall from server-ship (ufw is in main)08:07
slangasekit's not the killer firewall, but ufw isn't today either; and shorewall gives users functionality that ufw doesn't08:07
doko_yes, but it's still referenced in Kubuntu hardy08:07
cjwatsonmy gut feeling is that ufw is rather new and relatively untried compared to shorewall, and, while ufw may well turn out to be the future once it's well-integrated, a lot of people will still want to use shorewall for good reasons08:07
cjwatsonso I think we should ship it08:08
* ArneGoetje is happily using shorewall on all my machines, including laptop :)08:08
cjwatsontechnically it should be a server team decision, mind you08:08
doko_I'll bring it to their attention08:09
doko_next: any actions about duplicates/unnecessary files on the CDs?08:10
cjwatsonbut I think it's fine to go for status quo (i.e. ship shorewall, as in gutsy) until they explicitly say otherwise08:10
cjwatsonwhich would correspond to "use ufw in all cases, damn your eyes"08:10
cjwatsoncan we carry on discussing duplicates/unnecessary files on the list?08:11
cjwatsonor perhaps on ubuntu-devel@, since it's currently distro-team@08:11
cjwatsonjust conscious that we're over time08:11
doko_fine with me, sending then to u-d08:11
asaci have another quick one about seeds: the crash reporter of mozilla upstream builds doesn't work in default installs, because we don't ship ca-certificates. any arguments against shipping them?08:11
asac(or make curl depend on ca-certificates)08:11
cjwatsonI'm sure we used to ship ca-certificates?08:12
ogradidnt we ship the before ?08:12
asaci think so ... i guess one rdepends got removed from cd08:12
cjwatsonno objection to shipping them provided that its (crazy) debconf question doesn't get asked by default08:12
cjwatsonunfortunately I suspect it does get asked by default on upgrades, worth checking its priority08:12
asacyes. afaik you don't get asked about that08:12
asachmm ... really? i never saw any question. but maybe thats because the packages wasn't updated for a while08:13
asaci can check that08:13
cjwatsonI'm just going on vague memory, I'm afraid08:13
cjwatsonca-certificates was in dapper/desktop08:13
cjwatsondependency of libcurl308:14
cjwatsonapparently it fell out in gutsy08:14
asachmmm ... libcurl3-gnutls has a recommends on it now08:14
cjwatsonmight have to duplicate that recommendation in the seeds, then, until such time as we do recommends-by-default08:15
cjwatsonwhich I think fell out of hardy because the ball was in too many people's courts08:15
cjwatsonok, 15 minutes over time, so let's adjourn08:15
cjwatsonthanks all08:15
asacthanks all08:15
TheMusoMinutes will be out tomorrow.08:15
* asac hugs TheMuso 08:16
ubotuLaunchpad bug 199592 in scim-bridge "scim-bridge crashed with SIGSEGV in scim::Module::unload()" [Medium,In progress] https://launchpad.net/bugs/19959208:16
calcgoodnight :)08:18
cjwatsonsleep well, USians08:19
* bryce zzz's08:19
bryce(early meeting tomorrow)08:19
evandheh, thanks08:21
=== doko_ is now known as doko
=== \sh_away is now known as \sh
=== ogra_cmpc_ is now known as ogra_cmpc
RichEdhello ... who's here for the education meeting ?12:04
* stgraber waves12:04
RichEdhi stgraber :)12:04
* ogra_cmpc waves ... very tired12:05
ogra_cmpconly us three ?12:06
RichEdwell apart from the passive lurkers ... looks like it12:06
RichEdlet's whip through a tech status then ...12:07
ogra_cmpcwell, i somewhat lost track with edubuntu the last days, was sitting in a cave and finishing the autobuilder and writing the new installer12:07
* Hobbsee waves12:07
ogra_cmpcon my for fixes i have the edubuntu-addon metatdata ... there is still the xfce entry in there which doesnt do anything anymore12:08
ogra_cmpcand te edubuntu entry needs a proper short descritipon ...12:09
RichEdahhh ..12:09
* RichEd spots the delayed wave from Hobbsee all the way from oz12:09
HobbseeRichEd: :)12:10
ogra_cmpcthere is still some gfxboot work i didnt manage yet (adding LTSP to the modes menu and somehow find a way to prevent teh addon cd from looking like a install cd if you boot it) ... i was pondering to ask cjwatson for help here12:10
ogra_cmpcgfxboot is a beast and takes more time than i want to understand it atm12:10
ogra_cmpcbeyond that the cds should be pretty much in shape12:11
ogra_cmpcyou will have seen me throwing around classmate images ... so classmate is also starting to look pretty well ... better and better every day12:12
ogra_cmpcfor ltsp i plan a final upload for tonight or tommorw, there are a bunch of bugs with fixes i want to include before we freeze to deep ....12:14
ogra_cmpcwell, thats about it from the tech side12:14
ogra_cmpci'd like to note that artwork freeze is tomorrow12:14
RichEdgimme a sec ... getting power12:14
ogra_cmpcwhich means we'll likely not have anything new in hardy12:14
ogra_cmpcand there are a bunch of edubuntu-doc bugs that need a helping hand (not sure if laserjock went over them already)12:15
RichEdis that an absolute art final, or is there a sneak it in route i've heard mentioned :)12:15
ogra_cmpcthe artwork thing is quite bad btw ....12:16
ogra_cmpcno official one12:16
ogra_cmpcwe have an LTS this time12:16
RichEdokay  ... and what time tomorrow is the freeze ?12:16
ogra_cmpcand that means the doc teams will want to have a fixed UI state for their screenshots etc12:16
ogra_cmpcthere is no time12:16
RichEdso is the end of the day US time acceptable ?12:17
ogra_cmpcslangasek is our release manager ... he will call out the freeze at will12:17
RichEdi'll hav a word with him ... see how flexible he could be ...12:17
ogra_cmpcnot sure what time he prefers, but he sits in US westcoast ...12:17
ogra_cmpcso rather late tomorrow i guess12:18
ogra_cmpc(i also think he"s more concerned about teh beta freeze than about artwork :) they are the same date this time)12:18
RichEdgreat ... even if we polish one of the alternates from the last round ... a different desktop for LTS would be good12:19
ogra_cmpcwell, i dont see anything i'd like to ship in the alternates12:19
* RichEd will drive that, and kep ogra_cmpc informed12:19
ogra_cmpcelse i would have added one already during the dev cycle12:19
ogra_cmpcthanks :)12:19
RichEdlet me touch sides with ideas tomorrow12:19
RichEda couple of classmate questions for you, but i'll grab you later for that ... they are intel device specific12:20
RichEdstgraber: can you give me an update on iTalc ... with comments from ogra_cmpc about the odds of inclusion ?12:20
ogra_cmpcits in sinc4e we4eks12:21
ogra_cmpcits in since weeks12:21
ogra_cmpci reported that three weeks ago or so in the meeting :)12:21
stgraberogra_cmpc: is it on the add-on CD ?12:21
ogra_cmpcthe client is even installed in the default classmate install now12:21
RichEdmy head has been bent a bit of late ... may need reminders at times :)12:21
RichEdw00t re classmate :)12:21
ogra_cmpcstgraber, just in main yet, i havent done the last seed shuffle dance yet12:22
* RichEd hands an ubuntu noddy badge to stgraber and ogra 12:22
stgraberbtw, I pinged upstream a bit earlier and he'll see what he can do to give us a patch for the MMX and bug fixes12:22
