/srv/irclogs.ubuntu.com/2009/07/13/#launchpad.txt

RenatoSilva	any suggestion about the merge question? Should I create anotehr branch or just update the one merged and propose it again?	00:01
lifeless	RenatoSilva: going back to the 'why keypair' question	00:02
wgrant	Aha, somebody who knows!	00:02
lifeless	https gives a halfduplex connection	00:02
lifeless	ssh gives a full duplex connection which can be more powerufl	00:02
lifeless	also	00:02
lifeless	historically we started with just sftp	00:02
lifeless	and no write-over-http support at all	00:03
wgrant	LP has no write-over-http even now.	00:03
Laibsch	Hi, not sure this is the best channel, but packages.ubuntu.com is down	00:03
lifeless	wgrant: it doesn't, but the bzr client does now	00:03
wgrant	Laibsch: Try #canonical-sysadmin	00:03
wgrant	lifeless: Right.	00:03
lifeless	now, we could have done password auth over sftp	00:03
lifeless	but that meant letting one server in the dc get the password out of the db; prior to the time we were designing no servers ever get the password once its set	00:04
RenatoSilva	lifeless: you mean ssh is more performatic than https, right?	00:04
lifeless	RenatoSilva: very much so	00:04
lifeless	this isn't set in stone; I'm sure that it can be revisited. OTOH hand it works pretty well at the moment and is a well known protocol amongst open source developers.	00:05
RenatoSilva	lifeless: so that was my doubt, it's not because of key-pair-is-more-secure-than-website's-password, just because of performance, right?	00:06
lifeless	key-pair isn't intrinsically more secure; key-pair is rather like OAuth in fact	00:06
lifeless	in that you setup credentials that are attached to your account for programs to use	00:07
lifeless	there is one way in which key-pair is more secure, which is that it can't be brute forced as easily as password systems	00:08
wgrant	lifeless: It's a lot harder to brute-force a private key.	00:08
wgrant	Right.	00:08
RenatoSilva	key-pair is not more secure _in launchpad_ right? because they's protected by a single lp password. By more secure I mean it's almost impossible to guess your private key	00:08
wgrant	And I can easily revoke a single keypair without disrupting all of my things that log into Launchpad.	00:08
lifeless	but given we use passphrase authentication on the website, its hard to argue that other parts of the system should be held to a higher standard	00:08
wgrant	RenatoSilva: Well, bruteforcing your Launchpad password over HTTPS is probably impractical too, if only because the web UI is so damn slow to respond.	00:09
lifeless	wgrant: Thats more to do with the separate set of credentials aspect	00:09
ajmitch	at least GPG keys require validation from launchpad for you to attach them to your account	00:09
wgrant	lifeless: That's what I meant.	00:09
lifeless	RenatoSilva: it is more secure in launchpad	00:09
wgrant	ajmitch: Only to an address on the key, not one of your existing addresses, IIRC>	00:09
ajmitch	wgrant: ah well	00:09
lifeless	RenatoSilva: unless you mean 'if the password is compromised the list of keys can be altered'	00:10
RenatoSilva	wgrant: maybe you don't need a brute-force attack to find out website's password	00:10
RenatoSilva	wgrant: it's essentially fragile compared to the private pey	00:10
RenatoSilva	key	00:10
wgrant	RenatoSilva: Right.	00:10
wgrant	I'm not quite sure how LP has got away with this, given the immense power that some Launchpad accounts wield.	00:11
RenatoSilva	lifeless: unless you mean 'if the password is compromised the list of keys can be altered' ---> yes that's what I mean	00:12
lifeless	so, yes thats a vulnerability	00:12
lifeless	its the key exchange vulnerability in fact	00:12
wgrant	The most sane fix I can think of is to require all Launchpad authentication token changes (passwords, OpenPGP, SSH) to require OpenPGP-signed confirmation.	00:14
RenatoSilva	lifeless: people may think, "oh I'm using ssh key pair authentication, really nice, no one will guess my private key". However it's a false sense of security, because that super-powerfull private key is protected by a simple common password.	00:14
