[03:05] <Baron1984> http://ubuntuforums.org/showthread.php?p=5194590#post5194590
[06:15] <pitti> Good morning
[06:16] <ion_> Hi
[06:17] <Hobbsee> pitti!
[06:31] <TheMuso> Morning pitti.
[06:39] <dholbach> good morning
[06:58] <pitti> zul: yay, Debian accepted all our openvpn patches; yay bug/patch forwarding, we can sync :)
[06:59] <ion_> Whee
[07:23] <dholbach> hey thekorn
[07:24] <thekorn> good morning dholbach
[07:24] <dholbach> thekorn: with the new /+text parser bug summaries just contain one character :-)
[07:25] <pitti> cjwatson: Good morning
[07:25] <pitti> cjwatson: if you have a moment, your input in bug 220805 would be appreciated
[07:26] <thekorn> dholbach, oh, thanks for letting me know, will check this in a bit
[07:26] <dholbach> thekorn: http://paste.ubuntu.com/20548/ :-)
[07:27]  * dholbach hugs thekorn :)
[07:28] <thekorn> looks like a bad start in this day
[07:28] <dholbach> thekorn: nah... apart from that the new text connector seems to work fine :)
[07:29] <dholbach> thekorn: as always top-notch work from you!
[07:30] <\sh> moins
[07:30] <\sh> thekorn: the start in this day is great..when I see our bzr commits ;)
[07:30] <\sh> rainct rockt da house
[07:31] <thekorn> dholbach, hehe, thanks for motivating me
[07:31] <thekorn> \sh, morgen
[07:31] <\sh> thekorn: guten morgen :)
[07:34] <\sh> damn...I have to catch up with the gtk guys
[07:35] <\sh> they did awesome work last night
[07:36] <wgrant> \sh: You probably should wait for the LP API.
[07:38] <\sh> wgrant: well...to change the backend is not a problem :)
[07:38] <wgrant> \sh: True, true
[07:38] <wgrant> The API will hopefully make it much faster.
[07:38] <\sh> the point is to get this project started...and it's awesome to see how it evolves in only 4 days :)
[07:39] <dholbach> if the project is only read-only the text connector is the way to go
[07:41] <\sh> dholbach: it won't :) whatever thekorn is giving us, we'll implement it :)
[07:42] <superm1> is this eventually intended to make a full out replacement LP interface from a custom GTK app?
[07:42] <thekorn> dholbach, rev 99 fixes bug.summary and bug.reporter
[07:42] <dholbach> thekorn: ROCK!
[07:42]  * dholbach hugs thekorn
[07:42]  * thekorn hugs dholbach 
[07:43] <wgrant> I'll be interested to see how the official LP Python lib will compare to p-lp-b.
[07:43] <thekorn> me too
[07:44] <wgrant> It would be nice if they released an API at some point so we could poke holes into it first.
[07:44] <wgrant> Er, the Python API.
[07:44] <wgrant> Before the whole thing's actually released.
[08:43] <geser> pitti: Hi, can you look at the buildlog for openocd? http://launchpadlibrarian.net/15228528/buildlog_ubuntu-intrepid-amd64.openocd_0.0%2Br655-1_FAILEDTOBUILD.txt.gz
[08:43] <geser> pkg-create-dbgsym fails with "objcopy: Unable to recognise the format of the input file `./usr/lib/openocd/ecos/at91eb40a.elf'
[08:43] <geser> debian/openocd/usr/lib/openocd/ecos/at91eb40a.elf: ELF 32-bit LSB executable, ARM, version 1, statically linked, stripped
[08:44] <geser> should pkg-create-dbgsym skip unrecognized files or do I need to add a -X at91eb40a.elf to the dh_strip call?
[08:45] <cjwatson> pitti: OK, I'll just give it a spin here
[08:45] <stgraber> morning
[08:46] <pitti> geser: it uses -X invalidly
[08:47] <pitti> geser: -X doesn't take a glob, it takes a substring
[08:49] <geser> oh, overlooked it. Thanks, will fix the package then.
[08:49] <pitti> geser: I wonder how that builds in Debian
[08:50] <pitti>         foreach my $f (@{$dh{EXCLUDE}}) {
[08:50] <pitti>                 return if ($fn=~m/\Q$f\E/);
[08:50] <pitti>         }
[08:50] <pitti> that doesn't work with globs either
[08:52] <pitti> seb128: no intrepid copy love for you in bug 230998; is that fixed upstream in 2.23 already?
[08:53] <dholbach> thekorn: rev99 works NICEly :)
[08:55] <thekorn> phew
[08:56] <pitti> seb128: same question for bug 211604
[09:00] <seb128> pitti: no an dno
[09:00] <seb128> no and no
[09:01] <seb128> pitti: will be fixed when next versions are available which should be today
[09:01] <slangasek> seb128: just got some insight into bug #209520, and sent a follow-up just now
[09:01] <pitti> seb128: ok, great; thanks
[09:01] <seb128> slangasek: ah, nice ;-)
[09:02] <slangasek> seb128: basically, any server that's security=share can only use weak password authentication, which we deliberately disabled in samba for hardy; slightly ahead of upstream, but on the grounds that upstream will do the same in samba 3.2 and it would be unfortunate to have vulnerable default settings for the life of hardy
[09:02] <seb128> slangasek: oh, so those are non supported configs?
[09:03] <slangasek> well, that's /my/ position on it with my samba hat on, but I'm willing to be persuaded
[09:03] <slangasek> I think nautilus/gvfs needs some fixing there regardless
[09:03] <slangasek> but that's not necessarily 8.04.1 material
[09:03] <seb128> right
[09:03] <slangasek> and if there's a sense that enabling the weak client auth is the lesser evil, then that's a quick fix
[09:03] <seb128> but seeing the number of people concerned by the issue I'm not sure what the right fix would be
[09:03] <seb128> out of letting them using their config ...
[09:04] <Mithrandir> slangasek: any particular reason why security=share isn't then just disabled?
[09:04] <slangasek> Mithrandir: it's a server setting; the servers are not hardy servers, AFAICS
[09:04] <slangasek> Mithrandir: i.e., there are corresponding defaults on the server side which someone would have to override to get a hardy server in security=share mode
[09:05] <Mithrandir> slangasek: oh, ok, so you're talking about the client.  Ack.
[09:05] <slangasek> yeppers
[09:05] <slangasek> and when the client is nautilus+gvfs, the user gets no feedback about why it failed... :)
[09:13] <pitti> soren: the virt-manager bugs of the hardy-updates version are still open in intrepid; can you please apply the fixes to intrepid, too, and upload?