ogra_cmpcdo we have a bug with the patch already ? or only the mail you sent me ?12:23
RichEdstgraber: is upstream positive about our use of it and inclusion ?12:23
stgraberyes and he's helped me quite a lot for it12:24
stgraberogra_cmpc: only the mail12:24
RichEdgreat ... cc me in the next mail to him, and i will extend our thanks12:24
RichEdplease :)12:24
ogra_cmpcok, we need a bug for pitti/slangasek then12:24
stgraberRichEd: sure12:25
stgraberogra_cmpc: ok, I'll open one with the same info has I emailed you12:25
ogra_cmpcthanks a lot12:26
RichEdokay stgraber / ogra_cmpc / Hobbsee ... any other urgent issues ?12:26
* RichEd does not have anything else to raise today ... need to get work done for meetings and freeze tomorrow12:27
ogra_cmpcsame here12:27
HobbseeRichEd: if you've got edubuntu-specific stuff to freeze, which doesn't affect the rest, you should be OK12:27
stgrabernothing from me12:27
ogra_cmpcand i had a 8am meeting already12:27
RichEdogra_cmpc: can i grab you at the top of the hour for 15 / 20 mins ?12:27
ogra_cmpc(after 3h of sleep ...)12:27
RichEdanti-theft and other fiddly bits ... need an update12:28
ogra_cmpclets see how much i can squeeze out of my brain still :)12:28
* ogra_cmpc is curious about the fiddly bits 12:28
RichEdogra_cmpc: if we add our two brains together, we may have at least half a decent one to chat with some sense12:28
RichEdthe proprietary drive issues ... them fiddly bits12:29
ogra_cmpcthere are proprietary drivers ?12:29
RichEdsonic etc.12:29
* ogra_cmpc wasnt aware and didnt plan anything ... 12:29
RichEdme repeats the call for issues ... and raises the gavel in anticipation12:30
* RichEd looks around 12:30
* RichEd counts to 1012:30
RichEdgoing once ...12:30
RichEdtwice ...12:30
RichEdand that's a BONG and thanks ...12:31
RichEdwill be in the channel if needed12:31
=== mrevell is now known as mrevell-lunch
cjwatsonogra_cmpc_: oh, you want LTSP on Edubuntu's modes menu?13:19
ogra_cmpc_cjwatson, in alternates modes menu13:20
ogra_cmpc_there is no edubuntu cd with ltsp anymore :)13:20
cjwatsonerr, right13:20
cjwatsonok, that should be easy13:20
ogra_cmpc_how freeze critical is that ?13:20
cjwatsonit doesn't require a package upload, but we should still do it sooner rather than later13:21
ogra_cmpc_i would prefer to do it myself but i'm kneedeep in classmate stuff and wouldnt like to hibernate the enthusiasm13:21
cjwatsonwhy don't I do it now and mail you the diff so that you can grok it13:21
cjwatsonand then you get to do the next similar change :)13:21
ogra_cmpc_that would be great13:21
ogra_cmpc_thanks :)13:21
ogra_cmpc_another thing i thought about is the edubuntu cd ... cant we just drop the bootloader completely during build ?13:22
cjwatsonwe could, true13:22
ogra_cmpc_so the BIOS cares and we dont need to make up special artwork, translations etc13:22
cjwatsonit would be a bit unhelpful but possibly better than a bootloader that doesn't work13:22
ogra_cmpc_and making it pretty is a bit more work imho ...13:23
cjwatsonogra_cmpc_: ok, both done13:28
ogra_cmpc_thanks, that takes some pressure away13:29
=== mrevell-lunch is now known as mrevell
=== thekorn_ is now known as thekorn
=== ogra_cmpc__ is now known as ogra_cmpc
=== dholbach_ is now known as dholbach
=== mvo__ is now known as mvo
pedro_hello hello16:00
* Iulian waves16:00
pedro_hey Iulian, hello ogasawara16:00
pedro_hola liw_16:00
* stgraber waves16:02
=== soren is now known as soren_not_joking
henoMy system just died a minute ago, had to reboot :(16:02
=== soren_not_joking is now known as soren_joking
henoI'll need to investigate that after the meeting16:03
=== soren_joking is now known as soren
henobdmurray, ogasawara: here?16:03
ogasawaraheno: yup16:03
MootBotMeeting started at 16:04. The chair is heno.16:04
MootBotCommands Available: [TOPIC], [IDEA], [ACTION], [AGREED], [LINK], [VOTE]16:04
henonot many agenda items today: https://wiki.ubuntu.com/QATeam/Meetings16:04
heno[TOPIC] Beta testing preparations16:05
MootBotNew Topic:  Beta testing preparations16:05
henodavmor2 and I met on Saturday to talk about Beta+ testing16:05
henoI've drawn up a proposed schedule here https://wiki.ubuntu.com/Testing/ISO/Schedule16:06
henoaccording to which testing starts tomorrow16:07
henoI'll write the distro team about contributing and blog as well16:08
henoI'll be asking for help mostly toward the end --  ISO validation testing - March 18-1916:08
henook, next16:09
heno[TOPIC] Testing wiki pages refreshed - please review16:09
MootBotNew Topic:  Testing wiki pages refreshed - please review16:09
henothat's mostly done. We still need to update some test cases16:10
henoI'll post to the QA list regarding new features that we should cover16:10
bdmurrayI've been looking at the pages a bit this morning16:11
liw_the update is done, or the review is done?16:11
liw_so it's still good to review, check16:11
henoI've been looking at http://www.ubuntu.com/testing for ideas for new test cases.16:12
henoBut further suggestions are welcome16:12
bdmurrayDoes the FixValidation page overlap a lot with FixesToVerify?16:12
henobdmurray: not really16:13
henoFixValidation is supposed to be bugs fixed since the milestone freeze16:13
henoso in the past 2-3 days at that point16:14
henomaking sure that code we _just_ touched didn't break anything16:14
henoboth are useful to test from in that period though16:15
henobdmurray: thanks, I should clarify that on the page16:15
henoso, please look the pages over for sanity and readability16:16
henothat should cover that topic16:16
henobdmurray: how has your yesterday page been working?16:17
bdmurrayIt has been interesting to me at least.16:17
henoalso an interesting page is http://daniel.holba.ch/really-fix-it/16:17
ogasawaraI was going through the really-fix-it kernel bugs yesterday16:17
henobdmurray: perhaps you can get the progress meter from there16:18
bdmurrayheno: that's an interesting idea16:18
henoI looked at the abiword bugs and it seems they will all stay on the list16:18
henothey are fixed upstream in v. 2.6 which I don't think we'll get until intrepid16:19
pedro_right, bumping to 2.6 wouldn't be nice at this stage...16:20
henoThere should perhaps be a way of marking such bugs as 'have-looked-at-not-for-hardy' <- dholbach16:20
henoany other topics today?16:23
bdmurrayheno: Have you been looking at Hardy nominations at all?16:23
henobdmurray: no I haven't16:23
bdmurrayMaybe we should review those again.16:24
henobdmurray: do you have the URL handy?16:24
dholbachheno: not very easy to do16:24
bdmurrayheno: https://bugs.launchpad.net/ubuntu/hardy/+nominations16:25
henodholbach: with a tag perhaps and mark it on the list with an * ?16:26
dholbachor milestone it as 'later'?16:26
henothat'll work16:26
dholbachok, I'll document that on the page and filter them out16:26
henoso the nomination list is long again :)16:27
bdmurrayCouldn't we get an Ibex milestone setup rather than using Later?16:27
henodholbach: cool!16:27
bdmurrayBecause they would just need to move from later to Ibex16:27
bdmurrayliw_: Intrepid?16:28
liw_ah, right16:28
henoso how do we triage the nominated bugs at this stage? Milestone the serious looking ones?16:28