lifeless	RenatoSilva: uhm	00:14
lifeless	RenatoSilva: lp doesn't hold the private key	00:15
lifeless	RenatoSilva: if the lp password is guessed, the private key is still secure	00:15
RenatoSilva	lifeless: I know	00:15
wgrant	lifeless: They don't have to. They can replace it.	00:15
lifeless	wgrant: yes, I know, see above.	00:15
RenatoSilva	lifeless: I mean the authentication	00:15
lifeless	RenatoSilva: I think its important that all credentials are protected appropriately	00:16
lifeless	same goes for OAuth etc	00:16
RenatoSilva	lifeless: people may think "impersonating me in Launchpad is as hard as guessing my private key", but it's not. It's as easy as guessing website password.	00:16
lifeless	RenatoSilva: thats true, they may think that. Do you have evidence that they do?	00:17
lifeless	RenatoSilva: I doubt that they do, because they still use a password to login to the website	00:18
RenatoSilva	lifeless: I thought that that's why an ssh key pair is required, because is more secure than single passwords. Then I thought a bit more and came here to ask you :)	00:21
RenatoSilva	lifeless: I wonder what launchpad's wiki stands about it tough	00:21
RenatoSilva	wgrant: I don't think it would be a full solution, but Launchpad could send a confirmation email when altering the keys...	00:23
srid	launchpad is not loading at all on Opera. is this a known issue?	00:23
wgrant	RenatoSilva: An unauthenticated confirmation email is almost useless.	00:24
RenatoSilva	wgrant: so that someone would need to get not only lp password but the one from your email	00:24
RenatoSilva	wgrant: An unauthenticated confirmation email is almost useless. --> ?	00:25
wgrant	RenatoSilva: Not cryptographically authenticated, that is.	00:25
RenatoSilva	wgrant: you mean to ensure that it was lp who sent the confirmation email?	00:26
wgrant	RenatoSilva: No - to ensure it was the user who received it.	00:26
RenatoSilva	wgrant: sorry I don't get what you mean	00:27
wgrant	RenatoSilva: The confirmation email needs to be sent encrypted, or it's easily interceptible in transit.	00:27
RenatoSilva	wgrant: you mean to avoid someone else reading the email?	00:27
wgrant	Yes	00:27
RenatoSilva	k	00:27
RenatoSilva	ok	00:28
lifeless	wgrant: I don't think it would matter if someone saw 'your keys have been changed'	00:29
lifeless	wgrant: an attacker that can prevent mail delivery would just block all encrypted mail from lp	00:29
wgrant	lifeless: Of course - that's why the email has a confirmation link.	00:29
lifeless	RenatoSilva: I think lp could increase its documentation about this on the person edit page perhaps	00:30
lifeless	wgrant: once someone has your password and your email, they are you, unless we build the whole system out of gpg	00:30
lifeless	wgrant: which would make it extremely hard to use	00:31
wgrant	lifeless: Which was exactly why I suggested we build the whole system out of GPG...	00:31
wgrant	lifeless: Well, the current situation is completely unacceptable.	00:31
lifeless	wgrant: it is?	00:31
wgrant	lifeless: Given the privileges that several community accounts have acquired over the past 18 months, yes.	00:32
wgrant	And some other issues.	00:32
lifeless	I'm sorry, I'm completely failing to track the logic chain from 'allows password authentication' to 'it is unacceptable that people in the community can have lots of access'	00:32
RenatoSilva	well, even your OpenPGP keys are protected by a single password right?	00:33
lifeless	Note that most (all?) of the largest web services around use password authentication	00:33
wgrant	lifeless: No other well-known web service allows one to push out software to millions of machines within hours, with the click of a button.	00:34
wgrant	(well, it requires a key too, but that's easy now)	00:34
lifeless	wgrant: oauth key?	00:35
wgrant	lifeless: OpenPGP key, to upload the package.	00:35
