[00:01] Ok. That should be easy, then; just a $PACKAGENAME.install file containing "foobar.script usr/share/mythtv/mythstream/parsers" [00:01] great, got that [00:01] the file installs just fine, it's just getting it packaged and past revu thats a pain ;) [00:01] Yes. [00:02] but so far, i've complied with everything, it's just this diff problem [00:21] tgm4883_laptop: Sorry, gnome-terminal crashed. [00:22] tgm4883_laptop: What is the usr directory there for? [00:22] tgm4883_laptop: Oh, that's the problem. You've added a usr directory to the source; that's not necessary. [00:26] RAOF, I need to pull that and fix the install file don't I? [00:26] Right. [00:26] ok [00:26] I'm not sure that the diversions are a great idea, though. [00:27] and move the youtube dir back to the root dir? [00:27] why not? [00:27] I think I have to do them [00:28] You could modify the mythstream package to not install the youtube parser, but to depend/recommend it. [00:29] heh, yea, working on that too [00:29] but that i'm less familiar with, as the actual mythstream package installs that rather than something like the install file [00:30] That can be corrected in the mythstream packaging. [00:30] how so? I've been looking at it (admittedly I am not the best guy to look at that) [00:30] By deleting the youtube filter stuff after it gets installed :) [00:38] heh, well at least i'm getting different results now when trying to build the package [00:39] RAOF, now i'm getting this tar: youtube/search.pl: Cannot open: File exists when trying to build the package [00:39] and it doesn't build at atll [00:40] This are the last two lines before it crashes dpkg-source: failure: tar -xkf - gave error exit status 2 [00:40] dpkg-buildpackage: failure: dpkg-source -i.bzr -b mythstream-parser-youtube gave error exit status 29 [00:40] I really appreciate you help btw [00:47] bah, that was a typo, nm [01:41] * emgent need DD. === vorian is now known as vorian_ [02:03] Thanks again for the help RAOF, everything seems to be working now [02:04] If any MOTU has some spare time, I'd appreciate another REVU of this package http://revu.ubuntuwire.com/details.py?package=mythstream-parser-youtube I've made the requested changes. === macd_ is now known as macd [02:10] Hm. It seems the recent REVU work has broken some of the database. In particular... http://revu.ubuntuwire.com/details.py?package=gtk2-engines-aurora [02:18] I'm sorry, when making the requested changes I introduced a bug. Please disregard my request for a REVU on http://revu.ubuntuwire.com/details.py?package=mythstream-parser-youtube My apologies === wolfger_ is now known as wolfger [02:39] ok [02:39] http://paste.ubuntu.com/35777/ [02:39] this is the error i'm getting [02:40] the odd thing [02:40] is that using a debian chroot env to build it works fine [02:40] it should be an issue with ubuntu specific autotools/libtool [02:47] nxvl: I've not seen that error before. Which version of libtool is specified in ltmain.sh? [02:49] 1.5.24 [02:50] libtool | 2.2.4-0ubuntu3 | intrepid | source, amd64, i386 [02:50] StevenK: yep [02:50] the most odd thing [02:50] is that on debian works fine [02:50] libtool | 1.5.26-4 | unstable | source, alpha, amd64, arm, armel, hppa, hurd-i386, i386, ia64, m68k, mips, mipsel, powerpc, s390, sparc [02:51] nxvl: Enable experimental in your debian chroot. [02:51] oh [02:51] nxvl: I bet it then blows up [02:51] * nxvl creates experimental chroot [02:51] nxvl: Well, I'd recommend starting from http://people.debian.org/~keybuk/libtool-updating.html or http://people.dooz.org/~lool/debian/relibtoolize if you want to update it. Both of those are a little out of date, but likely helpfull. [02:52] i've been following http://wiki.debian.org/LibtoolUpdate [02:53] nxvl: Updating my documentation redirects, but that doesn't look much fresher. [02:53] Ok, i've fixed that bug I introduced, so if any MOTU has some spare time, I'd appreciate another REVU of this package http://revu.ubuntuwire.com/details.py?package=mythstream-parser-youtube I've made the requested changes. [02:54] mm [02:55] i will check and write some documentation on the issue [02:55] there should be more packages that will have the same issue soon [02:55] nxvl: Thank you. === emma_ is now known as emma [03:58] What directories are considered "standard", and don't need to be included in .dirs files when packaging an application? [04:01] nhandler: Everything. [04:02] What do you mean RAOF ? [04:02] nhandler: In most cases you don't need a *dirs at all. It's only if you need some directories to exist that the build process doesn't create. [04:03] RAOF: So if you have a .install file that is moving some files into a directory, you don't need to include those directories in a .dirs file? [04:03] nhandler: If the build process creates those directories, no. If it doesn't, yes. [04:03] I think you will, unless your build system already creates those directories. [04:04] python, sure. If you like we are in #rapache-devel [04:04] wrong window -.-' [04:06] According to https://wiki.ubuntu.com/PackagingGuide/Basic, it says "dh_install and .install files will automatically take care of creating directories. You only need to use dh_installdirs if your package needs to ship empty nonstandard directories". That is why I was asking. [04:10] nhandler: Why not try? If the package builds and contains the files you expect, then it works :) [04:11] I suspect that it might, because I don't think that any of the packages I've touched has needed a .dirs file. [04:12] Ok, I guess I can do that. Thanks for your help RAOF [06:30] moin people [06:31] :D === superm1 is now known as superm1|away [07:00] Ok, i've fixed that bug I introduced, so if any MOTU has some spare time, I'd appreciate another REVU of this package http://revu.ubuntuwire.com/details.py?package=mythstream-parser-youtube I've made the requested changes. [07:18] good morning [07:32] morgen dholbach [07:32] hi jpds [07:33] dholbach: I did some changes to hugdaylist and get-branches and uploaded to intrepid yesterday. [07:34] jpds: nice! :) [07:34] :) [08:17] sistpoty: I never mind a query, but can't promise being around :) === POX__ is now known as POX_ [09:22] morning everyone [09:23] could some motu-sru member have a look at https://bugs.edge.launchpad.net/ubuntu/hardy/+source/pymsn/+bug/255307 ? [09:23] Launchpad bug 255307 in pymsn "Can't connect to msn accounts" [Medium,Confirmed] [09:23] hi [09:28] hm. how can i see the build log for a debian package? [09:29] directhex: packages.qa.debian.org has lots of useful links [09:39] what kind of half-baked autoconf files use "no" as your compiler if the following happens: "checking for ./../mcs... no" [09:39] directhex: The very special ones :) [09:40] bleh [09:40] okay, let's see it build now === dholbach_ is now known as dholbach [09:47] directhex: That's _awesome_. Who's autoconf is that? [09:48] RAOF, monodoc :) [09:48] !!! [09:48] righty. i post the debdiff from the latest debian package to the new ubuntu package for a merge, yes? [09:48] Ya. [09:49] directhex: As long as the Debian orig.tar.gz represents either a new version or is bit-identical to the Ubuntu orig.tar.gz [09:49] * RAOF watches #nouveau work out how to resume an nv3x card in a macbook [09:49] RAOF: That reminds me: how are the libdrm debates coming along? [09:50] persia: Dunno, really. It seems that GEM is going to to go upstream sometime soon (2.6.28 is a number that springs to mind), but I don't think that TTM has died, either. [09:51] RAOF: So the prospect of nouveau in intrepid+1 still looks dim? [09:51] Intrepid+1? I'd hope that'd fly. [09:52] Unless we lose step, 2.6.28 seems the right target. If that's GEM, and there is an expectation that all the drivers will migrate, I'm hoping nouveau will be amoung the "all". [09:52] On the other hand, until TTM either wins or dies, I'm less sure. [09:53] I think that maybe we'll end up with two managers. [09:53] I thought the kernel folk felt that was a fundamentally stupid way to do it. [09:53] TTM doesn't seem like dying; people working on slightly more sophisticaed hardware than Intel cards seem skeptical that GEM can do everything they need. [09:54] On the other hand, nouveau doesn't actually have to care; it's not blocking on a GPU memory manager. Just a libdrm release new enough. [09:54] IE: 2.4.x [09:54] Oh. I thought it was blocking on both. [09:55] No. [09:55] Cool then! I suppose the interim release (2.3.1?) wasn't sufficient? [09:55] I don't believe so. [09:56] libdrm was blocking on GEM/TTM; even if they do a GEM-only 2.4 release nouveau gains a new-enough drm to build. [09:56] Ah, I understand now. Thanks. [09:57] At least for now; it's a bit of a maintenence problem, since they don't give any API guarantees. That said, their drm API has changed only twice in the last 6 months or so from memory. Possibly only once, actually. === Czessi__ is now known as Czessi [10:45] ScottK: ping, do you have a moment to speak about julius? === RainCT is now known as RainCT_ [11:29] bobbo: you commented 'waiting for -4 so we can sync' for the prayer merge, but I don't see any bug related to this on the BTS. private email ? [11:52] ScottK: I've answered to your comment