bdmurrayand the In Progress ones. ;)16:28
henothat would bring it onto the lists the developers and release managers look at16:29
henomy guess is there is already a fair bit of overlap16:29
henook, let's all have a look at the list and reduce it a bit for the next meeting16:30
henothen we'll have a better idea of what it contains16:30
henobdmurray: thanks for bringing that up16:31
bdmurraySounds good.  Who should we speak to about adding an Intrepid milestone?16:31
henobdmurray: any LP admin I think, so kiko or mdz for example16:32
henobdmurray: will you take that?16:32
henoI'll make a start on nominations today16:32
bdmurrayheno: okay, I'm pretty sure we have the power I'm not certain on the procedure16:32
bdmurrayanyway I'll look into it16:33
henolikely not documented on the LP wiki16:33
henoanything else?16:33
henook, thanks everyone!16:35
MootBotMeeting finished at 16:35.16:35
* heno goes digging in logs to find out why his computer crashed earlier16:36
=== leonel_ is now known as leonel
liw_heno, just in case it's memory, you may want to run memtest86+ from the grub menu, for at least 12 hours, preferably 2416:36
henoliw_: that is a good candidate, yes16:37
=== \sh is now known as \sh_away
=== juliux_ is now known as juliux
=== cjwatson_ is now known as cjwatson
keescook@now utc19:00
ubotuCurrent time in Etc/UTC: March 12 2008, 19:00:22 - Next meeting: Server Team in 1 hour 59 minutes19:00
MootBotMeeting started at 19:00. The chair is keescook.19:00
MootBotCommands Available: [TOPIC], [IDEA], [ACTION], [AGREED], [LINK], [VOTE]19:00
keescook[topic] introductions19:00
MootBotNew Topic:  introductions19:00
* propagandist waves19:00
keescookokay, are people here for the security team meeting?  :)  hi propagandist19:00
keescook[link] https://wiki.ubuntu.com/SecurityTeam/Meeting19:01
MootBotLINK received:  https://wiki.ubuntu.com/SecurityTeam/Meeting19:01
keescookthere is the agenda for today's meeting19:01
emgent@schedule rome19:01
ubotuSchedule for Europe/Rome: 12 Mar 22:00: Server Team | 14 Mar 21:00: MOTU | 14 Mar 22:00: REVU Coordination | 19 Mar 22:00: Server Team | 26 Mar 22:00: Server Team19:01
emgenthi keescook19:01
keescookheya emgent19:02
keescooklooks like joejaxx isn't here, but I'd like to still cover the TODO list/Roadmap19:02
emgentjdstrand, :)19:02
keescookis anyone from motu-swat here to do membership stuff for that team?19:02
* jdstrand got confused with the recent change to EDT19:03
keescookwell, and I tried to trick every one by moving it an hour in UTC too.  :P19:03
jdstrandvery sneaky indeed19:04
keescookFujitsu: are you here?  (ScottK, Nafallo, and sistypot aren't -- the other motu-swat admins)19:05
keescookokay, well, I'll mark the motu-swat agenda item as postponed for now.19:05
keescookalright, moving forward...19:06
keescook[topic] CVE review19:06
MootBotNew Topic:  CVE review19:06
keescookthe only item I have here is to call attention to the -proposed version of mysql that jdstrand prepared.19:06
jdstrandhey I was going to do that19:07
keescookhave at it.  :)19:07
keescook[link] https://lists.ubuntu.com/archives/ubuntu-devel/2008-March/025173.html19:07
MootBotLINK received:  https://lists.ubuntu.com/archives/ubuntu-devel/2008-March/025173.html19:07
jdstrandthe bug is #20100919:07
jdstrandbug #20100919:07
ubotuLaunchpad bug 201009 in mysql-dfsg-5.0 "[mysql-dfsg-5.0] fix for several open vulnerabilities in -proposed" [High,Fix committed] https://launchpad.net/bugs/20100919:07
jdstrandwe need testing of the -proposed packages with feedback put in that bug19:08
keescookanyone running mysql that can give it a go?19:08
jdstrandthe summary is that there were several CVEs that are fixed, but two of them, CVE-2007-6303 and CVE-2007-2692 were fairly intrusive19:08
ubotuMySQL 5.0.x before 5.0.51a, 5.1.x before 5.1.23, and 6.0.x before 6.0.4 does not update the DEFINER value of a view when the view is altered, which allows remote authenticated users to gain privileges via a sequence of statements including a CREATE SQL SECURITY DEFINER VIEW statement and an ALTER VIEW statement. (http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6303)19:08
ubotuThe mysql_change_db function in MySQL 5.0.x before 5.0.40 and 5.1.x before 5.1.18 does not restore THD::db_access privileges when returning from SQL SECURITY INVOKER stored routines, which allows remote authenticated users to gain privileges. (http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2692)19:08
jdstrandyou go ubotu19:09
jdstrandanyhoo, the packages have gone through quite a bit of testing already and are in good shape as far as I can tell, but it be nice to get more testing19:09
jdstranddapper - feisty primarily19:10
sdhoops, hi19:10
jdstrandgutsy is close enough to upstream that it wasn't affected be these19:10
jdstrandthat came out weird19:10
jdstrandgutsy isn't affected by those19:11
jdstrandok, that was wrong19:11
keescookheh :)19:11
jdstrandgutsy is affected by 6303, but is close enough to the current upstream that its patch wasn't intrusive19:12
* jdstrand tried to be too brief in his summary19:12
keescookcool.  so, anyone listening, please enable -proposed and give some feedback.  :)19:12
keescookany other CVE issues people want to bring up?19:12
keescook[topic] Contributing to ubuntu-cve-tracker19:13
MootBotNew Topic:  Contributing to ubuntu-cve-tracker19:13
keescookokay, so, the Ubuntu CVE tracker is used to ... track CVEs19:14
keescook[link] https://launchpad.net/ubuntu-cve-tracker19:14
MootBotLINK received:  https://launchpad.net/ubuntu-cve-tracker19:14
keescookwe're all doing lots of CVE updates, and I'd like to have more people from motu-swat reviewing the open CVEs19:15
keescookFujitsu did a few great passes at it, but it still needs more work19:15
keescookthe process is fairly well documented in the README19:15
keescook[link] http://bazaar.launchpad.net/~ubuntu-security/ubuntu-cve-tracker/master/files19:15
MootBotLINK received:  http://bazaar.launchpad.net/~ubuntu-security/ubuntu-cve-tracker/master/files19:15
jdstrandin addition to getting it up to date, ubuntu-cve-tracker is the main method we use to coordinate wok on the CVEs19:15
keescookbefore the next meeting, I'll make sure we have a published "open CVE" list so it's easier for people to see the work19:16
keescook[action] keescook to get HTML publication finalized19:16
MootBotACTION received:  keescook to get HTML publication finalized19:16
jdstrandit is important that if we are preparing updates that we check ubuntu-cve-tracker to see if the CVE is assigned to someone, so there isn't duplicate work19:16
jdstrand(this happened recently)19:17
keescookemgent: have you had a chance to check out a branch of this?19:17
jdstrandif it's assigned to someone, then ping that person to see what's going on19:17
emgenti use this for working19:17
keescookemgent: cool.  if you have any changes, please push up a branch and we can merge in your updates19:18
emgentok i will do.19:18
jdstrandseems that is the best way to go19:18
keescookokay... moving on19:18
keescook[topic] To-Do List (Expanding our Roadmap)19:18
MootBotNew Topic:  To-Do List (Expanding our Roadmap)19:18