RenatoSilva	lifeless: I think the point is: your password is the only thing protecting your lauchpad account. The SSH keys are just for convenience, for use in bzr+ssh because it is faster than https	00:35
wgrant	But that requirement will go away soon.	00:35
lifeless	RenatoSilva: wgrant is talking about a whole other things now	00:36
wgrant	lifeless: It's very much related - all of these credentials are protected solely by a password.	00:36
wgrant	But yes, it has drifted.	00:36
lifeless	wgrant: to be precise, the selection of credentials are protected by a password.	00:36
lifeless	wgrant: I suggest precision, because pgp keys and ssh keys are not at risk.	00:37
wgrant	lifeless: Right.	00:37
lifeless	and if folk get confused and start to think they are, the conversation will be muddy	00:37
lifeless	so lets examine the basis of soyuz and gpg stuff	00:37
lifeless	we don't require a web of trust; rather we require one working email account	00:38
lifeless	and a gpg key for that account	00:38
lifeless	ever since soyuz was created this has been the case; and adding a mail account with gpg key has been easily doable if you compromise the password	00:40
wgrant	Right.	00:40
wgrant	But there were previously barriers which meant that just getting access to a Launchpad account or OpenPGP key were not fatal.	00:41
lifeless	wgrant: there were?	00:41
lifeless	wgrant: are you referring to needing shell access to a dc machine to do archive admin?	00:41
wgrant	lifeless: There were. Only the development series can be uploaded to directly. That mitigates a lot of the damage, although it's still pretty awful.	00:41
wgrant	Any other series has to go through the queue, which was previously administrable only with shell access.	00:42
lifeless	so now lets compare the access levels	00:45
lifeless	ssh keys are protected by a passphrase, but you need physical access to attempt attack	00:45
lifeless	e.g. UDS	00:45
lifeless	ditto gpg keys	00:45
srid	hmm, launchpad form POST is screwed up. some fields are not saved at all. (or, is it my browser fooling?)	00:46
lifeless	OTOH lp passphrases are on the web, but arguably we can do a better job of detecting attacks	00:46
lifeless	srid: what page?	00:46
wgrant	lifeless: LP accounts are also accessible with one of several cookies.	00:46
srid	lifeless: bug page. I changed importance from 'Undecided' to 'Low' (along with other changes), but the importance field was not changed at all. (browser -- safari on macosx)	00:46
lifeless	(an offline dictionary attack on your gpg keys are not accessible)	00:46
lifeless	wgrant: currently, the cookies are end to end encrypted	00:47
lifeless	wgrant: but I'm guessing you're arguing that physical access may permit copying a cookie	00:47
lifeless	srid: try refereshing it?	00:47
wgrant	lifeless: Physical access makes that easy, yes. But there are others ways.	00:48
wgrant	Practical ways.	00:48
srid	hmm. didn't. will try next time.	00:48
srid	but this is not supposed to be cached. damn.	00:48
srid	besides, why would one field have old values .. while others not. strange indeed.	00:48
lifeless	wgrant: I may be missing something, but https <-> https means you need either a xss attack (and we're very vigilant about those), or physical access to the source or target	00:48
wgrant	srid: Some browsers do strange things with caching form values.	00:48
lifeless	srid: we use AJAX	00:49
lifeless	srid: for an increasing number of things	00:49
wgrant	lifeless: There are other ways. People do not protect their cookies well.	00:50
wgrant	It is entirely the user's fault, but it still happens.	00:50
Daviey	lifeless: MITM is still viable with https <-> https.	00:51
RenatoSilva	I just don't see many sense of the ssh keys, it would be better if you could just type your password in bzr+ssh	00:51
RenatoSilva	*sense on	00:52
RenatoSilva	*much	00:52
lifeless	RenatoSilva: ssh is much more convenient	00:52
lifeless	RenatoSilva: it allows cron jobs and other things without putting my password in plain text	00:52
wgrant	It means I can keep my Launchpad password off all those remote machines entirely.	00:53