on REVU. [11:52] can i pray for syncs too? [11:53] * RainCT looks at directhex with a ???? face :P [11:54] LP:256641 [11:54] syntax failure bug #256641 [11:54] Launchpad bug 256641 in ubuntu "[sync request] webkit-sharp from Debian Unstable, version 0.2-1" [Wishlist,Confirmed] https://launchpad.net/bugs/256641 [11:56] directhex: that's already ack'd [11:56] directhex: Even with the bug reference, it doesn't make any sense. At first, I was ignoring what I thought was a reference to the merge of prayer, but now I'm also confused. What do you mean? [11:56] i mean i'm waiting on a sync. nothing more than that. [11:57] directhex: Ah, you just have to wait for an archive admin to look at it; that shouldn't take much. [12:07] hm, maybe it's a good thing i forgot to add u-u-s to a merge bug. sounds like there'll be a new version in debian later today [12:12] moin [12:39] moinmoin [13:00] can anyone please ack bug 254919? [13:00] Launchpad bug 254919 in libdvdnav "Please update to 4.1.2-3" [Undecided,New] https://launchpad.net/bugs/254919 [13:00] * RainCT looks [13:01] RainCT: are you a MOTU? [13:01] slytherin: yep [13:01] oh, I didn't know that. :-) [13:08] slytherin: You might want to look at the requestsync output for the common format for sync bugs. [13:09] ooh, i didn't know about requestsync [13:09] persia: I didn't log that but, I was going to log one when I saw an existing bug. I just subscribed u-u-s and gave reason for sync. [13:10] any motu-sru around? [13:11] slytherin: please correct the bug title & summary before subscribing u-u-s in the future [13:11] slytherin: Ah. I usually edit the description when I do that, as many people who aren't regularly in this channel aren't familiar with the specific format that reduces work for the archive admins (so we can get more syncs). [13:12] RainCT: persia: Ok. Will keep in mind. [13:16] slytherin: Ack'd. I can give-back gst-plugins-bad0.1 if you ping me once the new version has been build [13:16] RainCT:. Ok. Will keep watch. [13:20] RainCT: I'm not so great on library stuff either. I'd suggest ask sistpoty when he's around. [13:22] ScottK: Okay, thanks. [13:25] RainCT: which package? [13:26] persia: http://revu.ubuntuwire.com/details.py?package=julius [13:30] does anyone if it it possible to provide more than one package names in apt:// style link? [13:31] slytherin: yep. iirc just do apt:package1,package2 [13:31] or with ; perhaps, I'm not sure [13:32] slytherin: yes, apt:pidgin,pidgin-plugin-pack [13:32] it'd be nice to specify repos with apturl [13:32] directhex: +1 [13:32] especially useful for PPAs [13:33] apturl supports adding repositories, or at least it was on the specification [13:33] that's one thing suse has right now - "1-click" lin ks which can define a repo as well as a package [13:34] joaopinto, where's it documented? [13:34] I believe that was left unimplemented due to the stupidity of the idea. [13:34] directhex: I think the reason why this isn't enabled (the code is already there, or at least some of it) is that some people feared that it would be too easy to use evil repositories then. That doesn't make sense, IMHO, as if they want to break their system they will do anyway, and if they do it with apturl we have the chances to show a nice, big, warning [13:35] RainCT: it works with ',' but it shows one confirmation dialog per package. === nhandler_ is now known as nhandler [13:35] RainCT, have you heard sorry tales of malicious suse 1-click repos? [13:36] nope, but neither have I heard about SuSe having 1-click repos :P [13:36] And neither have I heard about anybody using SuSE. [13:36] how would it differ from the current gdebi implementation ? [13:36] directhex: and you don't need to convince me (I like the idea), convince wgrant :P [13:36] joaopinto: that you don't have to download the files yourself [13:37] Particularly given that PPAs are unsigned, it is very bad to encourage their use. [13:37] wgrant, so do it on a temporary basis. allow an apturl link to specify a repo which is only used for resolving the requested package list - but is not added permanently [13:37] RainCT, uh ? I mean from a security perspective, you always have to request for the action, regardless if you are installing from APT or from a .deb [13:38] so you get to show all the usual gpg moaning all you want. it just makes adding split packages from outside the main repo much easier [13:38] wgrant: Having apturl support them doesn't mean encourage their use. The point is that if they add them through apturl we have the chance to say "Hey, that's bad. Don't do it."; else they will just see "add ... to your sources.list" [13:38] joaopinto: in my view, it's the same [13:39] directhex: Why would you wish to do that? [13:40] directhex: How does that make it any better? [13:40] So now I both have a chance of getting a bogus repo, and not getting security updates. [13:40] wgrant, it's still better than the current approach spread far & wide over the internet involving "sudo wget" [13:41] Perhaps not. [13:41] copypaste this lengthy string to set up your system. don't worry abuot confirmation screens, our nice clever config lines take care of them for you [13:42] wgrant, such risk exists if you add the repository manually, your concerns is not on how to setup the repositories, but on the repository contents itself [13:43] We don't want a facility for websites to be able to present links like that with the only confirmation being dialogs that users will just click throough. [13:43] if someone clueless wants to add a potentially bad repository to their system, i really fail to see why a popup warning "this repo is unofficial and might screw you up" is worse than people just pasting things like "sudo wget http://somebadsite.com/sources.list.d/hardy.list -O /etc/apt/sources.list.d/badsite.list" into a terminal [13:44] On the other hand, it is nice to present links that let people install packages from the already configured repositories, for documentation, etc. [13:44] directhex: Users dislike click-through dialogs. [13:44] directhex: Users just click through them. [13:44] and <3 terminals! [13:44] Terminals seem to generally do a good job of scaring new users off. [13:45] wgrant, users dislike security concerns in general, so what's the point ? [13:45] wgrant: yes, but put a shiny warning icon there and if they don't see it it's their problem. with the current approach they will just copy-paste stuff without even knowing what it does [13:45] I don't see why we should make it easier for users to click-through potentially fatal warnings. [13:46] wgrant, actually it usualy breaks their system frequently, because users without a security conscience are those which try anything on the terminal [13:46] wgrant, eep, who's suggesting that? [13:49] * slytherin feels responsible for starting flame war on the channel. :-( [13:50] slytherin, not at all, you reminded me of a pet peeve [13:53] wgrant: surely you'd have to type your password though? That's harder to sleepwalk through than clicking on stuff. [13:53] andrew_sayers: You'd be surprised what users will do. [13:53] like run random things as root in terminals? [13:54] Lots of people complain about terminals. [13:54] So people obviously vastly prefer GUIs. [13:54] directhex: i see people run rm -rf /, when suggested. [13:55] why would they not click through warnings? [13:55] which are less scary than opening a terminal? [13:55] Hobbsee, some warning or no warning. pick one. [13:56] Terminals are scary enough to send people back to Windows. [13:56] this is a new security technique, security through scariness [13:56] why doesn't ubuntu alias rm to "rm -i" like on redhat? people can't be trusted, evidently [13:56] If you really wanted to be malicious, wouldn't you just create a shell script that called gksudo? [13:56] joaopinto: There is no other solution to stupid users. [13:57] Then tell people to double-click on the script and click/type through. [13:57] A dialog that forces you to type “I am possibly letting happen” to continue? :-) [13:57] ion_, remember glxgears -iacknowledgethstthistoolisnotabenchmark ? [13:57] wgrant, that is why stupid users have problems into getting into Linux, some people instead of educating prefers to keep stupids away [13:57] "Yes, do as I say!" [13:57] Like what apt does when you’re removing something essential [13:58] 'tis what I was quoting from. [13:58] I hope. [13:58] joaopinto: based on their frustration level at attempting to get anything done, si that such a bad thing? [13:59] clearly, you have to have some form of clue, and actually read things, to succeed. [13:59] the same thing happens in windows, or in anything else complex, that you haven't seen before. [14:00] Hobbsee, no, but I believe that stupidity is not a non treatable disease, is something that your turn into knowledge, it is not not something that you just care about keeping away [14:00] case study: bubblewrap. [14:00] Hobbsee: Indeed. [14:00] yeah....right.... [14:01] wgrant: i take it you've seen enough of the saga to be well aware... [14:01] Hobbsee: I have. [14:01] joaopinto: One can't educate clueless users immediately. You have to scare them from some things first. [14:01] joaopinto, ignorance