=== asac_ is now known as asac
keescook[link] https://wiki.ubuntu.com/SecurityTeam/Roadmap19:19
MootBotLINK received:  https://wiki.ubuntu.com/SecurityTeam/Roadmap19:19
jdstrandmotu-swat people check out their branch, keep it up to date with master, and keescook and I will pull in the changes19:19
jdstrandlp has a way to request a merge that makes it very convenient19:19
keescookI'd like to see more things listed on the ST roadmap :)19:19
jdstrandFujitsu did that the other day and it worked great19:19
keescookif people have ideas about stuff they want to work on, please add it to the roadmap.19:20
jdstrandyikes, I didn't think we were done with u-c-t yet19:20
keescookI'd love to get all the non-exec stack bugs closed, too.19:20
keescookjdstrand: np, it was kind of a short topic -- not a big group today19:20
keescook[action] keescook to add non-exec stack bug list to roadmap19:21
MootBotACTION received:  keescook to add non-exec stack bug list to roadmap19:21
keescookanyone have anything else they want to see on the TODO list?19:21
emgentnot now, for me19:22
jdstrandthough it overlaps with the server team19:22
jdstrandI think apparmor profiles would be great19:22
keescookone idea I had was to add a "wishlist" section to the roadmap, and point anyone there that had ideas they wanted to see implemented.19:22
keescookooh, yeah19:22
gatenwhat about something like a bastille script for ubuntu??19:23
keescookI don't mind having TODO items duplicated between teams -- more chance people will work on it :)19:23
jdstrandwhile I haven't tried it, wouldn't Debian's bastille work fine on ubuntu?19:23
keescookI'd also like to add "build FAQ" to the TODO list19:24
gaten+1 for the wishlist19:24
jdstrandI like the wishlist idea too19:24
emgent+1 too19:24
gatenjdstrand: quite possible. sounds like a TODO19:25
mathiazkeescook: one of the problem with a whishlist section in the Roadmap is that it can become a long landry list19:25
keescookmathiaz: true.  I figure if it gets that way, we can move it to another page.19:25
mathiazkeescook: That's why the server Team has a IdeaPool page that is separate from the Roadmpa19:25
gatenjdstrand: but i would like to see a hardened default config19:25
mathiazkeescook: the desktop team has a vision wiki page for long term and todo for short trem19:26
keescookgaten: "hardened" means so many things.  what parts did you have in mind?19:26
mathiazkeescook: and people tend to start discussing things under the wishlist point19:26
keescookmathiaz: I'm all for generating discussion.  any significantly large discussion can be turned into a Blueprint.  :)19:27
gatenkeescook: the basics first. umask, ulimit, read access to logs etc19:27
gatenand i would like to see a firewall thats enabled and has some actual rules on by default.19:28
sdhagreed on firewall19:28
keescookgaten: some of that already exists -- it's be great to document a checklist.  Can you write a wiki page for that, and link to it in the Wishlist section?19:29
jdstrandgaten: not sure if you are referring to ufw there, but after an install, a simple 'sudo ufw enable' and you've got a good host-based firewall19:29
keescook(I've added Wishlist and FAQ to the Roadmap now)19:29
gatenkeescook: sure. when will this whislist be available?19:29
gatenahh, nvm19:29
keescookalso, I'd like to see the "KnowledgeBase" link to something useful.19:30
gatenjdstrand: ahh, wasn;t aware it shipped w/ rules available. but it should still be part of the setup, like 'Do you want to enable the firewall on startup'19:30
keescookI figure lists of links to other information could be handy there (oss-security link, CVE tracker link, you name it)19:30
gatenanother item I have brought up on the list-server but have done nothing about: chrooted packages (ie apt-get install LAMP-chroot)19:31
jdstrandgaten: that is a hard problem and very site-specific19:32
jdstrandhowever, the 'M' in LAMP is now in apparmor enforcing mode19:32
jdstrandgaten: I have been thinking about how to deal with 'A'19:33
gatenjdstrand: what about using bind-chroot as a stepping stone? and another thing, does chroot become moot if apparmor/selinux are implimented?19:33
=== Rinchen` is now known as Rinchen
jdstrandgaten: re> chroot moor -- basically yes19:33
keescookgaten: depends ... I'd say that might be true if kvm/xen are used too19:33
jdstrandgaten: you get a lot of pain for little gain19:33
keescooksome people use chroots to split up service configs.  *shrug*19:33
gatenwell apache is the easiest to chroot of em all, and there are so many scripts out there for it. also you've got mod-chroot if you wanna take the easy way out, still don't think its as secure though19:33
jdstrandgaten: and it isn't apache that is the problem, it is wirtual hosting and added packages19:34
jdstrandvirtual even19:34
gatenyes, and updating. ive played that game before19:34
jdstrandme too19:34
jdstrandwhich is why apparmor and selinux can help quite a bit here19:34
gatenwhich is why i have wet dreams of apt-get update lam-chroot ;)19:35
keescookokay, move on?19:35
gatenok, so hold off on that for now then19:35
jdstrandhowever, more thought needs to be done on the packaging of the added software and dealing with virtual hosts in a sane way that is easy to profile19:35
keescookwe're skipping MOTU-SWAT membership since we lack any motu-swat admins19:35
jdstrandgaten: it is absolutely an idea though, feel free to add it :)19:35
keescook[topic] SELinux progress19:35
MootBotNew Topic:  SELinux progress19:36
keescookpropagandist: all yours19:36
propagandisthey everyone19:36
propagandistA new bug fix release of SETools was released today which includes transitional packages (and should resolve the major complaint with the last FFE request).19:36
keescookoh, ubotu just left19:36
propagandistAn official release of SELinux was done last week as well.19:36
keescookfor the logs, setools FFe is bug 19839119:37
propagandistI'll be integrating these into the packages and reposting to REVU.19:37
keescookpropagandist: ah! that's good news.  I'm glad to see that SELinux release.19:37
propagandistfor SETools that means updating the ffe as well19:37
propagandistfor the rest of them do I need to do an FFE?19:37
propagandistkeescook: ;o}19:37
keescookpropagandist: is it a new upstream version?  if so, yes.19:37
keescookwhat do we gain by updating SELinux?19:38
keescook[link] https://launchpad.net/bugs/19839119:38
MootBotLINK received:  https://launchpad.net/bugs/19839119:38
jdstrandis this 3.3.4 or a more major update?19:38
propagandistnot too much I would think19:39
propagandistits 3.3.419:39
jdstrandas this FFE isn't accepted yet, could it just be updated?19:39
propagandistthe upstream selinux ones would only have the advantage of using an official release (but they are basically the same as what we have now)19:39
keescookpropagandist: if the changelog is small, I'm for it, just to be on a "known" release version.19:40
propagandistjdstrand: yes for setools, i will update the ffe19:40
keescook[link] http://www.nsa.gov/selinux/code/download-trunk.cfm19:40
MootBotLINK received:  http://www.nsa.gov/selinux/code/download-trunk.cfm19:40