RenatoSilva	lifeless: I mean the authentication, ok use ssh for transport, but use your lp password to authenticate instead of a key pair. I don't know if the ssh protocol allows you to do this tough.	00:53
lifeless	RenatoSilva: I know wha you meant	00:54
RenatoSilva	lifeless: isn't your private key kept plain-text in memory anyway?	00:54
lifeless	RenatoSilva: no, its not.	00:54
lifeless	depending on your config	00:54
lifeless	at worst its protected and locked to prevent paging to swapfile	00:55
lifeless	you can also have multiple keys, one per machine	00:55
RenatoSilva	the same could be done with lp password	00:55
lifeless	it could	00:55
wgrant	It's also only there for a tiny period, and an SSH key is a lot less powerful than your Launchpad password.	00:55
lifeless	however passwords are bruteforcale	00:56
lifeless	and theres no need for that when the password prompt can be done locally on the users machine using keys	00:56
micahg	lifeless: that depends on what safeguards are built in to whatever you're logging in to	00:56
lifeless	micahg: whether it can be successfully bf'd - yes.	00:57
lifeless	whether you allow the possibility - no	00:57
lifeless	and whether we need to deal with people trying - no	00:57
lifeless	and whether the owner of the credentials is inconvenienced when someone is trying - no	00:57
micahg	lifeless: the possibility depends on the safeguards	00:57
lifeless	maybe I can put it this way:	00:58
lifeless	keys: very small surface area. passwords: large surface area	00:58
RenatoSilva	lifeless: bzr could act as a browser, you log in to lp site, then every time bzr sends a request, lp site checks if the mentioned user is authenticated	00:58
lifeless	can you put a lot of effort in and get maybe the same thing with passwords? yes. But why would you give yourself that headache.	00:59
lifeless	RenatoSilva: thats roughly what oauth is	00:59
lifeless	RenatoSilva: however, what compelling advantage does that have over ssh?	00:59
RenatoSilva	oauth?	00:59
lifeless	RenatoSilva: oauth	00:59
RenatoSilva	lifeless: the advantage of not using a non-sense key pair	01:00
RenatoSilva	lifeless: non sense in the sense of security	01:00
lifeless	wgrant: I'd be delighted to talk about your concerns more, but this forum is going sideways too often	01:00
lifeless	wgrant: perhaps drop me a mail	01:00
wgrant	lifeless: It is. OK.	01:00
RenatoSilva	google oauth	01:00
lifeless	RenatoSilva: we discussed the security aspects earlier; you're recapping the prior conversation or something. ssh keys are demonstrably more secure than passphrases.	01:01
lifeless	their lower bound is approximately the same as the upper bound you can reach with passphrases	01:01
lifeless	and yes, the vulnerability of passphrases does allow the key list to be changed	01:01
lifeless	that isn't a reason to use a weaker auth for another component	01:01
RenatoSilva	.	01:03
RenatoSilva	compromise website pwd is a disaster anyway, so let's stand this will never happen. Now add to this scenario the ssh key. If you somehow get the private key, you can push code to lp as if you were the owner of the key. Now imagine there's no ssh key, you need to type lp password (like bzr is a browser using https only for auth). As previously standed, the password is never compromised. Therefore it is more secure :)	01:09
wgrant	RenatoSilva: But the password is compromisable, and LP authentication will hopefully be stronger than just password auth eventually. There's no point reducing SSH security to the current awful state of web auth.	01:11
micahg	which is the appropriate project for filing a request regarding blueprints	01:14
wgrant	micahg: blueprint	01:14
micahg	:)	01:15
RenatoSilva	wgrant: compromise website pwd is a disaster _anyway_, so _let's stand_ this will never happen	01:15
lifeless	RenatoSilva: do you mean 'the website password database being exposed'?	01:15
spm	RenatoSilva: err what? that's not how you do risk analysis.	01:16
wgrant	RenatoSilva: But the website password can and will be compromised. It won't be so much of a disaster when there is additional protection in front of auth settings.	01:16