[09:13] <slangasek> anyway, with that bug triaged, I'm off to bed
[09:14] <seb128> slangasek: thanks for your work on that, good to have a clue about the issue
[09:14] <seb128> I'm not convinced yet that making those connection fail on purpose is a good idea though
[09:14] <slangasek> seb128: n/p.  feel free to discuss with pitti and whoever else about whether we should relax this setting for hardy
[09:14] <seb128> but I don't really have an idea about the number of broken configuration which are around
[09:14] <seb128> will do
[09:14] <slangasek> and I'll catch up in the morning :)
[09:15]  * pitti <- no clue about samba :(
[09:15] <slangasek> pitti: oh, well, most of what you need to know can be learned from scrollback + the last comments in the bug log ;)
[09:16] <seb128> pitti: read the current comment on https://launchpad.net/bugs/209520 and tell me what your gut feeling is about this option ;-)
[09:16] <slangasek> pitti: the only missing piece is "how easy is it to break this password mechanism?"
[09:19] <pitti> seb128: my gut feeling is that there should be a dialog box which explains the issue, instead of silently failing; WDYT?
[09:19] <seb128> pitti: right, that's for sure
[09:20] <slangasek> oh I agree, but I'm not sure that we get a proper feedback channel from libsmbclient for this :/
[09:20] <seb128> pitti: the question is rather to know if it should fail or not by default
[09:20] <pitti> so AFAICS it affects servers which are either still running win98, or badly configured samba, right?
[09:21] <seb128> I'm not sure how many users know that those are "badly configured"
[09:21] <pitti> IMHO disabling LANMAN by default makes sense; if it gets explained properly, then these servers can be reconfigured
[09:21] <seb128> ie, how many users have a similar config on a local network which worked until now and breaks in hardy
[09:21] <pitti> did previous Ubuntu releases configure samba with LANMAN by default?
[09:22] <seb128> dunno but it was not restricting access to those
[09:22] <pitti> i. e. will default hardy client fail to connect to default gutsy/dapper samba server?
[09:22] <slangasek> pitti: not all of them.  Win9x "servers" aren't capable of doing anything stronger than Lanman; likewise, any ancient Unix NASen based on Samba 2.x
[09:22] <slangasek> pitti: previous Ubuntu releases allowed lanman by default
[09:23] <seb128> I would argue that we should still allow those
[09:23] <pitti> slangasek: right, but I mean s/allowed/& only/
[09:23] <seb128> we will not fix the world by confusing users who try to use broken servers
[09:23] <seb128> servers they can use from other distros and gutsy
[09:24] <slangasek> pitti: uh... sorry, I think we're talking past each other, none of the lines of yours I was replying to had "allowed" in them and I'm now a little lost :)
[09:24] <slangasek> I should probably just go to bed ;)
[09:24] <seb128> we just get bad press than hardy can't connect to working servers at the moment where other distro can, admitelly that would be better if nautilus was displaying a proper error but I'm still not sure it would make those users happy
[09:24] <seb128> especially that often users don't have control over the servers they are trying to use
[09:24] <pitti> slangasek: I meant: if I apt-get install samba on dapper on server A, and install hardy on client B, will B fail to connect to A?
[09:24] <pitti> i. e. what's the default setting in dapper?
[09:25] <slangasek> seb128: note that agreeing to negotiate lanman auth exposes the user to a security risk, which is more of a problem than just not wanting random servers to not use weak auth...
[09:25] <pitti> seb128: I tend to agree (FSVO "working server" :) )
[09:25] <pitti> with the current explanation, these servers are not really working flawlessly, AFAIUI? (because they are a password stealing trap)
[09:26] <slangasek> pitti: I would have to check where in the history dapper's version of samba falls, but I believe that it should do encrypted passwords by default, and therefore work ok with hardy clients
[09:26] <seb128> slangasek: I would argue that it depends of the context
[09:26] <seb128> slangasek: people having 3 boxes on a local lan probably don't care about that, they just want their nas and server working as they used to
[09:27] <seb128> but in corporate environments you might want better security
[09:28] <slangasek> pitti: encrypted passwords are enabled by default in dapper, so hardy clients are perfectly compatible
[09:28] <pitti> slangasek: right, that was my primary concern; i. e. does it fail OOTB, or do you need to manually (mis-)configure it to fail
[09:28] <slangasek> seb128: well, I definitely disagree, but I recuse myself from this decision because I implemented this change in defaults myself with my maintainer hat on :)
[09:29] <pitti> seb128: in this case I still lean towards a better error message; people with broken ancient NASes can still change smb.conf to re-enable LANMAN again
[09:30] <seb128> slangasek: anyway no hurry, I'll speak with some other people about it to collect opinions, you should go to bed ;-)
[09:30] <pitti> and with modern Windows and supported distros it shouldn't be a problem either?
[09:30] <slangasek> right, 'night folks :-)
[09:30] <pitti> slangasek: sleep well! thanks
[09:30] <seb128> night slangasek
[09:30] <seb128> and thank you for your work on the issue ;-)
[09:31] <seb128> pitti: right, it just means new strings and it's not clear than libsmbclient has an api which makes it easy to know that the issue is due to this
[09:31] <seb128> pitti: ie, might not be easy to sru in hardy
[09:32] <pitti> right; might be necessary to grep it out of the log, or so?
[09:32] <pitti> but I can't believe that it has such a poor error reporting API?
[09:32] <seb128> pitti: not sure, I'm not a samba guy, now that we know what the issue is I'll try to have a look though
[09:33] <pitti> mvo: can you please apply bug 184238 to intrepid?
[09:33] <mvo> pitti: sure
[09:37] <mvo> pitti: its already fixed, forgot to update the bug :(
[09:37] <pitti> mvo: I didn't see it in the changelog; thanks
[09:37] <mvo> my bad, it was fixed upstream
[09:37] <mvo> and I forgot to add that to the changelog
[09:37] <mvo> when I did the merge
[09:38] <pitti> doko_: is bug 211309 actually an issue in sun-java{5,6}? If not, can the tasks be closed?
[09:54] <pitti> soren: same for virtinst (bug 221746)
[10:05] <asac> pitti: we dont forward bugs that are incomplete :)
[10:05] <asac> jcastro: ^^
[10:06] <pitti> asac: sometimes they become incomplete after forwarding
[10:06] <pitti> (happens to me quite often, at least); i. e. upstream needs further info, etc.
[10:06] <asac> pitti: well ... that discussion is usually done in upstream tracker, but the ubuntu task is mostly static after that point
[10:06] <asac> e.g. the upstream task would be "incomplete", while the ubuntu one stays at whatever state it was before
[10:08] <asac> makes sense or are you always changing the ubuntu task as well in-sync with the upstream status?
[10:09] <persia> If upstream needs information and the person coordinating the bug doesn't have it, using the Ubuntu bug to ask for it (and setting "Incomplete") makes sense.