is curable. stupidity isn't [14:01] Hobbsee, why not adding a warning on the installer "Are you stupid Y/N?" ? [14:01] joaopinto: because i don't write the installer? [14:02] directhex, users are ignorant, not stupid [14:02] It seems like the argument against modifying apturl is that we're protecting the set of users that would click through absolutely anything in a window, but would never touch a console... [14:02] joaopinto, you'd be surprised. there's a definite mix [14:02] joaopinto: i'd prefer to do it as "here's a block of text. here's a multiple choice quiz, to check that you actually can read" [14:02] or something. but that's idealism. [14:02] ... from the set of bad guys that can do anything with a shell script, but can't call a GUI from it. [14:03] how big is that demographic? [14:03] Surely the intersection of those two sets is pretty small? [14:04] Hobbsee, no, because your personal believe does get proper recognition, otherwise the installer developer would implement it, but I am sure it would not be on Ubuntu :) [14:04] * wgrant -> bed [14:04] joaopinto: or because i'm not silly enough to ask for it. [14:05] while it would be nice, it's not feasible. [14:05] Adri2000 or Lutin: The main.php page on DaD is serving up the Universe list ... [14:06] well, you could provide a terminal to them with "Please type at least 3 unix commands", that would scare them during the install phase [14:06] yes, but that would nto be my aim. [14:06] Umm. Lots of discussion on this, which is good. Tone is less ideal. [14:06] * white waves [14:06] here's the thing. [14:06] my aim would be to check fi they're actually capable of taking in information. [14:07] gdebi makes it easy to download and run a .deb [14:07] of unknown safety and origin [14:07] Given the number of bug reports we had from easyubuntu, automatix, etc., I think it's better to say that the desire it to make it difficult to install software not currently in the repositories. [14:07] Hobbsee: so when are you in melb? no more excuses ;) [14:07] How about taking such users out of sudoers and forcing them to do a root log-in to a session that can only do a limited set of jobs? [14:07] however, we're saying a procedure to make installing two debs is ZOMGBADNOOOOOOOOOOOOOOOOO! [14:07] because if they're not, then really, they should go back to windows, where they might have somehow understood it. [14:07] (Install packages, edit a few things) [14:07] white: no idea........ [14:07] ;? [14:07] ;/ [14:07] persia, so why is gdebi there? [14:08] persia, if the policy is terminal-or-repo-only, gdebi violates that [14:08] andrew_sayers: Once you are root, then there is no such thing as a limited set of jobs. [14:08] directhex: I'd prefer it weren't. [14:08] persia, add ultabreaksit to that list [14:08] ScottK: If you're smart, yes. But we're talking here about people that will run "sudo rm -rf /" if a stranger tells them to. [14:08] directhex: It's not policy, it's guidelines to reduce invalid bug reports, and yes, gdebi does violate the guideline. [14:09] andrew_sayers: ultimately, they will still find ways around, to screw stuff up. [14:09] I'm fairly well convinced that being both easy and secure is a system administration design problem that is not yet solved. [14:09] I thought the goal was to make the users aware of the risks of installing software from untrusted sources, not to block them [14:10] andrew_sayers: OTOH, they might learn, after the first time. [14:10] I'm not convinced it's solvable. [14:10] Hobbsee: what about mid-semester break or so? [14:10] white: perhaps. i'll think on it :) [14:10] :) [14:10] ScottK: still having the main/universe issue with DaD ? works just fine here [14:10] * ScottK tries again. [14:10] Hobbsee: then why bother putting such a small roadbump to stupidity as apturl when there are legitimate uses where it's quite handy? [14:11] ScottK: anyways given the number of broken merges for main, you might not want to use it [14:11] Lutin: Fine now. [14:11] Lutin: It's useful for knowing IF there's one I should look into. [14:12] andrew_sayers: because for the people who are ignorant, it's a good wake up call. those are unlikely to screw up their system. [14:12] ScottK: true :) [14:12] Thanks for the warning though. [14:13] andrew_sayers: those that do not take in any information are doomed to fail, whatever is done. [14:13] Ignorant users don't need applications features to turn their system insecure, they are insecure by nature [14:13] (which is a different category) [14:13] Hobbsee: but forcing them to log in to an alien environment that they haven't seen for X months isn't a wake-up call? [14:14] andrew_sayers: What is the use case which this solves? [14:14] Hobbsee, what is your definition for "taking any information?", how does an sources.list setup instructions improve the information quality to a dialog presenting the repository url and a warning about the risks of using it ? [14:15] persia: The use case for apturl: I'm writing an application that I plan to put into a PPA some time soonish. After that, I'd like to go to ubuntuforums.org and tell people "click here to try the app out, then tell me if it's any good". [14:16] andrew_sayers: Of course given the current DNS cache poisoning problems that's a fundamentally insecure approach since PPAs aren't even signed. [14:16] andrew_sayers you're dangerous then! [14:16] What would be a more secure approach? [14:16] the mythbuntu team will be handing out free mirror-and-sign scripts in the foyer during the interval [14:16] It doesn't matter how you install it or get it, there's no guarantee the user is getting the package you served. [14:17] andrew_sayers, you can just ask "please ALT-F2: "wget && sudo " I am sure that will be clear for them :P [14:17] ScottK: nor that the package that was uploaded to the main archive is any good, or was for anything but testing purposes. [14:17] andrew_sayers: Build your own binaries, sign them and serve them. [14:17] ain't security great? [14:17] Hobbsee: [14:17] Hobbsee: Yes. [14:17] and write a six step guide on accessing them [14:17] bonus points for subtle differences from the last 3rd party repo instructions you read [14:18] Hobbsee: I think maybe we need a script like the contentless ping script that drops a warning about unsigned repositories into the channel every time someone says PPA. [14:18] andrew_sayers: I guess. I'm not very comfortable with that being a means to get users, but that may be me. [14:18] medibuntu earns double bonus points for use of "sudo sed" [14:18] Heya gang [14:18] If im looking at a merge and looking at a debdiff and i see +- printf(buf); (new line) ++ printf("%s", buf); (what is the +- and ++ showing as opposed to just + or -)... [14:19] joaopinto: i wasn't making a point about that at all. My point was that we have users who are determined to do silly things, and that click through warnings probably aren't effective. But then, consoles don't appera to scare them either. [14:19] stefanlsd: that there's a diff in the debdiff [14:19] stefanlsd, it usually means changes are being made to a patch in debian/patches/ [14:19] ScottK: well, they do plan to sign them eventually. I personally think that's more dangerous. [14:19] directhex: thanks for the bonus points [14:20] Hobbsee: In a different way. [14:20] ScottK: well, people don't even think about it - all it says is "this comes from launchpad" [14:20] but i don't currently see a way around that. [14:20] Lutin, and you increase the score further by having over 1000 words in the repo howto [14:21] directhex: woot [14:21] i wonder if the solution is to implement complete rollbacks. [14:21] Hobbsee: Yes. I agree that's a problem. Personally I think that PPA and such mark the eventual doom of the official repository. [14:21] ScottK: that, adn other reasons. [14:21] Lutin, disappointing use of a keyring package instead of wget and apt-key though :( [14:21] but i think other reasons will be the predominant factors. [14:23] Random idea - how about wrapping apturl in a questionnaire when it tries to install from random sources? [14:23] "Why did you install this [for fun, to solve a problem, other]? How much do you expect it to crash [1..5]?" [14:24] Then a similar questionnaire on exit. [14:24] lol [14:24] That would give great feedback for the legitimate use case of developing packages, would scare users and be non-ignorable, and would make life harder for bad guys. [14:25] directhex, ScottK - thanks. I see that there is a patch in the debian/patches directory which i guess explains the ++ and +-. Am I right in saying that debuild doesnt apply the patches... [14:25] andrew_sayers, you could implement it by allowing your repo to define a script to run as root when the repo is added! [14:25] andrew_sayers, your script could call a gui-drawing script tool, like lots i forgot the names of! [14:25] directhex: why disappointing ? [14:25] "pop all this bubblewrap, and think about what you're about to do. it could break your system" [14:26] "you can't install this until you finish" [14:26] Lutin, too user friendly [14:26] directhex: ahah. good one [14:26] directhex: I know you're being silly, but you'd have a set of