keescookI see it's at 2.0.5919:40
propagandistyup and we are curretly on 2.0.5519:41
keescookpropagandist: so, beyond those things, how is SELinux on Hardy for you guys?  Has it tested out well?19:41
propagandistkeescook: it looks good to me, there is still a mislabeled cups file i need to fix, and some upgrade problems with sepolgen, but in general it looks good19:42
propagandistkeescook: of course I will be fixing those -^19:43
keescookpropagandist: okay -- beta freeze starts tomorrow IIRC, so I'd recommend focusing on bug fixes first, then FFe later -- the FFes might not get through :)19:43
propagandistkeescook: kk19:43
propagandistanyone else  had a chance to poke at it?19:43
keescookI booted it once found myself in unconfined X11 session, but it all appears to be running.19:44
keescookI haven't tried the relabeling since the fsck/usplash integration work was finished.19:44
keescookI think it'll just look like a regular fsck19:44
keescookajmitch, siretart: you guys here?  have you played with SELinux in Hardy yet?19:45
keescookpropagandist: did you reproduce the unconfined X session, or do I just have a weird install?19:46
propagandistkeescook: I haven't been able to reproduce it :(19:46
keescookheh, okay.  I'll give it another shot now that I've got kvm running sanely.19:47
keescookalright, shall we move on?19:47
propagandistkeescook: but maybe i'm misunderstanding because you should be unconfined_t19:47
keescookoh, that's what I was seeing19:47
propagandist;o} well all is good then19:47
mathiazpropagandist: keescook you may wanna ask on ubuntu-hardened for more selinux testing on hardy19:47
keescookI'm still an SENewb :)19:47
propagandistmathiaz: will do19:48
keescookmathiaz: good idea19:48
mathiazand add ubuntu-server@lists.ubuntu.com in the game also19:48
keescook[action] propagandist to bring up SELinux testing on u-hardened and u-server lists19:48
MootBotACTION received:  propagandist to bring up SELinux testing on u-hardened and u-server lists19:48
propagandistkk, i'm all out of status19:49
keescookokay...  Selinux gui utils is skipping (joejaxx is gone)19:50
keescooker, skipped19:50
keescook[topic] Hardening Wrapper testing19:50
MootBotNew Topic:  Hardening Wrapper testing19:50
keescookso, I recompiled all of "main" will the wrappers enabled.19:50
keescookI tried full, no-pie, and no-hardening.19:51
keescookoverall, the results were good19:51
keescook[link] http://people.ubuntu.com/~kees/hardening/19:51
MootBotLINK received:  http://people.ubuntu.com/~kees/hardening/19:51
keescookI have all the build logs saved19:51
keescookbut I threw out the .debs since I didn't have space for it19:51
keescookif people are interested in going through the "ok-nohardening.txt" file to figure out what's failing, and opening bugs for it, that would rock19:52
keescook(same goes for ok-nopie.txt, but those are likely a bit trickier)19:52
jdstrandkeescook: did you get a chance to try the rebuild with the i386 personality?19:52
keescookjdstrand: oh!  no, I didn't.19:53
keescookI will start one up over the weekend.19:53
gatenkeescook: do we have a priority for certain packages in nohardening?19:53
keescookI'm also considering generating a PPA that is exclusively hardened builds.19:53
keescookgaten: no real priority -- my goal is to have those two text files be 0 length by the end of intrepid.  :)19:54
keescookbut I know it's going to be a lot of work.19:54
gatenheh, roger that19:54
keescookI want to run the PPA idea past the soyuz folks so I don't get poked in the eye :)19:54
siretartkeescook: re selinux in hardy: yes, at my departmend we had a course (a week fulltime) were two students played with selinux in hardy19:55
keescooka concern brought up on the Debian devel mailing list is one of performance.  All the measurements I've done show less than 1% loss for PIE19:56
keescooksiretart: the new stuff that tresys has worked on?19:56
siretartexactly. I instructed them to use the ubuntu-hardened PPA19:56
keescookPIE> I am not a statistician.  :)19:56
keescooksiretart: cool!19:56
propagandistsiretart: !!19:57
siretartthe objective was writing 2 policy modules: one for mt-daapd and one for boxbackup19:57
propagandistsiretart: awsome :o} how did it go?19:57
siretartpropagandist: the __sns__ guy was one of the two students, you remember? ;)19:57
siretartboth were successfully19:57
siretartsome tools behaved a bit strange compared to fedora19:57
propagandistoh? which ones?19:58
siretartIIRC adding new selinux users, and listing selinux users. it looked like ubuntu had a different version of the tools or something19:59
siretartI have to admit that I don't remember exactly20:00
propagandistah i see20:00
jdstrandsiretart: how long ago was this?20:00
siretartwas that course20:00
keescookemgent had to leave early due to stuff out of his control, so he asked that his topics be postponed20:02
jdstrandwell, seems the selinux reprise is over20:03
siretartanyways, I had a rather good impression of selinux in ubuntu20:03
propagandistsiretart: thanks for the feedback :o} its great to hear that it worked for them20:03
jdstrandkeescook: has there been any more discussion of enabling hardening-wrapper on specific packages20:03
siretartwhat was most surprising is that the "new" unconfined module in ubuntu was behaving very differently than most documentation out there20:03
jdstrandkeescook: ie what I added to the Roadmap?20:04
jdstrandI admit I haven't done anything with it20:04
siretarte.g. we didn't manage to get the gpg module work in ubuntu at all20:04
keescookjdstrand: there hasn't been -- I've been waiting to get feedback from doko about the hardened builds.20:04
* jdstrand nods20:04
keescookfor us to build stuff with hardening enabled vi Build-Deps (not the buildds) we'd need to promote hardening-wrapper to main, etc20:04
siretartI think what's needed here most is more documentation/explanation how the unconfined module is supposed to work in ubuntu.20:05
keescookjdstrand: so, at least we could provide PPAs for hardened builds too.20:06
jdstrandkeescook: that would be a good alternative.  I'm just really excited about hardening wrapper and thinking about how this is an LTS release20:07
NthDegreeyes indeed siretart20:07
propagandistsiretart: kk, i'll look at adding it to the wiki, if you can send me more information on the problems you had getting gpg working that will help20:07
keescookjdstrand: yeah, I wish it could have happened earlier, but this is how it worked out.  :(20:07
dokokeescook: yeah ...20:07
keescookdoko: oh! hey there.  :)20:08
NthDegreejust to satisfy my curiosity:  how is unconfined going to handle mprotect ideally?20:09
dokokeescook: just found me doing uploads for reports assigned to some k...c...20:10
keescookdoko: oh?20:11
siretartpropagandist: well, afaiu, the gpg module is not supposed to run from the unconfined role, and a role transition was neccessary to do that. I think a small howto or example module or something how to enable the gpg module for 'normal' users would be a great example!20:11
propagandistNthDegree: Can you clarify?20:11
NthDegreepropagandist: preventing execstack, execmem, execmod etc.20:11