[10:12] <asac> persia: point is that the ubuntu task is used to determine whether a bug was forwarded upstream in the +upstreamreport
[10:12] <asac> persia: i dont think that using the ubuntu task is a reliable way to determine that ... better look at the upstream status (e.g. is upstream bug "incomplete", "confirmed" or whatever)
[10:12] <seb128> asac: better to look if there is an upstream watch available
[10:13] <seb128> the status is not revelant there
[10:13] <asac> seb128: right. thats what i mean
[10:13] <asac> seb128: yeah, but still the
[10:13] <asac> +upstreamreport currently only uses Triaged ;)
[10:13] <asac> everything else is forgotten about
[10:13] <seb128> I know, most of the GNOME stats are broken due to that
[10:13] <asac> https://edge.launchpad.net/ubuntu/+upstreamreport
[10:13] <asac> seb128: well ... at least you are using Triaged for forwarded bugs ... which i am not ;)
[10:13] <seb128> because we have lot of confirmed bugs forwarded from the time before triaged
[10:13] <asac> seb128: so you are far better off atm :)
[10:14] <seb128> right ;-)
[10:14] <asac> seb128: right. in the past mozillateam moved forwarded bugs that were on track upstream to "in progress" :)
[10:15] <asac> jcastro: so read above: just use the watch count for open bugs to get the right count for forwarded bugs
[10:24] <guysoft42> hello all, i have a heavily modified system of ubuntu that i want to make bootable from a livecd. is that possible in any way?
[11:10] <pitti> Riddell: is bug 194474 still an issue in intrepid?
[11:17] <Riddell> pitti: no, intrepid uses kde 4 so different codebase
[11:17] <pitti> Riddell: thanks
[11:47] <pitti> tkamppeter: is bug 219999 an issue in intrepid? if 4.0 fixes it, pleaes close the task
[11:55] <pitti> asac: can you please upload epiphany-browser 2.22 to intrepid? (bug 236116); I can copy-package epy-extensions, but e-browser differs in hardy and intrepid
[11:56] <zul> good morning
[12:03] <pitti> hey zul
[12:05] <asac> pitti: ok looking
[12:40] <cjwatson> pitti: do you have a dhcp3 merge in progress? I need it to build d-i
[12:41] <pitti> cjwatson: only as far as "need to get to it RSN", if SRUs ever leave me some time :)
[12:41] <pitti> cjwatson: I just finished SRUs, though
[12:41] <pitti> so I can get to it after lunch
[12:41] <pitti> cjwatson: oh, we need 3.1 for d-i now?
[12:42] <cjwatson> yeah, netcfg's dhclient-script got merged into dhcp3-client-udeb so now netcfg requires the version where it was merged
[12:42] <pitti> cjwatson: ok, thanks for the poke; queued for the afteroon
[12:42] <pitti> afternoon, too
[12:43] <cjwatson> pitti: thanks, appreciated
[13:34] <ScottK> doko: It look likely that pyogg can be sync'ed now.  Do you mind if I look after it (you touched it last)?
[13:34] <ScottK> look/looks
[13:35] <doko> ScottK, not at all. thanks for doing that
[13:35] <ScottK> No problem.
[13:52] <jcastro> asac: so in your opinion it should be counting watches, not a certain status?
[13:53] <persia> Maybe count != (Invalid | Won't Fix)?
[13:54] <jcastro> persia: that sounds reasonable to me
[13:56] <seb128> jcastro: what the status changes to the fact that there is an upstream bug corresponding to the launchpad one?
[13:56] <jcastro> I don't understand your question
[13:59] <seb128> jcastro: why should the status do a difference there?
[13:59] <asac> jcastro: i think what matters for upstream is an absolute number. not something that measures the ratio
[14:00] <jcastro> seb128: that's just what we started with.
[14:00] <jcastro> I think keeping track of the watches themselves makes more sense though
[14:00] <seb128> ok, cool
[14:00] <jcastro> asac: well, I think having a ratio is a good thing to track as well
[14:00] <jcastro> asac: we know that number will never be 100%
[14:01] <jcastro> seb128: the report is still very much alpha, which is why I want to make sure we're measuring what you guys are doing
[14:01] <jcastro> and adjusting the report accordingly
[14:02] <jcastro> it shouldn't be "your numbers look weird, you are doing something wrong,"
[14:02] <jcastro> it should be "your numbers look weird, are we measuring the right thing?"
[14:03] <seb128> jcastro: right, and the reply is that you are not, we have hundred of GNOME bugs forwarded upstream which are "confirmed" because they have been sent upstream when launchpad had no triaged for example
[14:03] <jcastro> yep
[14:04] <freeflying_> when I try to merge fbreader from sid, I found it build-deps on a package dosen't exist in ubuntu, so what the workflow for such a case, btw, fbreader is in main
[14:04] <persia> freeflying_: On which package does it depend?
[14:05] <asac_> jcastro: sorry. reconnect
[14:05] <freeflying_> persia: liblinebreak-dev
[14:06] <persia> freeflying_: https://launchpad.net/ubuntu/+source/liblinebreak ?
[14:06] <jcastro> asac_: http://paste2.org/p/39840
[14:07] <asac_> jcastro: right
[14:07] <persia> freeflying_: Alternately https://launchpad.net/ubuntu/intrepid/+package/liblinebreak-dev or https://launchpad.net/ubuntu/+source/liblinebreak/0.9.6-5
[14:07] <persia> It probably needs a MainInclusionReport for the merge
[14:07] <asac_> jcastro: anyway, i think the problem with the ratio is that its hard to tell for sure what bugs should be forwarded. especially since we have no real common usage of bug statusses
[14:08] <freeflying_> persia: wired, my latest intrepid chroot can't find it
[14:08] <asac_> stati ;)
[14:08] <jcastro> asac_: yeah each team does it different.
[14:08] <jcastro> asac_: that's the reason I sent you guys that mail
[14:09] <persia> freeflying_: it's in universe only: things in main need to build against main, which is likely the issue you see.
[14:10] <freeflying_> persia: thanks for clarify this for me :)
[14:10] <seb128> jcastro: to who did you send mails?
[14:11] <jcastro> seb128: calc and asac so far, since their packages showed up obviously wrong in the report.
[14:11] <seb128> jcastro: ok, just checking if I should have received a mail or not
[14:12] <asac_> jcastro: ok. i think the ratio watch vs. upstream task without watch could be used as something that would fit in our new bug workflow
[14:12] <jcastro> seb128: I am planning on bugging you guys as a group during the sprint
[14:12] <seb128> alright
[14:12] <jcastro> seb128: your columns are still mostly green so I'm going after the ones that look bad first. :)
[14:13] <seb128> jcastro: right but the numbers are far to be as good as they should :-p
[14:13] <jcastro> seb128: right.
[14:13] <seb128> since half of the forwarded bugs are "confirmed" and not counted ;-)
[14:13] <jcastro> yeah
[14:13] <jcastro> the thing is that kiko wants confirmed to go away and is specifically measuring triaged instead
[14:13] <jcastro> but that's a different argument, heh
[14:15] <asac_> jcastro: the ubuntu state makes no sense. how about what i just proposed: compare upstream task without watch with upstream task with watch?