standard scary questions, and a text file defining optional extra useful questions. [14:26] Lutin, ooh, how about making people do apt-key -add standard == for all packages, hardcoded in apturl. [14:26] directhex: and btw, we (as in, the medibuntu team) didn't write that documentation. we're merely updating the URLs [14:27] Lutin, i'm not trying to mock you guys, i'm just using it as an example. it's probabnly one of the most popular third party repos on the interwebs [14:27] Lutin, how many hits do you get on packages.gz a month? [14:28] directhex: I don't even know. lots [14:28] Laney: I've made some changes to pull-lp-source in ubuntu-dev-tools trunk. [14:31] i wonder what discussions the suse people had over ymp. === zookoaway is now known as zooko [14:34] anyone having powerpc machine access right now? I need confirmation on some observation related to java on intrepid. [14:35] hi folks [14:35] hey sistpoty|work [14:35] hi Hobbsee [14:36] slytherin: I'd suggest asking TheMuso. [14:37] <\sh> directhex: they can use "signed rpm packages" so when I trust one dev who signed his/her packages, I can be sure that this package is no malware.... [14:37] ScottK: I dropped a message on #ubuntu-powerpc but no one responded. [14:37] <\sh> directhex: but regarding the repos , they are lost, too [14:38] <\sh> directhex: hint on binary packages [14:40] \sh, i just find it dumb that you can pick four popular third party repos, and find four different instructions for enablement [14:40] Does anybody know if there are any plans make deb package for dbus-c++? [14:40] Could someone from the mentoring team please respond to https://lists.ubuntu.com/archives/motu-council/2008-August/001369.html (in the appropriate forum) [14:41] the irony being that the most "user-friendly" method is opening a terminal & blindly copypasting things into it, entering a sudo password when prompted [14:41] slayton: Is there a needs-packaging bug? If not, you might search for a Debian ITP. If neither exists, the chances are very low that someone is working on it. [14:43] Is it worth sticking a few installation-related ideas up on brainstorm and seeing what the crowd makes of them? [14:43] * soren would also be hesitant to consider the existence of an ITP much of a suggestion that someone is working on said package [14:43] andrew_sayers: It's certainly more likely to generate a useful discussion than an IRC log. [14:44] soren: An ITP is explicitly a statement that someone *is* working on a package. This is how it differs from an RFP. [14:44] persia: I'd dispute "discussion", but "evidence", certainly :) [14:44] persia: I've lost count of the times I've wanted a package of some software, found that it wasn't in Debian, and then went on to find a several year old ITP about it. [14:44] persia: depends on how old the ITP is [14:45] soren: however, they are getting expired semi-automatically these days [14:45] persia: It doesn' imply that someons is working on it. It implies that at some point, someone *intended* to work on it. [14:45] but yeah, I'm sometimes annoyed by this [14:45] soren: The owner of the ITP should be pinged, and if not responsive, it ought be retitiled to an RFP. Anyway, for many of those I've found an ignored package on mentors.debian.net to go with the old ITP. [14:45] <\sh> directhex: well, how could someone solve those issues, without distributing everything....people without a clue should not deal with those things...but this is a dream [14:45] In fact, I'll bet that in more than a few cases, those stale ITP's have caused people to NOT package stuff, because apparantly someone else is working on it (only they're not). [14:46] persia: That's a reasonable point. [14:46] persia: I've, in fact, myself had a package in that state. [14:46] soren: Well, sure, but that's because not enough people triage wnpp, rather than being part of the definition of an ITP. [14:46] persia: this /is/ happening [14:46] azeem: Which is happening? [14:47] retitling to RFP or closing of ITP bugs after a timeout [14:47] soren: I'd hope by now you had the appropriate levers to get out of that state. [14:47] some people just reopen them, though [14:47] persia: If you look at it from the perspective of a new developer who comes along and thinks, "hmm, Debian doesn't have this package, apparantly. I'll be a good boy and package it.. ... Oh, someone is already working on it. I'll play some more WoW instead of working on Debian." [14:47] azeem: Yep. There are many people with persistent intentions. I will very likely someday be the maintainer of uqm. This may not happen until after lenny+1 ships. [14:47] soren, been there done that [14:48] persia: Exactly that happened to me. [14:48] persia: WEll, without the WoW stuff. [14:48] persia: I was more of a Tetris kind of kid. [14:48] soren: You didn't even bother to contact the person working on it? [14:48] persia: Nope. [14:48] persia: Who was I to question their work? [14:48] (or lack thereof) [14:49] soren: Hrm. You've improved with time, but still, communication is good. [14:49] persia: This was many, many moons ago. [14:49] \sh, as andrew_sayers pointed out, i think the number of people who will blindly click through things ignoring the consequences, but who won't open a terminal & paste things in ignoring the consequences, is small [14:49] * persia had issues with Debian back in woody/sarge days that cause Ubuntu to be the primary focus of development, but doesn't understand not communicating if you want something done. [14:49] persia: /me guesses ~10 years. [14:50] universal saying of the day: you just have to get the right blocks into the right slots :) === superm1|away is now known as superm1 [14:50] That's what she said. [14:50] sistpoty|work, not if you have a hammer [14:50] sistpoty|work: Indeed. [14:50] directhex: heh [14:50] soren: You were a Hamm user? [14:51] persia: Bo. [14:51] <\sh> directhex: well, people are more likely to click through a UI wizard, but regarding my experiences with "start term, copy&paste this" it works very well and easy even for non - knowledged people... [14:51] * persia is impressed [14:52] soren: I was just lucky that the only guy packaging stuff in my field (chemistry) soon left Debian after I got interested [14:52] persia: And unfortunately, I never made the step from user to developer and I largely blame stale ITP's. I think I must have gone through the "hmm.. I'll try packaging this.. Oh, someone's already doing it" cycle at least 10 times. [14:53] When i finally found something that noone had packaged, and I did it, I never was able to find a sponsor, but that's a different argument altogether. [14:53] \sh, as soon as you give instructions to people involving a terminal, you've lost the "linux isn't hard & nerdy" argument. the sad thing is, for most people, it's simply incomprehensible voodoo - and either you end up scaring them away from gettring things done, or teach them pasting random lines from the internet is safe [14:54] soren: Ah. I've never been a fan of new packaging. My largest contribution to Debian pre-Ubuntu was trying to get packages that hadn't updated in testing since potato pushed back to sid for sarge (which is now fairly standard practice) [14:54] Which gets back to my point that both secure and easy is a sysadmin problem that is not solved. [14:54] directhex: ^^ [14:55] <\sh> directhex: not if they have to just consume...really...people will eat, sorry to say, shit to get things done... [14:55] \sh, if they're going to fuck up anyway, why not make it easier for the rest of us, then? [14:55] persia: Well, that I didn't do either, because each package had a maintainer, so they were probably already working on it. [14:55] persia: I know, I know, I was a silly little boy. [14:56] * persia refrains from comment [14:56] <\sh> directhex: and they even eat the shell, if they don't have to think about it...and regarding ubuntu and it's sudo rule and its "one user per system", it makes things even easier for them, despite the fact, that people like me will need to deal with the consequences [14:58] <\sh> directhex: because it's not the right way, we need to prevent users from doing something stupid, we need to stop bad PR (technical and business talk)...the easiest thing: pay some dollars to be allowed to distribute mp3 player libs legally...pay some dollars for distributing the other codecs as well...but this we don't see in the near future [15:01] \sh, bad PR with whom? i san see more than one scenario where "just click this to install on suse, or follow this six-step terminal-based guide on ubuntu" won't make ubuntu appear to be the better option for beginners, even if it is theoretically more secure in some capacity [15:02] directhex: Why shouldn't it be in the repositories then, if the software is useful and safe for users to install? [15:04] persia, not everything makes it into -updates or -backports [15:05] persia, and there's questions of scope and relevance. fr'example, it would be nice if a third-party company, e.g. a canonical partner like dell, can post a single link for "install special dell sauce" [15:05] directhex: For -backports, that's a soluable issue. For -updates, it's limited for a