NthDegreeFedora prevents that in normal "unconfined".. will Ubuntu have it the reverse way?20:12
NthDegreeas in tagging apps gradually that can safely be restricted, and leaving the rest truly unrestricted20:12
keescooksay, let's move the selinux discussion to #ubuntu-hardened, and I can close up this meeting.  :)20:15
keescookwe've got no more topics20:15
propagandistkk :o}20:15
keescook[topic] schedule20:15
MootBotNew Topic:  schedule20:15
keescooknext meeting in two weeks, same time?20:15
jdstrandgood with me20:15
* jdstrand will be sure to remember his timezone next time20:16
keescookokay, thanks very much everyone!  great work all around.  :)20:16
MootBotMeeting finished at 20:16.20:16
jdstrandthanks keescook!20:17
gatenthanks all20:17
* faulkes- whistles innocently20:22
zul@schedule montreal20:26
ubotuSchedule for America/Montreal: 12 Mar 17:00: Server Team | 14 Mar 16:00: MOTU | 14 Mar 17:00: REVU Coordination | 19 Mar 17:00: Server Team | 26 Mar 17:00: Server Team20:26
=== \sh_away is now known as \sh
ubotuSchedule for Etc/UTC: 12 Mar 21:00: Server Team | 14 Mar 20:00: MOTU | 14 Mar 21:00: REVU Coordination | 19 Mar 21:00: Server Team | 26 Mar 21:00: Server Team20:45
=== ubotu changed the topic of #ubuntu-meeting to: Current meeting: Server Team Calendar: http://fridge.ubuntu.com/event | Logs: https://wiki.ubuntu.com/MeetingLogs/ | 14 Mar 20:00 UTC: MOTU | 14 Mar 21:00 UTC: REVU Coordination | 19 Mar 21:00 UTC: Server Team | 26 Mar 21:00 UTC: Server Team
* mathiaz gets ready for the server team meeting...20:58
sorenHi, guys.21:00
* nealmcb waves21:00
* nijaba waves21:00
nealmcbsommer: I just made some changes to https://help.ubuntu.com/community/ServerGUI21:01
owhnijaba: Updated the launch text a few moments ago.21:01
mathiazLet's get started for this week meeting21:01
MootBotMeeting started at 21:01. The chair is mathiaz.21:01
MootBotCommands Available: [TOPIC], [IDEA], [ACTION], [AGREED], [LINK], [VOTE]21:01
sommernealmcb: cool21:01
mathiazToday's agenda: https://wiki.ubuntu.com/ServerTeam/Meeting21:01
mathiaz[TOPIC] Review ACTION points from previous meeting.21:02
MootBotNew Topic:  Review ACTION points from previous meeting.21:02
mathiazSo I've sent an email about the ServerTestingTeam21:03
mathiazAnd I've noticed that some new pages were created in the wiki21:03
mathiazAgain - anyone that has some server hardware available is welcome to test drive hardy.21:03
mathiaz[TOPIC] Server survey21:04
MootBotNew Topic:  Server survey21:04
mathiazThe reportingpage has been updated21:04
* soren blushes as he realises he hasn't sent anything for that page :(21:04
mathiaznijaba: any news on the hosting front ?21:05
owhsoren: You could have updated it and blamed it on "caching" :)21:05
nijabawe are waiting for an audit from kees21:05
nijabait should be done soon21:05
sorenowh: Encouraging dishonesty? Tsk, tsk :)21:06
mathiaz[TOPIC] iSCSI support21:06
MootBotNew Topic:  iSCSI support21:06
sorenI talked to Rick.21:06
mathiazsoren: did you have a change to talk with steve about root fs support ?21:06
sorenWe decided we wanted to do it.21:06
* keescook ran out of time last friday.21:06
sorenI e-mailed slangasek asking if it was ok. I haven't heard back.21:07
sorenThis was Friday, I believe. I should poke him some more.21:07
mathiazsoren: that would be post-beta work I guess21:07
=== never|mobi is now known as neversfelde|mobi
mathiaz[ACTION] soren to talk with slangasek about iSCSI support for root fs.21:08
MootBotACTION received:  soren to talk with slangasek about iSCSI support for root fs.21:08
mathiaz[TOPIC] Bacula status21:09
MootBotNew Topic:  Bacula status21:09
mathiazivoks: what's the state of your work on that ?21:09
ivoksit needs one day of work21:09
ivokstomorrow it will be ready for inspection21:10
mathiazivoks: great21:10
mathiazwho can do the inspection ?21:11
ivoksif someone want to see debdiff, http://www.grad.hr/~ivoks/bacula.diff21:11
nijababeta freeze starts tomorrow21:11
sommerso is bacula going to make it into main?21:11
mathiazprobably not before beta21:11
ivoksok, then it will be finished in couple of hours21:11
nijabawe have yet to file a mir, though...21:11
sommerfor hardy release?21:11
ivoksdebdiff is already over 1000 lines21:12
* zul cries21:12
sommereither way I was just wondering if we should add a section to the docs or not?21:12
ivokszul: it's not that bad :)21:12
mathiazconsidering that we're changing a lot of the packaging, we should ask for FFexception21:13
mathiazor should it be considered as just bug fixes ?21:13
nijabathese are mainly bug fixes to match requirements, IIRC21:14
ivoksthere are also new features21:14
ivokslike new catalog_backup script21:14
mathiazisn't that a fix for the security issues raised ?21:15
ivoksit is21:15
ivoksanyway... i'll finish it in couple of hours21:15
nijabaso it is a bug fix ;)21:16
mathiazanyway - since the diff seems large, it may worth asking for a FFe to the motu-release team21:16
mathiazzul: can you review the bacula diff ?21:16
zulmathiaz: sure..21:16
mathiazzul: and figure out whether a FFe is needed or not21:16
zulI can do it tomorrow21:17
mathiaz[ACTION] ivoks to post an updated debdiff for bacula21:17
MootBotACTION received:  ivoks to post an updated debdiff for bacula21:17
mathiaz[ACTION] zul to review the bacula debdiff21:17
MootBotACTION received:  zul to review the bacula debdiff21:17
mathiaz[TOPIC] mysql testing21:17
MootBotNew Topic:  mysql testing21:17
mathiazjdstrand: what did you do to mysql ?21:17
ivokszul: i'll be online, so contact me if you have questions21:18
jdstrandI have been preparing a security update for mysql21:18
zulivoks: sure thanks21:18
jdstrandthere are several issues that are addressed21:18
jdstrand2 required a rather substantial patch21:18
jdstrandall of this is documented in bug #20100921:19
ubotuLaunchpad bug 201009 in mysql-dfsg-5.0 "[mysql-dfsg-5.0] fix for several open vulnerabilities in -proposed" [High,Fix committed] https://launchpad.net/bugs/20100921:19
jdstrandthe short summary is that CVE-2007-6303 and CVE-2007-2692 required quite a bit of work to fix dapper - feisty21:19
ubotuMySQL 5.0.x before 5.0.51a, 5.1.x before 5.1.23, and 6.0.x before 6.0.4 does not update the DEFINER value of a view when the view is altered, which allows remote authenticated users to gain privileges via a sequence of statements including a CREATE SQL SECURITY DEFINER VIEW statement and an ALTER VIEW statement. (http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6303)21:19
ubotuThe mysql_change_db function in MySQL 5.0.x before 5.0.40 and 5.1.x before 5.1.18 does not restore THD::db_access privileges when returning from SQL SECURITY INVOKER stored routines, which allows remote authenticated users to gain privileges. (http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2692)21:19
jdstrandas such, I have uploaded the packages to -proposed for wider testing21:19
jdstrandthey have received a good bit of testing already, and they look good here21:20
jdstrandI'd really appreciate it if people could test these packages and report 'works here' in that bug report, so I can push the update out next week21:20
mathiazjdstrand: great21:21