lifeless	RenatoSilva: or 'a single account being compromised'?	01:16
RenatoSilva	ssh keys act as a "second" password with less privileges, but protected by the first password. Two passwords are two ways of impersonating you in some level. And that "second" credential _is protected by the first one_, which means that compromising the first password is the same as compromising the second. So losting the master password is a disaster _anyway_, with or without shh keys. The difference is that with ssh keys you open a second door to y	01:17
lifeless	RenatoSilva: if what you really mean is 'I don't like having to fiddle with ssh keys', then I suggest you file a bug asking to make that easier to work with.	01:17
RenatoSilva	lifeless: I don't want anything. I'm just talking at a bazaar.	01:20
lifeless	you seem to be arguing a particular case though. LP wants to support multiple credentials for people, because that meets some very important use cases, such as running programs without disclosing the users primary credentials.	01:21
lifeless	The use case you are arguing for, of using passwords for things other than access to the website is not desirable in launchpad, because its less secure.	01:21
lifeless	It's less secure because it leads to the users credentials being stored in plaintext across multiple machines	01:22
RenatoSilva	plaintext even if bzr acts as browser?	01:23
micahg	lifeless: are you assuming passwords are stored in plain text?	01:23
RenatoSilva	that is bzr connects through https with lp, then sends the typed password and starts a session with the website	01:24
wgrant	RenatoSilva: As lifeless said, that's basically what OAuth does.	01:24
lifeless	micahg: that is the proposition being argued	01:24
lifeless	RenatoSilva: that doesn't work from cron	01:24
RenatoSilva	then when you run bzr <command> it first checks if you're authenticated in the website, if so then it performs the actual operation through bzr+ssh	01:24
lifeless	RenatoSilva: unless the password is stored	01:25
micahg	hmm, maybe I shouldn't jump in in the middle, but that seems disasterous	01:25
lifeless	micahg: I agree completely.	01:25
micahg	I don't store passwords in cleartext anywhere if I can avoid it	01:25
lifeless	exactly.	01:25
micahg	I think I'll stay out of this though	01:25
lifeless	this is what alternate credentials are for	01:25
lifeless	oauth is a key based system	01:25
lifeless	as is ssh	01:25
lifeless	and gpg	01:25
lifeless	the specifics are different in each case	01:26
micahg	sorry, I'll back out of this discussion	01:26
RenatoSilva	lifeless: ok cron is a problem is this case	01:26
micahg	too much to do	01:26
RenatoSilva	lifeless: if you're not using cron and other automated stuff, then IMHO I'd preffer typing my password (only one door)	01:29
RenatoSilva	lifeless: I'm just saying my opinion, I'm not telling that lp should do this or that	01:29
lifeless	RenatoSilva: you can have the same password on your ssh keys as you do for lp, or no password at all if you trust that noone else has physical access to your machine	01:32
lifeless	RenatoSilva: I think it would be ok to allow the use of passphrases for bzr+ssh://bazaar.l.n/	01:33
lifeless	in fact, I filed a but about that some time back	01:33
kub1	is keyserver.ubuntu.com down??? Will you please check right now? Thx. I haven´t been able to access it ever - meaning for the past 18 hours. I´d greatly appreciate data if it is working, so i´d know if the problem is with it, or at my end. Thanks, & awaiting your confirmation...	01:35
wgrant	lifeless: ubuntu-dev-tools developers were recently forbidden from allowing users to enter their Launchpad passwords into anything other than their web browser.	01:35
wgrant	kub1: It's not.	01:35
RenatoSilva	lifeless: I don't know how secure is a password/phrase encryption algorithm. I mean, wouldn't it be easy (or not that hard) if you get local access to the private key file, to decrypt it using brute force attack?	01:35