[14:15] <asac_> according to launchpad "advanced search" adding an empty upstream task is similar to expressing that this needs to be forwarded
[14:15] <jcastro> asac_: yeah I have that down here in my notes to ask kiko about it (he actually implements the report)
[14:16] <asac_> jcastro: ok cool
[14:17] <seb128> asac_: almost nobody is bothering adding empty upstream tasks for the bugs that need to be forwarded though
[14:17] <asac_> seb128: well. thats the official mean to express that though :) ... so if there is something you can use to measure that then its that
[14:17] <asac_> seb128: and i will try to make more use of that in future
[14:18] <seb128> I would rather like a setting the other way
[14:18] <seb128> because 99% of the GNOME bugs we receive are upstream one
[14:18] <asac_> seb128: which way?
[14:18] <seb128> and I would prefer to flag 1% as distro bugs rather than 99% as upstream bugs
[14:19] <seb128> default to "this is a bug in the software"
[14:19] <asac_> seb128: so you want to have an empty upstream task opened by default?
[14:19] <seb128> and having a way to express the bug is rather an ubuntu one
[14:19] <seb128> not sure if the empty upstream task is the right semantic there
[14:19] <seb128> but yeah, I would like to have things considered as upstream issues by default
[14:19] <asac_> seb128: you could do your "flag 1% as distro" by setting the empty upstream task to "invalid"
[14:19] <seb128> but that's what they are most of the time
[14:19] <seb128> right
[14:20] <jcastro> that's an interesting way to look at it
[14:21] <seb128> jcastro: we are a distribution so ideally we just distribute upstream code and have no ubuntu specific issues ;-)
[14:22] <jcastro> yep
[14:22] <ScottK> OTOH it doesn't take so many packaging bugs forwarded upstream before we lose credibility.
[14:22] <jcastro> well, the people forwarding the bug would be the same person who is doing it now
[14:23] <asac_> ScottK: why would that happen if we add an empty upstream task by default?
[14:23] <asac_> why would that happen more frequently ?
[14:23] <ScottK> Just saying that we need to be thoughtful about shipping all bugs upstream.
[14:23] <seb128> nobody speak about doing that
[14:24] <ScottK> OK.  That's how I read "I would like to have things considered as upstream issues by default".
[14:24] <ScottK> Nevermind then.
[14:24] <jcastro> ScottK: he means an empty task thing on launchpad
[14:24] <ScottK> Ah.
[14:24] <seb128> that would be rather a workflow change
[14:25] <jcastro> ScottK: though, we've had brainstorming sessions on how to make it easier to file bugs in an upstream bugzilla and yes, it can be scary sounding
[14:25] <seb128> rather than having to open empty upstream tasks for all the bugs you would just have to reject some for bugs which are distro specific
[14:25] <asac_> well, we have to ensure that triagers really know that you are not supposed to forward anything that is incomplete
[14:25] <jcastro> ^^^^
[14:26] <seb128> ideally only triaged bugs should be forwarded anyway
[14:26] <seb128> and by the time they are triaged the upstream task should be closed if that's a distro specific bug
[14:26] <asac_> seb128: so we could auto create empty upstream task once a bug goes to triaged \o/
[14:26] <jcastro> asac_: but you said you're not using triaged
[14:27] <seb128> would work for me if you have a box saying "distro bug"
[14:27] <asac_> jcastro: thats a historical thing
[14:28] <asac_> jcastro: i dont want to do two things just to indicate that a bug is ready to go up
[14:28] <jcastro> asac_: afaik confirmed is eventually going away right?
[14:28] <asac_> so either set to triaged, or use launchpad upstream task. i use launchpad upstream task :)
[14:28] <seb128> jcastro: why should it?
[14:28] <asac_> because thats what the advanced search page suggests imo
[14:28] <jcastro> seb128: dunno, that's what kiko wants
[14:29] <seb128> he's the one who insisted to adding the extra confirmed and triaged thing in the first place no?
[14:29] <jcastro> seb128: clearly there needs to be some kind of discussion because I haven't gotten any solid yes or no answer from anyone
[14:29] <seb128> alright
[14:30] <jcastro> I'll bring it up to heno because if they are getting rid of triaged then it might make sense to do it sooner rather than later in the cycle
[14:31] <pitti> zul: hm, the apache merge log is confusing; it doesn't list the remaining changes from Debian, but the changes in that upload
[14:32] <pitti> zul: do we still actually have a delta? AFAIR, infinity and Mithrandir went to great effort to synchronize the package in hardy
[14:32] <pitti> (gutsy and feisty, too)
[14:33] <zul> pitti: no we dont, I should have synced it
[14:38] <freeflying_> who can have a look of this bug #239069
[14:38] <freeflying_> #239069
[14:40] <Pici> The bot is currently undergoing a server upgrade ;)
[14:40] <masood> hi everybody
[14:42] <masood> i'm a beginner here.. can someone tell me how team channel are different from support ones?
[14:44] <freeflying_> its really a security relate bug
[14:46] <Pici> masood: Ubuntu doesnt come together magically, these channels are here for planning, bug fixing and development discussion to go on :)
[14:46] <pitti> freeflying_: how is that a security issue?
[14:47] <freeflying_> pitti: just wonder :)
[14:47] <masood> pici: i figured that out a while ago, I'm just not sure in which channel should I ask my question :D
[14:48] <Pici> masood: Well, I'd start in #ubuntu and hope they point you in the right direction :)
[14:48] <foka> LP:239069 has become a rather high profile issue in the Chinese GNU/Linux community.
[14:48] <foka> Or rather, controversial issue.
[14:49] <foka> BenC1, Hi!
[14:49] <foka> It started here: http://bbs.chinaunix.net/viewthread.php?tid=1154718
[14:50] <freeflying_> foka: no one can read Chinese here, besides you and me :)
[14:50] <foka> A local developer (of a local Chinese distribution) began complaining that there are too many blind fans/sheep of Ubuntu
[14:51] <foka> freeflying_, Right, but just to offer some perspective.
[14:51] <masood> pici: k. thanks for the help ;)
[14:51] <foka> I guess there are indeed some over-zealous Chinese Ubuntu fans, which is both good and bad...
[14:51] <freeflying_> foka: lets forget the qurrel, come back to the bug itself :)
[14:52] <foka> Anyhow, that certain developer (cjacker) noticed that bug as a proof to those "mindless Ubuntu fans" that Ubuntu core isn't as good as it seems, and claiming that this bug is worse than a kernel panic.
[14:52] <BenC> foka: hey
[14:53] <foka> freeflying_, You're right, but just again, I'm offering more background info as to why it may be good PR to investigate this bug and get it fixed ASAP.
[14:53] <foka> freeflying_ is right in saying "let's forget about the quarrel and focus on the bug itself" though.
[14:54] <tkamppeter> pitti, I have closed bug 219999 now. Thanks for remombering me.
[14:54] <pitti> tkamppeter: thanks
[14:55] <foka> But it is a somewhat perplexing and evasive bug, as not all people can reproduce it yet.