nijabajdstrand: there is a version for dapper?21:21
jdstrandbecause gutsy is so close to upstream, its patches weren't significant21:22
mathiazjdstrand: You've already sent a couple emails on different mailing lists21:22
mathiazjdstrand: could you post something to the forums ?21:22
jdstrandreally looking for dapper (and edgy and feisty if possible)21:22
mathiazjdstrand: or ask faulkes- about it ?21:22
jdstrandnijaba: 5.0.2221:22
jdstrandis faulkes- around?21:22
mathiazjdstrand: I think there is developer forum that is targeted at that21:22
jdstrandmathiaz: but to answer your question-- sure21:22
mathiazjdstrand: altought I'm not sure if the people reading the developer forums would be able to test your updates21:23
jdstrandnijaba: oh heh, I read your question to quickly-- yes dapper has updates and I'd really like testing there21:23
jdstrandmathiaz: couldn't hurt21:24
nijabaok, I'll test it on my prod server21:24
mathiazjdstrand: could you coordinate with faulkes- about requesting feedback in the forums ?21:24
nijabaand blame you if it blows up ;)21:24
jdstrandnijaba: yes, you would be within your rights on that21:24
mathiaz[ACTION] jdstrand to coordinate with faulkes- about mysql testing in the forums21:25
MootBotACTION received:  jdstrand to coordinate with faulkes- about mysql testing in the forums21:25
* jdstrand won't mention testing updtes on a production server, as he really wants as much testing as possible21:25
mathiaz[TOPIC] LSB compliant init script21:26
MootBotNew Topic:  LSB compliant init script21:26
mathiazkirkland: owh: you've started to look into that21:26
mathiazwhat is the outcome ?21:26
owhWe started creating some code to get output.21:26
kirklandmathiaz: we have a list of all packages in Main, and Universe that install something in /etc/init.d21:26
owhWe've created an initial list of the hardy .iso: https://wiki.ubuntu.com/OnnoBenschop/ubuntu-server/init.d-status21:26
owhNext step is testing what they output :)21:27
ScottK2Is this really a project we ought to be starting a day before beta freeze?21:27
mathiazLSB compliant means a lot of things - what are you trying to fix first ?21:27
mathiazI think trying to get the status action for the daemons makes sense21:28
kirklandmathiaz: a "status" action by init scripts is one of the things required for LSB21:28
kirklandmathiaz: in most cases, it's a trivial patch21:28
mathiazhaving a fully compliant init script may require too much work though21:28
owhWe start small and work our way up.21:28
mathiazkirkland: well - there is also the headers for startup sequence21:29
kirklandmathiaz: for services (and mainly those in ubuntu-server), i think it's important enough to have in Hardy, and minor enough code changes21:29
owhWe started with the packages installed by tasksel on the ubuntu-server install.21:29
ScottK2Personally I think adding features to inits is adding features and should be done at the appropriate point in the development cycle for feature development.21:29
kirklandmathiaz: full compliance is beyond the scope I'm suggesting21:29
owhIt's a fair point ScottK221:29
mathiazScottK2: right. OTOH not having a status action for init script is really annoying21:30
owhAnd I figure if we're serious with ebox, it will need to know if stuff is working - no?21:30
mathiazso trying to add a status action for packages that are on the ubuntu-server iso seems to be a good compromise21:31
kirklandmathiaz: i agree with that21:31
owhAll of them, or only the ones that are installed by a tasksel server selection?21:31
ScottK2It's not nearly annoying as having a broken init script on release day.21:31
mathiazScottK2: I'd say that testing an init script is easy.21:32
ScottK2mathiaz: I think if you want to pursue this you should ask ubuntu-release for an FFe.21:32
owhThere's only 7 that don't have a status that are installed by a tasksel *server selection21:32
mathiazScottK2: aggreed.21:32
mathiazScottK2: I was about to suggest that we should talk to ubuntu-release about this.21:32
ScottK2It all depends on the init.21:32
kirklandScottK2: the risk is having an init script with a broken 'status' action on release day21:32
ScottK2kirkland: We have lots on unimplemented features.21:32
kirklandwe should not be affecting the start/stop/(other) actions21:32
mathiazkirkland: could you update the Roadmap with a clear scope on what we aim at ?21:33
ScottK2kirkland: Agree with should not.21:33
owhThere are only 4 that have a status option so far.21:33
nealmcbI'd suggest taking it one package as a time - if the patch is trivial and fixes the "non-lsb-compliant" bug, then it is worthwhile given the 5 year lifespan of hardy.  but I know it is also risky21:33
mathiazkirkland: and also list the packages targeted for hardy ?21:33
kirklandmathiaz: will do21:33
mathiazkirkland: once the list is there, we can ask ubuntu-release to have a look at it and get a FFe for it.21:33
kirklandnealmcb: I agree with your LTS comment, plus the fact that this is "catch-up" for many key services on ubuntu-server21:34
mathiazkirkland: however we won't have this ready by beta.21:34
nealmcbat any rate, thanks for gathering the data, folks....21:35
mathiazkirkland: the archive freeze is tomorrow - and these are patches that are not show-stoppers for the beta release21:35
owhThat gives us 24 hours :)21:35
kirklandowh: with 2/7 done21:36
zuluh...no it gives you less than that21:36
mathiaz[ACTION] kirkland to update the Roadmap outlining the scope of the work - just add status action21:36
MootBotACTION received:  kirkland to update the Roadmap outlining the scope of the work - just add status action21:36
* nealmcb would love to have status-getting documentation that doesn't have to say "except on hardy" for a long time21:36
owhSeriously, the packages on the CD, there are really not that many if we limit ourselves to tasksel only stuff.21:36
mathiaz[ACTION] kirkland to ask ubuntu-release for a FFe for each of the packages.21:36
MootBotACTION received:  kirkland to ask ubuntu-release for a FFe for each of the packages.21:36
mathiaz[TOPIC] libdb4.x transition21:38
MootBotNew Topic:  libdb4.x transition21:38
mathiazthere has been some work done on this.21:38
mathiazmruiz has been working on a couple of them - and contacted some upstream about the transition. Some of the upstream added a check in the configure script for a specific version of libdb.21:39
mathiazzul: is the Roadmap updated wrt to the package you've uploaded ?21:39
zulmathiaz: afaik yes21:39
zulyes it is...mruiz is doing the rest of them21:40
mathiazScottK2: is there any packages for libdb4.4 and libdb4.5 ?21:40
ScottK2mathiaz: There are, but I haven't had time to look21:41
mathiazScottK2: ok - so may be we should concentrate on libdb4.321:41
mathiazScottK2: and then jump to libdb4.4 and 4.521:42
ScottK2lidbd4.2 will be sticking around, so no point worrying about that one right now.21:42
mathiaz[TOPIC] Server Guide documentation21:42
MootBotNew Topic:  Server Guide documentation21:42
mathiazScottK2: yeah - related to openldap21:42
mathiazsommer: so how is the string freeze going ?21:42
sommergetting there21:43
sommeradded an ebox section if people would like to review21:43