reason. [15:05] And they can, as the special dell sauce is in the repositories. [15:05] Nokia have a system for doing this on their internet tablets. [15:06] Might be worth looking at what they do there. [15:07] More generally, the model is that any vendor that wants to ship software for Ubuntu does best to work with Ubuntu (which may or may not be Canonical) to get the software integrated. [15:08] the perception that doing things the "right way" is hard is how things like automatix come into existence [15:09] Right and doing things the right way is the reason it no longer exists. [15:09] yeah [15:09] persia, is that model working with acceptable results ? [15:09] have you met my friend ultamatix? [15:09] ScottK, actually it does, ultamatix [15:09] No. OK. Nevermind then. [15:10] ultamatix here wants to add 101 modificatiosn to your hardy system! and is based on the strong foundation of automatix! http://ultamatix.com/ [15:10] hello! [15:10] directhex: does it add the right blocks into the right slots? *g* [15:11] sistpoty|work, [14:50] sistpoty|work, not if you have a hammer [15:11] heh [15:11] joaopinto: Depends on how you measure things. I think the model is working reasonably well, considering the growth of Ubuntu. I'd like to see more people pushing things in. [15:11] How does one generate a .dsc and .changes file that will allow for the adding of the debian directory to a source tar ball with dpkg-source [15:11] (assuming said things are being maintained) [15:12] slayton: You've that a bit backwards: one unpacks the original source, adds the debian directory and calls dpkg-buildpackage or debuild to generate the .dsc and .changes file. [15:14] Right. Same quality level Automatix was famous for. [15:14] directhex: The experience has been that most of the external add-ons get sufficiently involved in Ubutnu, and gain enough experience with bugs and related issues, that they begin to see the rationale behind the policies, and work to integrate. [15:14] persia, right so thats the way I've usually done things... I was unsure if the .dsc and .changes files generated by dpkg-buildpackage were sufficient or if I had to do something special [15:14] * ScottK just loves the .pyc files shipped in the .deb. [15:14] slayton: Those should be sufficient. Mind you, debian/ should really be in the diff.gz, rather than in the original source. [15:17] ohh.. right so I guess my question is how do I generate that .diff.giz [15:17] ScottK, with quality like that, who can say no? [15:17] slayton, have an orig.tar.gz which differs frmo your app-version folder, when you run debuild [15:19] directhex, persia Thanks! [15:19] Three cheers for Launchpad performance (while we're on the topic of quality). This is the main Ubuntu bugs page: [15:20] ScottK: Bug #1 is a good metric [15:21] LP stops counting at 99 queries? [15:21] No. It'll count higher. [15:21] I've seen bug pages that took over 400 [15:22] They make a database that take 400 queries to render one web page and I'm supposed to feel comfortable with them automating my workflow? [15:22] It always says 'at least' [15:25] i need some help with dpkg-divert and shared libraries. http://www.pastebin.ca/1166171 - is there any way i can "correct" the first symlink? [15:26] the libmyth-0.21-0 package also seems to ship these symlinks and i'm diverting the lib and the symlinks in my preinst [15:29] i guess i could put the diverted library in a different directory. [15:30] laga: may I ask why you need to divert a lib? [15:31] for great justice! [15:31] I've just written up a little shell script that an attacker could get users to run either by doing `wget .../evil.sh | sh`, or by downloading evil.tar.bz2, unpacking and running the program... [15:31] It prompts for the root password using gksu, then does whatever it likes, and leaves no trace... === fta_ is now known as fta [15:32] Can some please review and sponsor for bug 255224? Thanks in advance [15:32] Launchpad bug 255224 in gnusim8085 "New Upstream Release 1.3.4" [Undecided,Confirmed] https://launchpad.net/bugs/255224 [15:32] That's a much more severe security hole than anything else we've discussed today - where do I post the bug report? [15:32] andrew_sayers, the dreaded irish virus? http://www.voidspace.org.uk/gallery/silly/the_irish_virus.jpg [15:33] directhex: :p [15:33] geser: we have a libmyth-0.21-0 package and libmyth-coreavc-0.21-0. the coreavc package contains just one lib which is supposed to replace libmythtv.so. the new lib adds support for coreavc which is a h.264 codec for windows. and we don't want that patch installed by default [15:33] mmm symbols [15:34] sounds sane to use divert here [15:35] yeah, it just doesn't work yet ;) [15:36] Seriously though, have a look at: http://pastebin.ubuntu.com/36544/ [15:37] how is that a security hole? [15:37] laga: talking to me? [15:37] yes [15:37] We've been arguing about whether to make it possible to have 1-click apturl for non-Ubuntu repos. [15:38] The argument against is that bad guys could use it to install bad things. [15:38] So far as I can see, arguing that would be a security hole implies that the script I just posted would be a security hole. [15:39] laga: doesn't the nvidia packages also divert a lib? Perhaps you could spy there how to do it. [15:39] The script more so, because it's the attacker wouldn't be tied to Ubuntu. [15:40] geser: yes, i'll take a look there.. but it could also just be PEBKAC [15:40] So logically, either you have to say that apturl is an acceptable risk, or tell me where to file the report for that script. [15:58] <\sh> andrew_sayers: regarding a single user system, this can be dangerous [15:58] How so? [15:59] <\sh> andrew_sayers: but a user how enters his/her user pw/root pw to execute a script or something else, does know what he/she 's doing [15:59] <\sh> s/how/who/ [15:59] <\sh> andrew_sayers: the same as with windows..just click on something and you have a trojan horse on your system working [15:59] <\sh> it depends on your viewpoint [16:00] Just to be clear, you're saying that the script can be dangerous? [16:02] <\sh> andrew_sayers: well, drinking too much coffee could be dangerous too...but it's not in the first place...so yes, a 1-click deb install could be dangerous... [16:03] andrew_sayers: That script isn't dangerous because it's self contained, althoguh it may overwrite a local ~/evil2.sh (and ought be rejected anyway as it doens't make a useful improvement). If you'd refreshed your definition of evil with wget or curl, it would be more evil, but would break the download-software-from-non-repo rule that we try to follow. [16:03] <\sh> andrew_sayers: but I'm one of the people who likes the "people learn through pain" [16:04] I'm confused... [16:04] \sh, "install package? dodge spinning razor blades to continue..." [16:04] Are you saying that security issues don't count if they're not sanctioned by a package in Ubuntu? [16:05] <\sh> and TBH, i'm waiting for the day, where we have third party repositories with really dangerous packages inside, like hufflepuff-0.1.0-0ubuntu1_amd64.deb , click here to install...the contents: just a postrm with "rm -rf /" [16:05] <\sh> s/postrm/postinst/ [16:05] as opposed to just a link to hufflepuff-0.1.0-0ubuntu1_amd64.deb with the same thing? [16:05] \sh or a package in main that allocates you a password out of a pre-defined set of 32768 passwords :p [16:06] <\sh> andrew_sayers: no..that was not with an intention... that was just a bad way of "the 4 eye principle"...I really mean "I want and will destroy peoples machines" [16:07] andrew_sayers: The difference is intent. Known evil is excluded. Unknown evil may be included, but we try to avoid it. [16:08] <\sh> andrew_sayers: let's say it like this: If someone of us (approved uploaders) is going to upload a package with the intention of destroying peoples systems, you can be sure, that someone will sue us === lamego is now known as joaopinto [16:09] I'm still confused :s [16:09] isn't that how trust works though? would you trust a third party repo signed by someone in debian-keyring ? [16:09] Well, not everyone is somewhere easy to be sued, but if discovered to be intentional and malicious, there is a reasonable chance that the offender would lose upload rights. [16:09] <\sh> andrew_sayers: but people outside this project can do what they want...so if people think package "hufflepuff" from repository "harrypotter" is so awesome that they install it, and in this package they do something nasty...nobody can be sued [16:09] how about signed by someone trusted by someone in debian-keyring? [16:10] \sh: so your argument against 1-click install from apturl is that it makes it easier to sue? [16:10] directhex: why debian-? [16:10] <\sh> andrew_sayers: no it makes it easier to inject malicious software [16:10] \sh: How? What would an attacker gain by making hufflepuff.deb that they don't get from evil.sh? [16:11] RainCT, because debian-keyring contains the keys of everyone. it's big. really big. [16:11] <\sh> andrew_sayers: schadenfreude [16:11] beside that people would get a warning dialog and some of them might be sane enough to not install hufflepuff.deb [16:12] <\sh> oh wow...schadenfreude is also