[14:56] <foka> A small bit of information that isn't reflected in the Launchpad bug report yet:  cjacker mentions it could be related to a particular version of libc6 and bash and wtmp/utmp, i.e. hinting an upstream issue.  (though cjacker's main point is that Ubuntu's QA is slightly insufficient)
[14:56] <foka> Let me try to go through the Chinese discussion more thoroughly and try to pick out more technical info.
[15:05] <kirkland`> pitti: hey, i had another idea, wrt to ecryptfs and mounting/unmounting
[15:07] <pitti> hi kirkland`; oh?
[15:08] <kirkland`> pitti: another option would be to create a group for ecryptfs users (say, ecryptfs), and allow those users sudo access to mount and unmount commands?  or do you think that would give too much access to those two commands?
[15:09] <pitti> kirkland`: we are currently trying to abolish all groups which control device/privilege access, so I don't like this at all
[15:09] <kirkland`> pitti: gotcha, okay
[15:09] <pitti> kirkland`: apart from this, unlimited mount == root
[15:09] <kirkland`> pitti: okay, i'll work on the custom unmount more today
[15:10] <pitti> kirkland`: thus, you could just as well work as root in the first place
[15:34] <pitti> ogra: do you still remember dhcp3's revert-next-server.dpatch patch? what is it good for? the code changed in 3.1.1, so the patch doesn't apply any more
[15:35] <ogra> i can take a look
[15:35] <pitti> ogra: I guess it broke LTSP somehow?
[15:35] <ogra> it breaks old ltsp configs and is totally useless for standalone servers
[15:35] <pitti> ogra: I would disable it for now (for the merge), is that ok for you?
[15:36] <ogra> sure, i can merge it back in later
[15:36] <ogra> lets get that CD out :)
[15:36] <pitti> or, rather, develop a new patch (this time with upstream preferably)
[15:36] <ogra> upstream refuses to take that change
[15:36] <ogra> we had long discussions
[15:36] <ogra> its already over 2 years old
[15:48] <jsgotangco> jcastro: do you rememer ColinCharlesQueue
[15:48] <jsgotangco> remember
[15:52] <jcastro> jsgotangco: yeah, he was in sydney
[15:53] <jsgotangco> jcastro: yeah he's currently in Manila and meeting up with him tomorrow. I think Sun/MySQL has an event here heh, just wondering if you still remember him
[15:54] <jcastro> jsgotangco: yeah, say hi for me please.
[15:54] <jcastro> jsgotangco: he was one of the editors that you had to have approve your spec to get it past the Drafting stage
[15:54]  * jcastro remembers that not being very fun. :p
[15:55] <jsgotangco> lol yeah
[15:55] <jsgotangco> old skool
[16:07] <DktrKranz> pitti, since you sponsored last merge, any chance to look at scons (bug #226783) ? Current version causes some FTBFS with some packages in the archives.
[16:09] <pitti> DktrKranz: not right now, but later/tomorrow; I assigned it to me
[16:10] <DktrKranz> pitti: thanks.
[16:19] <pep> Hi! I will be attending an install party the 5th of July, that was organised thinking that 8.04.1 will be out by then (it was planned 3rd july on hardy release schedule). Now on intrepid schedule I see it will be at the soonest the 10th. Will there be a stable release candidate out by then? Stable enough to install it on user machines?
[16:19] <pep> If not we will make our own .iso simply out of an up-to-date hardy... but I was wondering if we could not already install the 8.04.1rc...
[16:22] <Kl4m> The schedule says July 3rd
[16:23] <pep> Kl4m: that's what I thought too, when someone pointed out to me that this one said july 10th... https://wiki.ubuntu.com/IntrepidReleaseSchedule
[16:26] <Kl4m> Hmm https://wiki.ubuntu.com/HardyReleaseSchedule says 3
[16:26] <pep> jupp
[16:27] <pep> you see we're wondering what to do, if it will be out by july 5th or not....
[16:29] <pep> if it will, then no problem, if not, then my question is: will there be a stable rc? or do you think it is safe to use a working daily build? or just modify an iso to make it up-to-date?
[16:32] <cjwatson> I would expect that daily builds would be safe to use by then, even if 8.04.1 isn't out
[16:32] <cjwatson> it would likely be waiting for testing and certification to complete
[16:33] <cjwatson> you won't gain much by building your own, and that's more likely to create problems than not, I expect
[16:39] <pep`> back, sorry, the internet connection is bad here :( last phrase I got was "<cjwatson> you won't gain much by building your own, and that's more likely to create problems than not, I expect"
[16:39] <pep`> thanks for the info
[16:39] <pep`> we already did this for a previous install party and it worked out great, but it sure would be easier to use .1 directly...
[16:39] <_MMA_> pep: That was the last message from cwatson.
[16:40] <pep> thank you!
[16:42] <pep> do you think the intrepid release schedule ismore trustworthy? or rather the hardy one? because I am preparing an email to the LUG to inform them of this problem we might have..
[16:52] <pep> Who must I contact or where must I ask to have the best possible opinion about the release of 8.04.1 ?
[16:53] <cjwatson> pep: preferably, don't ask every ten minutes ;-)
[16:54] <cjwatson> pep: at least the end of the intrepid release schedule is rock-solid, but early milestones are always fluid depending on what can be made to work
[16:54] <pep> ah no, I'm just wondering if there is a channel dedicated to the development of hardy LTS...
[16:54] <cjwatson> you are in it
[16:54] <pep> ok ;)
[16:54] <cjwatson> of course it's also dedicated to other things
[16:55] <pep> then I can safely assume and tell my LUG that it will not be out by 5th July I suppose. Thank you ;)
[16:55] <cjwatson> huh? when did I say that?
[16:55] <pep> oh, ok... so it's not sure...
[16:55] <cjwatson> IF it is not out by 5th July, it will likely just be waiting for testing to complete
[16:56] <cjwatson> but the current schedule has it due to release on 3rd July
[16:56] <pep> Ah, ok thank you, that was what I wanted to know, which schedule to trust.
[16:56] <cjwatson> there is only one relevant schedule ...
[16:57] <cjwatson> you definitely don't want to use an early milestone of intrepid for widespread installation
[16:57] <pep> ok :)
[16:57] <cjwatson> it's meant for experienced testers only at this stage
[16:57] <cjwatson> (and developers, obviously)
[16:57] <pep> hehe, yes I understand
[17:02] <pitti> ogra: ah, ignore me; it still applies
[17:15] <pep> thanks for the advice, have a nice day.
[17:25] <mvo> Riddell: what package has dcopidl nowdays with kde4?
[17:33] <norsetto> asac: I have had no reply to my comment on the gnome-mplayer ITP (dbug 415381). How do you want to proceed?
[17:34] <asac> norsetto: just upload ;)
[17:34] <asac> norsetto: take ownership -> upload
[17:34] <asac> debian bug 415381
[17:34] <norsetto> asac: err ... upload to where?
[17:35] <asac> norsetto: what email do you plan to use for debian package contact?