mathiazsommer: do you have section that needs focus for review ?21:43
sommerprobably the virt section... working with nijaba and soren on it21:43
sommerI should have an update for it this evening... the current version isn't quite accurate21:44
mathiazsommer: ok - I'll look into also as I'm still setting up my new vm environement.21:44
sommermathiaz: cool, the more the marrier21:45
mathiazkeescook and jdstrand have also migrated to kvm IIRC21:45
jdstrandloving it21:45
jdstrandmuch less resource intensive than vmware21:45
sommerother than that just working through the rest of the sections and updating minor adjustments for hardy21:45
nijabaat least sommer does it in real condition: remotely21:46
sommerheh... attempts to :-)21:46
mathiazsommer: could you update the Roadmap with a list of the section you'd ask for review ?21:46
dendrobatessommer:  I should get the likewise-open man pages by tomorrow.21:46
sorenI had 10 vm's running at the same time a few days ago. Worked fine.21:46
mathiazsommer: so that we can point people to it and focus our efforts on that.21:46
sommermathiaz: sure21:46
mathiaz[TOPIC] sommer to update the roadmap section with a list of section of the server guide that need reviews.21:47
MootBotNew Topic:  sommer to update the roadmap section with a list of section of the server guide that need reviews.21:47
sommerdendrobates: that's cool, I noticed the ffe bug.21:47
mathiaznealmcb: could you update the factoids by adding a servergui entry ?21:47
nealmcbI sent mail a little while ago21:47
ubotuSorry, I don't know anything about servergui - try searching on http://ubotu.ubuntu-nl.org/factoids.cgi21:48
nealmcbmail to the server team...21:48
nealmcbif folks like what I wrote, and the servergui changes, I'll talk to the ops21:48
faulkes-I now have hardware and a requirement for virtuals, so I'll be doing kvm stuff very soon21:48
nealmcb https://help.ubuntu.com/community/ServerGUI21:49
nealmcb(that's mostly sommer's work of course - just a few edits by me)21:49
mathiaznealmcb: I think it looks good21:49
jdstrandI should mention that while I have been loving kvm21:49
mathiaznealmcb: and should be added21:49
jdstrandand have moved all my vmware machines to it21:50
nealmcbwill do21:50
=== _czessi is now known as Czessi
mathiaznealmcb: I can't seem to find your email to the server team about the servergui entry21:50
jdstrandthere is some adjustments that need to be made on pre-hardy vms21:50
nealmcbjust half an hour ago21:50
mathiaz[ACTION] nealmcb to add an entry for the servergui factoid21:50
MootBotACTION received:  nealmcb to add an entry for the servergui factoid21:50
jdstrandI will update the wiki accordingly (probably tomorrow)21:50
jdstrandadditionally, there is s script available to help migrate21:51
mathiaznealmcb: ah ok - I haven't checked my email21:51
jdstrandvmware images to kvm:21:51
MootBotLINK received:  http://people.ubuntu.com/~soren/vmware2libvirt21:51
* owh hugs jdstrand21:51
* owh thanks soren for the code.21:51
nealmcbI did change one part of the recommend apt-get commands...21:52
mathiaz[TOPIC] LTS upgrades21:52
MootBotNew Topic:  LTS upgrades21:52
mathiazso what are our current efforts in that area ?21:52
sorenowh: Oh, it's jdstrand's doing. All of it.21:53
sorenowh: I just stole it and threw it on people.ubuntu.com :)21:53
mathiazso I guess we're doing really good on LTS upgrade testing if noone has anything to report21:54
jdstrandmathiaz: I would not assume that21:55
jdstrandmathiaz: I was until a moment ago silent because I haven't done it21:55
ScottK2I can unequivicably (or however that's spelled) say that I have not encountered any errors in LTS to LTS upgrade testing.21:55
* jdstrand could say the same21:55
mathiazwell - my question then is: what was LTS-to-LTS-upgrade-tested ?21:56
* sommer needs to make time for testing LTS on LTS action21:56
nealmcbScottK2: but what fractions of the upgrades have been successful?  Any singularities encountered?21:56
mathiazScottK2: I guess you've tested postfix and mail daemon21:56
ScottK2Actually I haven't directly, but I've tested direct upgrades of Postfix to modern versions on Dapper with no trouble for backports21:57
mathiazwell - we still need to focus on LTS-to-LTS upgrades21:58
mathiazespecially now that we're about to release beta21:58
mathiaz[TOPIC] Any Other Business21:58
MootBotNew Topic:  Any Other Business21:58
mathiazanyone wants to add something ?21:59
mathiazsoren: could you update the ReportingPage with a virtualization section ?21:59
ScottK2mathiaz: Any chance now for tasksel changes?21:59
owhAnd a migration guide :)21:59
mathiazdendrobates: same thing for likewise-open ?21:59
mathiazScottK2: you mean the dovecot+postfix integration ?22:00
ScottK2mathiaz: Yes.22:00
sorenmathiaz: Will do.22:00
ScottK2I wanted to see about integrating amavisd-new since we finally got it in Main22:01
mathiazScottK2: I think that ivoks updated the patch for the new version of tasksel22:01
mathiazScottK2: now it needs a FFe and then a core-dev can upload it22:01
soren"unequivocably", I think, by the way.22:01
* kirkland quivs with soren22:02
ScottK2soren: That looks right22:02
ScottK2mathiaz: Do you have a bug number?  If there's a patch, I'll look into FFe.22:02
mathiazScottK2: https://bugs.launchpad.net/ubuntu/+source/dovecot/+bug/16483722:03
ubotuLaunchpad bug 164837 in dovecot "Dovecot SASL for postfix" [Low,In progress]22:03
* ScottK2 looks22:03
mathiaz[TOPIC] Agree on next meeting date and time.22:03
MootBotNew Topic:  Agree on next meeting date and time.22:03
mathiazSame time, same place, next week ?22:03
nealmcbyes - utc-wise :-)22:04
mathiazwell - 21:00 UTC22:04
nxvlmeeting is already over?22:04
mathiazthe time hasn't changed - only the some part of the world decided to move forward in time22:05
ivoksmathiaz: yes, i've updated it22:05
ivoksScottK2: no, i didn't put amavis in it; and i'm not big fan of doing amavis filtering by default22:05
ivoksScottK2: i think we should leave that to people who know what it is for22:06
ivoksotherwise, we'll have angry users complaining that their ubuntu mail server kills mail22:06
ScottK2ivoks: Fair enough22:07
ScottK2It's certain not something we should shove in at the last minute if there's no consensus.22:07
ivoksScottK2: amavis bounces mail with exe attachments by default, so... i don't know...22:07
mathiazOk - so next meeting: next week, same time same place22:07
ScottK2We'd need to come up with a do no harm config22:07
mathiazThanks all for attending ! :)22:08
ivoksScottK2: yeah... i'm still in a quest for ideal amavis config :)22:08
MootBotMeeting finished at 22:08.22:08
ivoksScottK2: and, it would love to see mailzu integrated with amavis22:08
sommerthanks mathiaz, later all22:08
nijabathanks all22:09
=== \sh is now known as \sh_away
=== ubotu changed the topic of #ubuntu-meeting to: Calendar: http://fridge.ubuntu.com/event | Logs: https://wiki.ubuntu.com/MeetingLogs/ | 14 Mar 20:00 UTC: MOTU | 14 Mar 21:00 UTC: REVU Coordination | 19 Mar 21:00 UTC: Server Team | 26 Mar 21:00 UTC: Server Team

Generated by irclog2html.py 2.7 by Marius Gedminas - find it at mg.pov.lt!