wgrant	kub1: As I suggested earlier, you're very probably behind a restrictive firewall.	01:36
wgrant	kub1: I believe TCP port 11371 is the one in question.	01:36
RenatoSilva	s/phrase/phase-based	01:36
RenatoSilva	phrase	01:37
wgrant	RenatoSilva: It's of course possible to brute-force the passphrase on a key if you have the key.	01:37
lifeless	wgrant: ah yes; its a social defense.	01:37
lifeless	wgrant: so that we can tell people 'never put your password in except on the website'	01:37
wgrant	lifeless: Yep.	01:37
wgrant	Not unreasonable.	01:38
lifeless	RenatoSilva: the way passphrases work is that they are transformed into a symmetric key and used to decrypt the stored ssh keys	01:38
lifeless	RenatoSilva: they are reasonably secure as long as they aren't machine guessable	01:39
RenatoSilva	wgrant: possible but easy, hard? if is possible and very easy, then why put a passphrase on the private key? I imagine it is not that easy, I just don't know _how much_ secure. I couldn't find docs in the web about it	01:39
RenatoSilva	lifeless: I need to read more to learn how this kind of encryption works and how much secure it is exactly...	01:41
wgrant	RenatoSilva: It's just boring old brute force. Difficulty revolves entirely around the complexity of your passphrase.	01:42
lifeless	and local physical access :P	01:43
wgrant	That too.	01:43
spm	a gun to the head is a very effective 'brute force' password cracker	01:44
lifeless	indeed	01:44
lifeless	it also breaks gpg etc ;P	01:45
spm	:-)	01:45
RenatoSilva	I have branch X merged with branch Y. I have branch Y locally, then I add a new revision and push to branch _X_, I thought this would lead to a branch conflict, but it didn't. It was like branch X was totally overwritten by branch Y...	01:45
RenatoSilva	wgrant: so that a good passphrase is as secure as e.g. RSA itself? I mean, not even all computers in the world could decrypt the private key by brute-force attack, just like it can't be done with RSA-encrypted messages.	01:48
wgrant	RenatoSilva: It all depends on the complexity of the passphrase.	01:49
spm	RenatoSilva: I think you're missing the point. if decryption is $$$, then I (the attacker) will find a more cost effective way to access your data. Hopefully comiserate with the value of your data. eg Hold a gun to your head. think outside the square.	01:49
lifeless	where is that xkcd when you need it	01:50
wgrant	lifeless: I was looking for that one :(	01:50
wgrant	http://xkcd.com/538	01:51
RenatoSilva	spm: I'm not reffering to other ways of getting access. Putting a shotgun in your head is _obviously_ a good way	01:51
spm	heh. was a common problem in my defence security days - crypto folk get so caught up in their magic, they forget that to someone who has root access on the servers on either end of the secured pipe, that said pipe is irrelevant.	01:52
spm	RenatoSilva: that you aren't referring to other ways is the problem. they're ALL related. you can't simply ignore those bits you don't care about.	01:52
RenatoSilva	spm: I can't?	01:53
RenatoSilva	spm: so if I want to specifically study brute-force attack	01:53
RenatoSilva	spm: forget it	01:53
spm	RenatoSilva: bit hard to forget it - been doing it security gumpf for waaaay too long ;-)	01:54
RenatoSilva	spm: I asked a technical specific question	01:54
RenatoSilva	spm: wgrant: so that a good passphrase is as secure as e.g. RSA itself? I mean, not even all computers in the world could decrypt the private key by brute-force attack, just like it can't be done with RSA-encrypted messages	01:54
spm	RenatoSilva: sure. and that's the problem. you're focusing on one specific part. you can't do that. ever. it's just one issue in thousands.	01:55
RenatoSilva	spm: it's a technical question, I'm not talking about security in general	01:55
wgrant	RenatoSilva: Your definition of 'good' is probably wrong.	01:55
RenatoSilva	spm: problem???	01:55
RenatoSilva	spm: ??????????	01:55
RenatoSilva	wgrant: I didn't even defined 'good'	01:55
RenatoSilva	define	01:55