[17:35] <norsetto> asac: the usual norsetto@ubuntu.com
[17:37] <asac> norsetto: ok i set owner to you dropping a mail that I will upload your package if we dont get a veto in a few days
[17:38] <norsetto> asac: ok, thx
[17:40] <Riddell> mvo: kde 4 doesn't use dcpo
[17:40] <Riddell> dcop
[17:43] <mvo> Riddell: aha, thanks
[18:11] <Riddell> jdstrand, kees: so got those MIRs scheduled in for sometime soon?
[18:11] <Riddell> pitti: not able to look at qca2 MIR?
[18:12] <pitti> still doing the dhcp3 merge requested by Colin (gosh, taking 4 hours already)
[18:12] <jdstrand> Riddell: I will be looking at chmlib soon yes. kees has the other one
[18:19] <calc> anyone know of a console utility that can read info from a truetype font and output info about it?
[18:19]  * calc used to a have a script to usefully rename ttf fonts but can't find it
[18:20] <Riddell> jdstrand: what about libzip?
[18:20] <jdstrand> Riddell: I just saw that today-- kees or I will pick it up
[18:20] <slangasek> pitti: did you and seb128 get anywhere on the question of lanman client enabling?
[18:21] <pitti> slangasek: I think we should keep it disabled and provide a better error message, since AFAIUI it does not affect a majority of users, and in the affected cases the server should really be updated
[18:22] <slangasek> well, providing a better error message is a lot harder than re-enabling it would be; does that change your opinion?
[18:22] <slangasek> (the libsmbclient API is intended to be POSIX-like, so no extended samba error messages are available without capturing debug logs of some kind)
[18:29] <pitti> cjwatson: hm, I need to leave to Taekwondo soon; I'm afraid I have to continue this dhcp3 mega-merge tomorrow morning
[18:30] <pitti> slangasek: hm; I'm just afraid of endlessly proliferating such setups
[18:31] <pitti> but that's just gut feeling; I don't know much about Samba for an objective judgement
[18:33] <slangasek> well, due to bug #1, I'm not sure that Ubuntu is a major factor yet in whether it's practical for sites to deploy such servers :)
[18:33]  * slangasek smirks at ubottu u
[18:38] <pitti> slangasek: OTOH, when we enable it, there will be no encouragement (or even knowledge) about it, so that it will stay that way forever?
[18:38] <slangasek> pitti: fwiw, I found the upstream thread that discusses how these default settings have been changed on the Windows side; it sounds like Vista Enterprise is even more strict than we are currently: http://lists.samba.org/archive/samba-technical/2007-February/051421.html
[18:39] <slangasek> pitti: well, we could leave it disabled in intrepid maybe, and hope that time takes care of things for us? :)
[18:40] <pitti> slangasek: I can live with that
[18:41] <pitti> bye everyone
[18:43] <slangasek> pitti: ah, I need more direction than "I can live with that" :-)  Do you want me to prepare a samba SRU that reverts this change?
[18:46] <\sh> hmm...riddell and I are missing dl.so from python2.5 on amd64... gcc -pthread -shared -Wl,-O1 -Wl,-Bsymbolic-functions -Wl,-Bsymbolic-functions -fno-strict-aliasing -DNDEBUG -g -fwrapv -O3 -Wall -Wstrict-prototypes -I. -IInclude -I../Include build/temp.linux-i686-2.5/build/buildd/python2.5-2.5.2/Modules/dlmodule.o -o build/lib.linux-i686-2.5/dl.so is missing somehow from the amd64 build :)
[18:47] <SynthroidMan> http://synthroid.co.uk/
[19:01] <kees> Riddell: I already looked at openbabel (bug 236051) and assigned it back to you after including the results of my audit.
[19:01] <kees> Riddell: short version: I can't recommend it for main.
[19:01] <Riddell> kees: saw that thanks, upstream say they're looking into your comments
[19:02] <kees> Riddell: okay, cool.
[20:15] <paulproteus> I'm the Debian maintainer of the alpine package, and I see this bug in Ubuntu: https://bugs.launchpad.net/ubuntu/+source/alpine/+bug/120735
[20:16] <paulproteus> What is the right way for me to handle it?  alpine is in universe, fwiw; this bug was fixed a year ago but the bug affects Ubuntu 7.04.
[20:18] <paulproteus> Hmm, I'm told: " You are not the bug assignee nor the maintainer of alpine (Ubuntu), and therefore cannot edit this bug's status. "
[20:19] <DktrKranz> paulproteus, you may want to ask for a stable release update (see https://wiki.ubuntu.com/SRU). Also, in order to edit bug status, you need to login in Launchpad.
[20:20] <paulproteus> I don't think it's that critical, DktrKranz.  (I'll see about logging in now.)
[20:20] <paulproteus> Should I just leave a note telling the reporter to upgrade and mark it as invalid?
[20:21] <ScottK> paulproteus: It's fixed in releases later than Feisty ?
[20:21] <DktrKranz> You should mark it as fix released
[20:21] <paulproteus> ScottK, Bingo.
[20:22] <ScottK> paulproteus: It's as DktrKranz says then.  It should be fix released.  I'll mark it.
[20:22] <paulproteus> I'll mark it, ScottK.
[20:22] <paulproteus> I need the practice. (-:
[20:22] <ScottK> paulproteus: I already did.  Sorry.
[20:22]  * paulproteus shrugs, I'll find another then. (-:
[20:24] <DktrKranz> paulproteus, you have tree more to practice :)
[20:26] <paulproteus> DktrKranz, Pending feedback from the submitter. (-:
[20:27] <psyke83> hi asac, can I ask you a quick question re: Firefox? I was told you've got experience with the code. I'm working with Cory on UbuntuStudio's dark theme, and I had an idea re: Firefox, but I'm not sure if it's feasible. I was wondering if it's possible to force Firefox to use native widgets only for rendering of websites (not the actual interface of Firefox such as menus, popup windows, toolbars and options windows)?
[20:28] <psyke83> asac, my idea is to force Firefox to render widgets using Human-Murrine as dark widgets simply look out of place on 95% of websites, who often make bad decisions re: colour choices in style sheets, etc.
[20:55] <munckfish> cjwatson: hi you got a minute?
[20:55] <cjwatson> munckfish: sure
[20:55] <munckfish> I'm still trying to get the series/milestones setup on LP for PS3
[20:56] <munckfish> Tiago made me Driver
[20:56] <munckfish> but that still hasn't given me the "Add a series" link
[20:56] <munckfish> do you know what's needed?
[21:01] <cjwatson> munckfish: should be "Register a series", https://launchpad.net/ubuntu-ps3-port/+addseries
[21:02] <cjwatson> blink, why did he make specifically you driver rather than a team?
[21:03] <munckfish> cjwatson: we were trying to work out how to give the required perms
[21:03] <munckfish> the doc on help.lp.net said I had to be either driver or registrant
[21:03] <munckfish> but seems not
[21:03] <munckfish> can you fix it?