an english word....how nice [16:12] is hufflepuff good software? should I download and install it? does it make my ubuntu experience better? *g* [16:13] sistpoty|work: no, it's a pokemon :P [16:13] \sh, http://www.youtube.com/watch?v=t9B-ZoS0wvU [16:13] heh [16:13] RainCT, crap, i thought i'd completed my pokedex :( [16:13] <\sh> andrew_sayers: you make an announcement: "Hufflepuff is the way to go..install this software, and your computer runs 100x times faster then normal"...believe me, more then 1000 people are installing this package without having a look what's inside..and those 1000 people are left with a broken system... [16:13] sistpoty|work: well, not really :P [16:14] \sh, but that wouldn't happen if they were linked to a .deb instead of to an apturl [16:14] \sh, those same people will do the same thing with "To install this software: ALT-F2: wget && sudo supersoftware" [16:14] <\sh> directhex: well, that would happen with any unproved third party software [16:14] <\sh> doesn't matter if it's coming via a repo or just via gedebi [16:15] directhex: lapsus xD. but there is a purple pokemon called something like that, or? :P [16:15] <\sh> joaopinto: yes..but that's too difficult... a single click and synpatic + search for hufflepuff is easier, because it's colorful [16:15] \sh: click on synaptic? [16:15] hm, importing debian-keyring takes a while [16:16] synaptic installs pokemons? [16:16] LOL [16:16] sistpoty|work, gotta Depends: 'em all [16:16] \sh, copy&paste is rather easy for most users this days, because they can't find some click and information dialogs for some tasks... [16:16] <\sh> to sum up, because I have to go: you can't solve this problem, only distributing the whole software proved by the distributor...and this is not going to happen, because we have too many legal issues with this [16:17] \sh: there are no legal issues -.- [16:17] <\sh> joaopinto: I repeat my statement to directhex some time ago today: People eat shit so they do everything to taste it... [16:17] <\sh> RainCT: distributing some codecs in main would give us some ,-) [16:17] \sh: so it is a legal rather than security issue? [16:18] \sh: I though we were still talking about allowing apturl to get packages from non-official repositories (showing a big warning message, of course)? [16:19] sistpoty|work: can you have a look at http://revu.ubuntuwire.com/details.py?package=julius please (especially the comments)? [16:20] RainCT: sorry cannot give an in depth review from work... [16:20] <\sh> andrew_sayers: e.g. what are people downloading on linux the very first time? w32codecs...it's not 100% legal to distribute those codecs in one package without having a windows license or a license of the software vendor, this is why we can't distribute this package in ubuntu in the first place, and this is the reason why we have repos like mediubuntu with this package in their repo ... so now I present to you a repo/package with this package, same [16:20] <\sh> name, latest version etc. everything looks nice and proper ...I'm no. 1 on google, but instead of the normal contents what you expect, I just put "rm -rf /" in this package ... you install it, voila, so we have two things: [16:21] RainCT: but I guess if the question is whether to ship a -dev package in the first place, I'd be a little bit in favour of dropping it altogether [16:21] <\sh> 1. it's dangerous to use third party repos/packages without any clue...2. if we want to stop this, we need to find a way of getting rid of those legal issues [16:21] sistpoty|work: okay, thanks [16:21] RainCT: maybe put the header/static lib in julius itself? [16:22] sistpoty|work: well.. julius doesn't need them [16:22] RainCT: however it's perfectly okay to just have a -dev package without corresponding shared lib [16:22] RainCT: so of what use are these in the first place? *G* [16:22] <\sh> 3. it wouldn't stop the user to download other third party packages/repos where software is hiding which are not in our repos.. [16:23] sistpoty|work: I don't know xD [16:23] <\sh> 4. therefore, I don't like the simple way of making peoples life easier, but as I#m not the godfather of simplicity, I think people need to learn through pain, and wait for their first windows experience on linux ,-) [16:23] * sistpoty|work peeks at a header file === asac_ is now known as asac [16:24] \sh: I take your point that (2) is an issue that I can't argue as a mere techie - as to the others, they only makes brainstorm seem more like the place to gather evidence. [16:25] hm... nice another library reinventing a boolean type. hello library, c99 defines bool. *g* [16:26] RainCT: to me it looks a little bit like the whole julius speech recognition is realized in libjulius, so that other programs can make use of it as well. [16:26] <\sh> andrew_sayers: well, just use the class enemy no. 1 , I don't know you, but my neighbours and some of my beloved non-computer friends and even my girl are always coming to me and telling me: "[Honey (that's what my girl is calling me)|Stephan|Hr. Hermann] Could you please fix my windows, I just downloaded something and now it tells me all the time, I should buy some blue pills"... [16:27] RainCT: so I guess your solution to ship it as a separate -dev package seems best to me [16:27] <\sh> andrew_sayers: regarding the user base we want to reach, this can happen much faster on ubuntu as we like [16:27] RainCT: and no need for different -dev packages fwiw, since libjulius directly includes stuff from (lib)sent [16:28] sistpoty|work: so it is OK like it's now? :) [16:28] <\sh> andrew_sayers: but in this context, I hope we don't copy Windows ,-) [16:29] RainCT: at least in regards to libjulius-dev ;) [16:29] sistpoty|work: Great. Thanks :) [16:30] np [16:30] \sh: the reason I'm suggesting to go to Brainstorm is that maybe there's only three people in the world that want apturl modified (in which case the security issue is definitely more important), or maybe Ubuntu users are sick and tired of going to the console every other day to install stuff (in which case, we need to find some sort of solution). [16:32] We're talking here about balancing security with ease of use, so it's important to know how much each one weighs :) [16:33] <\sh> andrew_sayers: regarding my job as sysadmin: security, regarding my job as computer geek: security, regarding my life as computer user: easy to use, but secure (knowing the dark side of the force) [16:33] <\sh> andrew_sayers: and yes, that's difficult...that's why we do discuss this topic every now and then [16:35] So to conclude, how would you feel about filing a bug against apturl in a week or two if Brainstorm says yes? [16:36] (So we can continue to discuss once there's evidence) [16:40] <\sh> andrew_sayers: tbh, i don't care about "Brainstorm"...I know it sounds rude, but you know, when 1000 flys are eating crap....I do like a meal with no flys flying around ;) most of the people don't know the real world work fixing peoples computer because of some weired decisions [16:41] <\sh> but those decisions are somehow fixable...e.g. not using this or that software...and on servers I don't have the problem anyways [16:42] <\sh> anyhow.../me needs to rush home... [16:43] Bye. [17:05] If any MOTU has some spare time, I'd appreciate another REVU of this package http://revu.ubuntuwire.com/details.py?package=mythstream-parser-youtube I've made the requested changes. [17:30] oy === skipper is now known as bdrung [17:45] * sistpoty|work heads home... cya [18:05] bobbo: hi [18:06] hey schakrava [18:07] what should i do to get started? [18:08] schakrava: have you ever fixed a packaging bug before? [18:08] nope [18:08] schakrava: cool, we want to get started on something properly simple then [18:09] bobbo: sure [18:09] we keep a list of "bitesize" (easy to fix) bugs for new contributors at https://bugs.edge.launchpad.net/ubuntu/+bugs?field.tag=bitesize [18:10] schakrava: fixing a packages description or manpage is a good place to start [18:11] bobbo: so i pick a bug in "confirmed status"? [18:11] schakrava: yeah "Confirmed" or "Triaged" [18:12] bobbo: ok let me take look. if i have any questions i ask, is that how it works? [18:12] schakrava: yeah if you need any help ping me and i'll try to help :) [18:13] bobbo: sounds good. i will talk to you soon then. thanks for your help [18:13] schakrava: np [18:14] schakrava: just make sure to check noone has go to the bug before you (read the comments) as we dont need to duplicate work :) [18:15] bobbo: ok sure. [18:47] Lutin: ping === fabrice_sp_ is now known as fabrice_sp [19:32] If you are a MOTU and are bored right now have I got a deal for you. To help ease your boredness, I'll let you REVU my package http://revu.ubuntuwire.com/details.py?package=mythstream-parser-youtube I've made the requested changes from the last REVU and am ready for another. This offer valid while supplies last. [19:33] lol [19:34] RainCT: You lol'ed you now you have to review it. [19:34] Nice approach. :) [19:34] thx ;) [19:36] I need somebody to un-sub UUS from bug #178948 [19:36] Launchpad bug 178948 in pyro "No init scripts for Pyro Event Server" [Wishlist,New] https://launchpad.net/bugs/178948 [19:38] LaserJock: done [19:38] RainCT: awesome thank you === azeem_ is now known as azeem [19:41] hello folks. can somplease please review diff.gz for bug 255224 and sponsor if found OK? [19:41] Launchpad bug 255224 in gnusim8085 "New Upstream Release 1.3.4" [Undecided,Confirmed] https://launchpad.net/bugs/255224 [19:41] thanks in advance [19:55] any one willing to give my package a revu? I would greatly appriciate the help: http://revu.ubuntuwire.com/details.py?package=mythbuntu-log-grabber [20:01] how can I delete a photo from gpg key? [20:01] I tried to replace photo with newer one but seahorse seems to have added the new photo [20:02] slytherin: Have you uploaded the key with the photo to a keyserver? [20:02] jpds: not with newer photo. [20:03] anyway, I just deleted it with help of seahorse. [20:03] slytherin: The photo will stay with the key forever on the keyserver. [20:03] jpds: I am uploading now the updated key [20:04] slytherin: you can only revoke it, but it will be there forever [20:04] slytherin: When you download the key, the photo shall still be there. [20:04] keyservers are append-only [20:04] is there no replace? Like I replace my whole key with newer one? [20:05] no [20:05] :-( [20:05] keyservers don't have any authentication method [20:05] slytherin: there is no remove, only add [20:05] slytherin: you could revoke your old photo, add a new one [20:06] slytherin: but it'd still be there [20:06] (a photo is just another UID, afaik) [20:08] is there any documentation that will explain what a fakesync is? [20:08] bobbo: Upload of Debian package into Ubuntu by an Ubuntu developer. [20:09] jpds: just like a normal sync? [20:09] bobbo: Yeah, that's why it's fake. [20:09] bobbo: ubuntu orig.tar.gz with debian diff.gz [20:10] ah ok [20:10] bobbo: usually a source package will get copied from Debian as is, but if the .orig.tar.gz differs, a developer needs to take the Ubuntu .orig.tar.gz and the Debian .diff.gz, build a new source package and upload it [20:10] ha! as I said XD [20:11] sometimes it's needed due to bad versioning [20:11] I'm trying to work out what to do with Jokosher [20:11] dholbach packged it into Ubuntu, but someone else packaged it into Debian [20:11] bobbo: same upstream version? [20:12] geser: yes [20:12] but the .orig.tar.gz have a different md5sum? [20:12] nope, the orig's have the same sum, its the diff.gzs that are different [20:13] bobbo: For jokosher merge I suggest take Debian version and try to apply changes form Ubuntu that are relevant. [20:13] than it's just a simple sync or a merge [20:13] slytherin: ok, yeah makes sense [20:13] I feel that it will be a sync in the end. [20:14] maybe i should get it synced, then apply the changes in a different upload, to stop potential breakages when merging again [20:14] otherwise I will need to change things like debian/copyright and mess up debian/changelog [20:21] huhi norsetto [20:21] hi sebner [20:23] norsetto, hi :) [20:24] hi totopalma [20:27] bobbo: hehe, you are a great commuter when it comes to community communication [20:28] norsetto: hehe :D [20:31] Hi. I'm getting a manpage-not-compressed-with-max-compression error in lintian when using the upstream manpage (in gz format). Should I recompress it? [20:32] fabrice_sp: how are you installing the manpage? [20:33] RainCT: dh_installman in rules, with a manpages file in debian directory [20:33] yuppi, the opengl 3.0 spec is out! [20:34] norsetto: shame everyone is hammering it :( [20:34] bobbo: of course, I would be surprised of anything else [20:35] hehe, true, peopel always find something to fight about when something major is changed [20:35] s/peopel/people [20:36] SUggesting moving to Empathy instead of Pidgin has started an almighty holywar on the forums :/ [20:37] is it any good? [20:37] Description: This is the youtube parser for Mythstream, a plugin for MythTV. [20:37] * RainCT runs away and cries :P [20:38] RainCT: ? [20:39] laga: that's supposed to be a short description [20:39] RainCT: hf :P [20:39] heh [20:41] heya guys, i have an offtopic question!: how much does a junior sysadmin, and a junior developer earns in Europe?? (or someone who is just starting in the IT field) [20:42] RainCT: any clue on the error Lintian is giving me? [20:49] RoAkSoAx, depends on where in europe, experience level, and company [20:50] directhex: yeah but for someone who is just starting?? let's say in countries like Austria, Germany, Spain... ? [20:50] no idea on those [20:51] directhex: in the uk? [20:51] mmm, probably 18k outside london [20:52] my bro has just started working for IBM in germany [20:52] 18k € / year [20:53] £ [20:53] Kopfgeldjaeger: so like 26k USD ? [20:54] 28.8k $US [20:54] $36. [20:54] £18k is ~$36k [20:54] yeah, about 26, 27k [20:55] you should specify that those sums are after taxes [20:55] and for someone who just left university, and maybe doing an internship or something like that? [20:55] fabrice_sp: no, sorry :( [20:55] those sums are before taxes [20:55] uk pay is quoted per anum before income taxes [20:55] all taxes together make about 33% deduction [20:55] directhex: ah, then I don't envy you ... [20:56] RainCT: thanks for looking. I'll ask upstream to deliver non compressed files. [20:56] RoAkSoAx, i started on £18k academic salary when i graduated [20:56] RoAkSoAx: http://www.itjobswatch.co.uk/ [20:57] jobcs.ac.uk ? [20:57] bah [20:57] jobs.ac.uk [20:58] typing is HARD. let's go shopping! [20:58] what about if the company is hiring someone outside the country of where the company is?? no taxes right? [20:58] and work from home [20:59] RoAkSoAx: my brother hasnt left univery yet [20:59] working from home, as a beginner? [20:59] ha [20:59] good luck with that [20:59] directhex: yeah as a beginner working from home.. how much would you think could be a good salary? [21:00] or an average one [21:00] i don't have the faintest idea, you'll only find nebulous web companies who'd even think of offering telecommuting to graduates [21:00] and they'll pay abyting from 10k to 100k depending on how much venture capital they have lying around [21:01] any mediawiki formatting experts here? [21:03] directhex: i see.. it would probably be a sales representative/ sysadmin [21:23] packages libghc6-xmonad-dev and libghc6-xmonad-contrib-dev depend on libghc6-x11-dev (= 1.4.1-1), but libghc6-x11-dev 1.4.2-1 is what gets installed in Intrepid [21:24] haskell fun [21:24] yea, where would I look to proceed from here? [21:25] I guess those xmonad packages need a rebuild [21:28] whats the best way to do that? [21:30] https://wiki.ubuntu.com/PbuilderHowto ? [21:31] webframp: are you asking as a user who wants to use them, or as a developer who wants to fix the archive? [21:32] well i am a user who wants to use them (fix my broken haskell environment) and as a learning process towards fixing the archive [21:34] webframp: If sistpoty comes around, ask him. IIRC he was working on Haskell stuff. [21:35] ScottK: thanks, i'll watch [21:36] webframp: though not likely today :) [21:37] sebner: heh nice, well some other time maybe [21:37] anyone on intrepid care to test the installation of libgail18 ? === Syntux_ is now known as Syntux [21:38] ScottK, webframp: I've just filed a sync request for xmonad [21:38] norsetto: already in the archive? [21:38] sebner: yes [21:39] norsetto: unmet dep [21:39] sebner: which one? [21:39] Good day, I'm packaging English-Arabic dictionary that works with Stardict, Arabeyes.org did the word list in dictd format and someone else converted what they did to Stardict, who's the author in this case? and should I mentioned both in copyright? [21:40] norsetto: libgtk2.0-0: Conflicts: libgail18 but 1.22.1-1ubuntu1 is to be installed [21:40] norsetto: http://paste.ubuntu.com/36626/ [21:41] geser: is there a launchpad page i can watch to track the status ? [21:42] webframp: bug #257085 [21:42] Launchpad bug 257085 in xmonad "Please sync xmonad 0.7-2 (universe) from Debian unstable (main)." [Wishlist,Confirmed] https://launchpad.net/bugs/257085 [21:42] thanks sebner, webframp: this is an interesting one, libgail18 depends on libgtk2.0-0 which conflicts with libgail18 ... [21:42] can someone tell me what DebianMaintainerField specification. [21:43] webframp: and bug #257086 [21:43] is? [21:43] Launchpad bug 257086 in xmonad-contrib "Please sync xmonad-contrib 0.7-2 (universe) from Debian unstable (main)." [Wishlist,Confirmed] https://launchpad.net/bugs/257086 [21:43] norsetto: you're welcome :) [21:43] bobbo: are you there? [21:43] geser: thanks, subscribed [21:44] schakrava: if you have a packaging question, we don't bite :) [21:44] (well, at least most of us :P) [21:45] schakrava: https://wiki.ubuntu.com/DebianMaintainerField [21:45] RainCT: who bites? :) [21:45] schakrava: ah. hadn't seen your question :) [21:45] * norsetto bites geser [21:45] :) trying to do my first packaging task. 235063 [21:45] * DktrKranz is hungry, he would bite everything [21:45] * geser bites back :P [21:46] schakrava: you can use command update-maintainer to change the Maintainer according to the DebianMaintainerField spec [21:46] scottk: thanks. reading it [21:46] geser: see? :) [21:46] rainct: thanks [21:46] norsetto, do you want some photos