wgrant	RenatoSilva: I know.	01:55
spm	RenatoSilva: you're trying to argue if XYZ is secure or not. irrelevant. I'd attack a weaker point.	01:55
wgrant	But any definition you could come up with is wrong.	01:55
RenatoSilva	spm: argue?	01:56
RenatoSilva	spm: it's just a question	01:56
spm	discuss/ whatever :-)	01:56
kub1	I am unable to access keyserver.ubuntu.com through my isp, & someone just checked & told me it is working cause they can access it. My isp blocks most ports except for http. Is there any way i can get the key through https?, and manually add it to the appropriate apt control file?	01:56
kub1	How do i access it via a proxy site? which proxy site?	01:56
RenatoSilva	spm: I'm interested in how password-based encryption works. that's it	01:57
RenatoSilva	wgrant: ok, I'm just curious about _how much_ secure they are ^	01:58
lifeless	RenatoSilva: generally the passphrase is hashed, often with a salt, and the hash is the actual key	01:58
RenatoSilva	wgrant: understand how it works etc	01:58
wgrant	RenatoSilva: As secure or insecure as you want.	01:58
RenatoSilva	wgrant: by secure I mean technically	01:58
wgrant	For your average passphrase, incredibly insecure.	01:58
wgrant	RenatoSilva: So do I.	01:58
lifeless	depending on what you're encrypting that then becomes the source for a psuedo OTP	01:58
spm	RenatoSilva: "how much secure" is the wrong question :-) secure for what purpose. eg a MS-DOS PC can be secure enough to hold TopSecret information. see?	01:58
RenatoSilva	lifeless: oh hashes....	02:00
RenatoSilva	spm: I just mean understand all the theory behind it. Of course you can use very bad RSA key pair, and you can use a shortgun, social engineering etc. but that's not what I meant	02:04
nivekc1	hello, i have a problem with launchpad and would appreciate some assistance.. I created an account some time ago and i know the email address i used but do no know the password i used.. the email is no longer active so i cant log into it to reset my launchpad password.. the reason i want to login is to remove or edit my account since when i google my screen name my last name shows up in the first hit and i don't like that at all. If there is some way i c	04:19
mwhudson	nivekc1: you got cut off there	04:23
mwhudson	nivekc1: but i suggest you email feedback@launchpad.net with the details	04:24
nivekc1	mwhudson what do you mean by cutoff	04:24
nivekc1	my post was as follows: hello, i have a problem with launchpad and would appreciate some assistance.. I created an account some time ago and i know the email address i used but do no know the password i used.. the email is no longer active so i cant log into it to reset my launchpad password.. the reason i want to login is to remove or edit my account since when i google my screen name my last name shows up in the first hit and i don't like that at all.	04:25
mwhudson	nivekc1: irc limits the length of messages	04:26
=== Edwin is now known as Guest46485
poolie	spm, are you back?	04:57
spm	poolie: yup	04:57
poolie	spm, bug 253788 is bugging me	04:58
ubottu	Launchpad bug 253788 in malone "Bug mail should use my verbose_bugnotifications, not the team's" [Undecided,Triaged] https://launchpad.net/bugs/253788	04:58
spm	pun intended?	04:58
poolie	it sounds like there's an option in the db for which there's no ui to turn it off	04:58
poolie	mm	04:58
poolie	are you able to see this in the db? could you in principle turn it off for ~bzr and ~bzr-core?	05:00
spm	poolie: could be, it's not like we have any shortage of those. /bitter_and_twisted. ping gmb directly perhaps? he may be able to let us know what to zot. ??	05:00
spm	poolie: no idea. would barely even hesitate to guess.	05:00
poolie	k, i'll open a question	05:01
spm	in principle tho. if such does exist, and we get a more or less ok that it's safe and sane from gmb, I have no problem toggling accordingly - so long as we get the sql to do so. I'm reluctant to just tweak stuff in the DB with zero idea of the consequences of doing so.	05:03
lifeless	spm: live life!	05:03