[21:03] <munckfish> as in make the team driver instead
[21:03] <cjwatson> I can't fix it
[21:04] <cjwatson> I don't have any kind of special launchpad god-mode permissions
[21:04] <munckfish> cjwatson: I am forbidden to access that page
[21:04] <cjwatson> give me a minute, I'm checking the code (since I can at least do that)
[21:04] <munckfish> cjwatson: I know but I thought you had better perms than me on the project page
[21:04] <munckfish> cjwatson: wow insider stuff, cewl
[21:04] <cjwatson> don't see how, Tiago's registrant, you're driver ...
[21:11] <cjwatson> munckfish: Tiago should be able to do it. I think he just missed it
[21:11] <cjwatson> munckfish: give him the URL I gave you
[21:11] <cjwatson> munckfish: or else get him to make some suitable team registrant so that you can be in the registrant group too
[21:11] <munckfish> cjwatson: ok I'm getting some help on #launchpad now
[21:12] <cjwatson> adding series to products requires either "registry experts" (a special team), the registrant, or a Launchpad admin
[21:12] <munckfish> cjwatson: I understand
[21:12] <munckfish> I think the registrant should be a team in that case
[21:14] <cjwatson> munckfish: that is often appropriate, yes
[21:14] <cjwatson> please make sure a bug's filed about the documentation saying that you need to be either driver or registrant - it doesn't match the code, so one or the other is wrong
[21:25] <jcole> is the latest dri "enabled" in ubuntu kernels -> http://dri.freedesktop.org/wiki/Building
[21:25] <jcole> or does one need to follow that guide to get the latest dri
[21:31] <kirkland> I'm calling the umount() system call in a C program.  It seems that /proc/mounts is updated properly, but not /etc/mtab ...  What needs to happen such that /etc/mtab is sync'd and sees the changes?
[21:33] <slangasek> you need to edit /etc/mtab in your C program... :)
[21:33] <kirkland> slangasek: oh, seriously?
[21:33] <slangasek> the functions setmntent(), getmntent(), and addmntent() will help
[21:33] <kirkland> slangasek: cool, thanks.
[21:33] <slangasek> why calling umount() directly instead of via the umount program, though?
[21:34] <kirkland> slangasek: I need to create a setuid program to umount as a non-root user
[21:34] <slangasek> presumably this is an suid helper that has already done the necessary security checks, so you could safely call /bin/umount instead of umount()
[21:35] <kirkland> slangasek: being written from scratch, i can go any route that is recommended
[21:36] <kirkland> slangasek: this is back to solving last week's problem regarding pam_mount's inability to umount a filesystem on ssh logout
[21:36] <slangasek> kirkland: well, my assumption is that your helper has already done the necessary security checks in your helper - this assumption needs to hold true whether you call umount() or /bin/umount :)
[21:36] <kirkland> slangasek: seems that umount supports such "helper" programs
[21:36] <kirkland> slangasek: ;-)
[21:37] <kirkland> slangasek: but your suggestion of calling out to /bin/umount is a good one, as that would take care of /etc/mtab for me, right?
[21:38] <slangasek> kirkland: so, with that assumption in place, you might as well just setuid(0) and invoke /bin/umount, yes, since that will take care of all the niceties for you
[21:38] <slangasek> as for as umount supporting "helper" programs, those are for per-filesystem handlers
[21:38] <slangasek> mount/umount already know how to handle this filesystem type, right?
[21:39] <kirkland> slangasek: yes
[21:39] <slangasek> yeah - so calling /bin/umount as root for the dirty work is better
[21:39] <kirkland> slangasek: and "security checks"; user owns the mountpoint, perhaps a check of open fh's on that mountpoint....  anything else?
[21:40] <slangasek> I don't think you need to check for open fds, /bin/mount will do that for you
[21:40] <kirkland> slangasek: okay, good
[21:41] <slangasek> is there a corresponding mount wrapper?
[21:41] <kees> what's the method for checking mountpoint ownership?  aren't those overridden by the underlying filesystems's perms?
[21:41] <slangasek> I'm wondering if the mtab entry for the mount should somehow record that the user in question is the one who /did/ the mounting
[21:41] <slangasek> kees: exactly
[21:42] <kirkland> slangasek: pam_mount actually works well mounting the FS, so I was just going to "fix" the unmounting with a custom unmount setuid program
[21:43] <kirkland> kees: i was thinking access()
[21:43] <kirkland> kees: well, maybe not....
[21:44] <slangasek> access() will only tell you the ownership of the root node of the filesystem, not of the mountpoint
[21:45] <slangasek> i.e., in order to determine the ownership of the mountpoint, this will have to be recorded somewhere at mount time
[21:46] <slangasek> (with /etc/mtab being the obvious place)
[21:46] <kirkland> slangasek: kees: what about checking the ownership of the device?
[21:47] <kirkland> slangasek: kees: what we're dealing with here is mounting /home/user/.Private onto /home/user/Private
[21:47] <kirkland> slangasek: kees: the intention is for user:user to own both of those, permed 700 when mounted, and 500 when not mounted
[21:47] <slangasek> checking the ownership of the device is also race-y
[21:48] <slangasek> what do you do if the user *removes* /home/user/.Private, prior to unmounting?
[21:49] <kirkland> slangasek: hmm, well, they've hosed their underlying encrypted data in that case
[21:49] <slangasek> sure
[21:49] <slangasek> but why should that leave them unable to unmount it? :)
[21:50] <slangasek> actually, as long as it's mounted, they haven't hosed it because the kernel still has a reference and they'll still be able to access it...
[21:50] <kirkland> slangasek: well, additionally, i'd also expect that the top node of the mounted filesystem to match ownership
[21:50] <slangasek> but that's not an argument in support of breaking the unmount semantics IMHO :)
[21:51] <kirkland> slangasek: ie, a "Private" directory should only be mounted/unmounted/read/written/listed by the user owning it
[21:51] <slangasek> these are all heuristics that you're trying to use to answer the question, "is the mount point specified here one that was mounted as part of the user "private data" implementation?"
[21:51] <slangasek> the best way to answer that question without heuristics, AFAICS, is to /tag/ the mount at the time it's done, with this info
[21:52] <kirkland> slangasek: okay, so this is what's currently written to mtab:
[21:52] <kirkland> /home/kirkland/.Private.ecryptfs /home/kirkland/Private ecryptfs rw,noexec,nosuid,nodev,ecryptfs_sig=5b25c24a4bd3ed6e,ecryptfs_cipher=aes,ecryptfs_key_bytes=16,,ecryptfs_cipher=aes,ecryptfs_key_bytes=16,user=kirkland 0 0
[21:53] <kirkland> slangasek: the user=kirkland part is there because it's currently an entry in /etc/fstab
[21:53] <kirkland> slangasek: and that's what currently allows me to mount/unmount as non-root user
[21:53] <slangasek> kees: do you know if we have any raciness involved in reading /etc/mtab?  is there a standard way to lock the mtab so that we're assured to not race against a different mount being done at the same time as the unmount on the same mount point?