of saturday's party? :) [21:46] yw [21:46] DktrKranz: the rave one? ;-) [21:46] yeah [21:47] * norsetto pumps up the bass [21:47] DktrKranz: \o/ [21:47] sebner, you there too^ [21:48] ? [21:48] there... here ;) [21:48] DktrKranz: sure but just some minutes before I leave though [21:49] Hi. I have to add a menu file to the package I'm creating (for people noyt using desktop manager). Could someone point me to a sample? [21:53] jcastro: the video streaming is awesome, we should do that on UDS [21:56] hi all. [21:57] re [21:57] now from the interpid [21:57] hi k0p ;) [21:57] There are a little problem about krusader: [21:57] The following packages have unmet dependencies: [21:57] krusader: Depends: libkonq4 (>= 4:3.5.8-1) but it is not installable [21:58] I hope that this is the right place to report this [21:59] ScottK: what do you mean about the binary? [21:59] ScottK: it's not a lib but a CLI application [21:59] (re julius) [22:00] RainCT: OK, then sispoty [22:00] sispoty's reference to libjulius confused me then [22:01] RainCT: libjulius-dev without a libjulius seems odd to me, but don't mind me. [22:01] ScottK: dunno, sistpoty said that that's allowed [22:02] And I believe him, it just seems odd. [22:03] gn8 folks [22:03] sebner: gute nacht [22:03] RainCT: =) [22:06] RainCT: stille nacht [22:06] hello people [22:07] emgent: O/ [22:07] A voi! [22:08] hey emgent [22:09] norsetto: I corrected some of your comments on mountmanager (http://revu.ubuntuwire.com/details.py?package=mountmanager). Should I upload a new package or wait until everything got corrected? [22:10] hello RainCT :) [22:10] fabrice_sp_: lets wait, there is no rush [22:10] ok. Thanks === zooko is now known as zookoafk [22:17] fabrice_sp_: if qt4-dev-tools is explicitily required than we should explicitly add it as a (Build-)Depends; its better than to expect it to be dragged in by some other dependancy (which may always change) === Czessi_ is now known as Czessi [22:19] fabrice_sp_: re 2.1, we should get the "preferred form of modification" with the tarball then, otherwise we cannot distribute it === vorian_ is now known as vorian [22:20] fabrice_sp_: 7.1 to 7.3, yes, unless they are required for the program to run (in which case I would be tempted to say that the program should be patched) [22:21] fabrice_sp_: 8.1: the problem is about the comment, not the name [22:25] norsetto: for qt4-dev-tools: you're right. The first comment from apachelogger let thought that qt4-dev was depending on qt4-dev. [22:25] I'll correct that [22:26] norsetto: and about 8.1. The link you put is only for name (except if I'm getting blind :-) ) [22:26] fabrice_sp_: Menu Item Tooltips [22:27] fabrice_sp_: thats what the comment is used for [22:27] norsetto: ahhh. I didn't knew that. Thanks [22:34] norsetto: the only explicitly required qt4 package is libqt4-dev (i checked in configure file). qt4-dev-tools is not explicitly required (except in readme). So I will let dependencies the way they are now. [22:34] fabrice_sp_: for the menu, check /usr/share/doc/menu/menu.txt.gz in the menu package; you will find plenty of examples in the repo (almost all debian packages have it) [22:34] fabrice_sp_: yes, thats why I wanted you to check with upstream [22:35] fabrice_sp_: this upstream seems to mix build-dependancies and dependancies too, but I find it strange that libqt4-dev-tools would be a dependancy [22:38] norsetto: this upstream is a bit lost with packaging :-) Anyway, I think he puts qt4-dev-tools as dependencies, because he needed them to develop, but for packaging and compiling, it's not needed [22:38] norsetto: hello [22:39] how are you ? [22:39] huats: huats? huats?? Do I know a huats??? [22:39] ;) [22:40] norsetto: is this comment more compliant? Manage the mounting of storage devices,flash cards, removable disks in Linux [22:40] * norsetto wears his "last of the mohicans" wig and says "are you talking to me?" [22:41] fabrice_sp_: hmmmm, I would make it shorter ;-) [22:41] norsetto: like this? Manage the mounting of storage devices (it will be difficult to make it shorter :-) ) [22:42] fabrice_sp_: Manage storage devices mounting :-) [22:42] norsetto: ok. You win :-) [22:43] fabrice_sp_: Mount your storage devices [22:43] fabrice_sp_: you'll notice that norsetto ALWAYS wins [22:43] :) [22:43] fabrice_sp_: Mount :-) [22:43] norsetto-huats: 1-0, so there! [22:44] oh [22:44] except against me :) [22:44] but it is the exception :) [22:44] * norsetto crashesh with a SIGHUATS [22:44] :) [22:45] huats: how did the bug jam go? [22:45] norsetto: it went really well [22:45] (surprising well in fact) [22:45] I could even answer all questions :) [22:46] huats: you mean you were actually able to close a bug? [22:46] http://www.reponses.net/blog/ [22:46] norsetto: no, but it was not the aim [22:46] I've been explaining the bugs handling [22:46] ... [22:47] so closing was not the point the other day [22:48] huats: I see, so we will be soon flooded by hordes of new eager bug triagers [22:48] :) [22:48] well it is a good start... [22:48] huats: the venue seems nice, what is it, a bar!? [22:48] it is [22:49] champagne pour tout le monde! [22:49] in fact a bar at 30 meters max from my appartement === Syntux is now known as Arabot === macd_ is now known as macd [22:50] jono: do you think the baconizer plugin would be a good addition to universe? [22:50] rainCT: hehe [22:51] sure :) [22:51] mister bacon hey [22:51] :) [22:51] how are you jono ? [22:52] hey huats [22:52] good thanks [22:52] hectic! [22:52] :) [22:53] good morning [22:54] * RainCT *headdesks* [22:57] morning ajmitch [22:59] RainCT: I'm not that bad, surely [22:59] ajmitch: hah. hey ajmitch :) [23:00] don't worry, it's not because of you :P [23:00] It's because of me. [23:00] jono: lol. no, it's because of what I've just told you ;) [23:00] err, jpds === Arabot is now known as Syntux [23:04] * norsetto goes to bed [23:04] gn8 norsetto [23:05] night norsetto [23:05] night all === Syntux is now known as arabot === arabot is now known as ubuntu-arabic [23:07] * bobbo is bored, someone give him something to do === ubuntu-arabic is now known as Arabot === Arabot is now known as Ubuntu-arabic === Ubuntu-arabic is now known as Arabot [23:09] bobbo: https://code.edge.launchpad.net/~ubuntu-dev/ubuntu-dev-tools/trunk - get hacking. [23:09] jpds: Good work! [23:10] Laney: Thanks. [23:11] jpds: your Depends are wrong [23:11] bobbo: Their RainCT's depends. [23:11] jpds: /ubuntu/ppaput needs python-apt and debian/control doesnt mention it === Arabot is now known as Syntux [23:12] bobbo: ppaput is not installed, it's just... there because. [23:12] jpds: fair enough then :P [23:18] bobbo: having hard time finding a bitesize packaging bug [23:19] schakrava: they all taken? [23:19] bobbo: all of them have debdiff attached [23:19] schakrava: :( That sucks [23:19] bobbo: yes :( so what happens after someone uploads the debdiff? [23:20] schakrava: the sponsors team (proper MOTUs) look at the debdiff and if it is good they upload it into the archives for you and if not, they tell you what to fix [23:21] bobbo: i c. do you have a task for me by chance? [23:22] schakrava: im having a look around [23:22] bobbo: i did the packaging (except the upload) anyway on 1 bug for practice [23:22] schakrava: ah cool, did you generate a debdiff? [23:23] yes [23:24] bobbo: practiced on the 2vcard bug, cant remember the number [23:24] schakrava: could you pastebin the debdiff (http://pastebin.ubuntu.com) so I could have a look at it? [23:26] bobbo: give me a few. i think i have deleted the tree [23:26] schakrava: ah ok :D [23:28] Man, gnome-main-menu could do with some Debian love. [23:32] good night [23:32] Good morning. [23:32] * RAOF invites everyone to witness the changing of the guard. [23:33] -ChanServ(ChanServ@services.)- #ubuntu-motu has the SECURE option enabled, and RAOF does not have appropriate access. [23:34] Looks like chanserv does not like the new guard. [23:34] Does ChanServ pick up on /me invites ? [23:35] Don't think so. === _neversfelde is now known as neversfelde [23:44] bobbo: debuild -S is exiting with errors. not sure where the problem is [23:44] schakrava: pastebin the error? [23:45] bobbo: yes. 1 sec [23:47] bobbo: pastebin'd the error [23:48] schakrava: link? [23:51] bobbo: http://pastebin.ubuntu.com/36686/ [23:51] bobbo: sorry for the delay, firefox froze on me [23:52] schakrava: no problem :) [23:52] schakrava: thats a problem with your GPG key [23:52] is the email in the changelog and the email registered with your GPG key the same? [23:52] * Kopfgeldjaeger just realized that he did everything grab-merge.sh can do manually and even wrote a little script for some parts === RAOF_ is now known as RAOF [23:52] Kopfgeldjaeger: Is it less descructive than the real one? [23:53] yes its the same email [23:53] Kopfgeldjaeger: If not, see bug #155098. [23:53] Launchpad bug 155098 in ubuntu-dev-tools "add grab-merge.sh" [Wishlist,New] https://launchpad.net/bugs/155098 [23:54] schakrava: hmm try passing the -k option to debuild [23:55] bobbo: just reran the gpg --gen-key as well [23:55] schakrava: ok [23:56] * jpds => bed. Night all. [23:57] jpds: well, it does much less than grab-merge.sh