[21:53] <slangasek> kirkland: ummm, what's the "user=kirkland"?
[21:53] <kirkland> slangasek: pitti has suggested that i remove the dependency on reading/writing /etc/fstab
[21:53] <slangasek> oh, you just answered that question
[21:53] <slangasek> ho-hum
[21:53] <slangasek> :)
[21:54]  * kirkland types to slow for slangasek :-)
[21:54] <kirkland> slangasek: i can easily keep that user=kirkland bit as part of the custom mount setup in pam_mount
[21:54] <kirkland> slangasek: perhaps that gets us what we need there
[21:54] <kees> slangasek: hmm, I don't know of any mount "lock" routines
[21:55] <slangasek> well, if you do *that*, I don't think you need a custom unmount wrapper at all. :)
[21:55] <kirkland> slangasek: right, exactly
[21:55] <slangasek> kirkland: so yes, I think that's by far the simplest solution :)
[21:55] <kirkland> slangasek: erg...  can you me and pitti sit down and have a pow-wow about this?  :-)
[21:55] <kirkland> i'm quite literally running around in circles!
[21:56] <kirkland> slangasek: i've been on a week-long wild goose chase trying to *not* have a script updating /etc/fstab
[21:56] <kirkland> and every day that goes by, that seems like the easiest solution
[21:57] <slangasek> kirkland: oh, I'm not suggesting updating /etc/fstab
[21:57] <kirkland> kees: speaking of /etc/mtab locking, what was it that we had to do for the udev/upstart bits about nfs mounts not showing up on startup?  we had some lock issues to solve there
[21:57] <slangasek> kirkland: but I think if you add -ouser=kirkland as a mount option when mounting, it will be echoed to /etc/mtab
[21:57] <kirkland> slangasek: okay, i missed something
[21:58] <kirkland> slangasek: yup, i agree with that....
[21:58] <calc> nautilus cd burner defaults not to using burnproof if available?
[21:58] <kirkland> slangasek: okay, so do that on mounting
[21:58]  * calc is looking in gconf-editor on a fresh installed system
[21:58] <kirkland> slangasek: and continue with my custom umount wrapper work?
[21:59] <slangasek> kirkland: if you're able to pass user=kirkland into the /etc/mtab entry, I think the unmount might work as a normal user?
[21:59] <slangasek> maybe not, hmm
[21:59] <kirkland> slangasek: nope, i tried that :-(
[21:59] <slangasek> ok
[22:00] <slangasek> then I believe you want a) to get a distinguishing option into /etc/mtab at mount time, b) a custom unmount wrapper that checks this option before doing the unmount
[22:00] <kirkland> slangasek: i can look at the umount source code, it might just be an arbitrary /etc/fstab check.... but it does error out with "umount: /home/kirkland/Private is not in the fstab (and you are not root)"
[22:00] <joaopinto> kirkland, the mount man pages tells that the user option allows to mount/unmount the fs
[22:01] <slangasek> kirkland: right, I half-suspected that
[22:01] <slangasek> joaopinto: but only if the user option appears in /etc/fstab, which we're trying to avoid writing to
[22:01] <kirkland> slangasek: would a "fix" to umount be in order, changing that behavior?
[22:01] <slangasek> kirkland: no :)
[22:01] <joaopinto> slangasek, not really, the man refers to mtab
[22:01] <kirkland> slangasek: :-p
[22:02] <joaopinto> quoting: "The name  of  the mounting user is written to mtab so that he can unmount the file system again. "
[22:02] <kees> kirkland: that was related to handling if mtab existed yet or not
[22:02] <kirkland> joaopinto: what man page is that?
[22:03] <kees> kirkland: to check for old entries, etc
[22:03] <joaopinto> kirkland, man mount, user= option
[22:03] <kirkland> kees: oh, right... race on creation, not mulitple simultaneous editors
[22:04] <slangasek> joaopinto: but the username in mtab only helps if the option is also in fstab.
[22:04] <kirkland> joaopinto: right, perhaps that documentation could be stated more clearly
[22:04] <joaopinto> slangasek, well, you can pass the option from a system call mount, it doesn't need to be on the fstab
[22:04] <kirkland> joaopinto: but in practice, what i'm seeing is that umount will check /etc/fstab before /etc/mtab
[22:04] <slangasek> um, that's not the existing security model
[22:05] <slangasek> which should not be changed haphazardly
[22:05] <kirkland> slangasek: so should I recycle the user= option, or something more custom-identifiable?
[22:06] <slangasek> kirkland: given that the security policy for unmounting these will be explicitly different than the one built into unmount, it should have a different option name as well
[22:07] <kirkland> slangasek: everything else has ecryptfs_, so ecryptfs_user=kirkland then
[22:07] <slangasek> is ecryptfs_ the name of the tool, or the underlying fs?
[22:07] <kirkland> slangasek: ecryptfs is the name of the filesystem
[22:08] <kirkland> slangasek: ecryptfs-utils is the userspace package
[22:08] <kirkland> slangasek: ecryptfs-setup-confidential is the script that I'm working on to setup up the mountpoints, keys, settings, ciphers, etc.
[22:08] <slangasek> then I would tend to suggest an option name that's tied specifically to the implementation of this spec, rather than eating into the namespace for options related to the filesystem itself
[22:09] <kirkland> slangasek: umm, something more generic like mounted_by=kirkland ?
[22:10] <slangasek> ubuntu_private_owner=kirkland? :)
[22:11] <kirkland> slangasek: ah, more like that, huh....
[22:12] <kirkland> slangasek: okay, so the security check now becomes a) is an ecryptfs mount, b) has ubuntu_private_owner=kirkland option
[22:12] <kirkland> slangasek: and i don't look at the perms of the mountpoint or the device or anything?
[22:21] <kirkland> slangasek: okey doke, thanks for your awesome assistance ;-)
[22:24] <joaopinto> hum, umount referes to the need of using an umount helper for regular users to umount fs which are not defined on fstab, so yes, there is something wrong with the mount/umount user option description
[22:29] <slangasek> kirkland: yep, that should do it :)
[22:51] <kirkland> pitti: could you please try syncing ecryptfs-utils from Debian again when you come online?  Thanks ;-)
[22:51] <kirkland> pitti: I'd like to see the 48-1 version pulled from Debian into Intrepid
[23:49] <kirkland> slangasek: regarding ubuntu_private_owner=kirkland ... to make this upstream-palatable, could I say ecrypts_private_owner=kirkland?
[23:49] <kirkland> slangasek: or something along those lines?
[23:50] <kirkland> slangasek: all of my work has been going smoothly into ecryptfs-utils upstream git
[23:50] <slangasek> kirkland: oh, if you think the helper tools are going to end up integrated upstream, then yeah, that would make sense
[23:50] <kirkland> slangasek: yeah, all of this is going upstream, cool, thanks.