poolie	:)	05:03
spm	heh. something like that. :-)	05:03
wgrant	You could safely enough check that ~bzr-core's verbose_bugnotifications is true, though...	05:04
poolie	yeah, that would help	05:04
poolie	good idea	05:04
poolie	i filed https://answers.edge.launchpad.net/malone/+question/76825	05:05
poolie	i agree with waiting for guidance from the malone team but just having a peak as wgrant says would be nice	05:05
wgrant	Certainly, flicking the switch without confirmation from a Bugs person is probably not a good idea.	05:06
wgrant	We've not even had a Bugs person confirm that my suspicion was right, although it makes sense.	05:07
spm	poolie: select verbose_bugnotifications from person where name='bzr-core'; ==> 't'. no idea what that means tho.	05:10
poolie	k thanks	05:10
poolie	that seems to confirm william's theory	05:10
poolie	t meaning true	05:11
spm	fwiw, your settings is 'f' - so yeah true false sounds good	05:11
wgrant	Aha, so some part of Launchpad does make sense.	05:11
lifeless	you have no idea ;P	05:11
spm	wgrant: NO! it's lies!!!!	05:11
wgrant	spm: What's wrong with edge? It hasn't updated in like three days.	05:44
wgrant	Which is annoying lots of people, as a core Soyuz API is broken.	05:44
spm	wgrant: the updates have been stopped	05:44
wgrant	Is this for the same reason that staging's build broke around the same time, or something else?	05:45
spm	not sure. I was away all last week, so only have sketchy details at this stage	05:46
wgrant	Ah.	05:46
spm	aiui, we're waiting on a CP'd fix from last week to land in stable - then edge can be updated again	05:47
spm	... which far as I can see, hasn't landed yet.	05:49
thumper	:(	05:58
=== thumper_laptop is now known as thumper
=== ircd is now known as Guest18724
micahg	wgrant: it seems that attachments can exists for longer than 24 hours after being deleted	07:27
wgrant	micahg: Disappointing. You might have to ask a Bugs person later.	07:28
noodles775	wgrant: were you able to view the screenshots linked from bug 386355 as well (I know it requires LP auth, but not sure what the restrictions there are... I was hoping it allows any LP user)	08:43
ubottu	Launchpad bug 386355 in soyuz "Archive 'subscription' terminology is confusing" [Medium,In progress] https://launchpad.net/bugs/386355	08:43
wgrant	noodles775: Waiting for it to load, but I'm guessing it's devpad? That requires one to be a Canonicalite.	08:45
wgrant	Ah, chinstrap. No access to that.	08:46
noodles775	wgrant: I specifically put it on chinstrap...	08:46
noodles775	thinking that would allow access... uploading 5 images to the bug generates lots of spam.	08:46
noodles775	Hmph.	08:46
mwhudson	noodles775: you can upload to rookery which is the same machine as people.ubuntu.com	08:53
noodles775	mwhudson: Ah, great thanks!	08:54
=== ripps_ is now known as ripps
wgrant	"Optional notes about this access" seems wrong.	09:02
wgrant	And Person:+archivesubscriptions seems like it should have the PPA name linked, rather than an additional "(i) View" link.	09:04
noodles775	wgrant: do you mean the link from the email should go directly to the subscription?	09:10
noodles775	If so, it "would be difficult"... (the initial 'view' link is actually a submit button that posts a form, as it's creating the pwd....	09:11
wgrant	Ah, yes, I remember that now.	09:11
noodles775	but I agree, that would be better for the user (once we can collect stats some other way)	09:12
wgrant	In the new access email, is the registrant referring to the subscription creator, or the archive owner?	09:13
noodles775	wgrant: the subscription creator (ie. an individual)	09:16
noodles775	(I think... quickly checking)	09:16
noodles775	yes.	09:16
wgrant	Why would I want to find out more about them?	09:17
wgrant	It might be nice to tell me who they are, but I need to know the owner of the archive more.	09:17
noodles775	wgrant: in case you don't know who they are... click on their profile...	09:18
noodles775	hmmm.	09:18
wgrant	A large majority of P3As will be owned by teams, I suspect. Your emails seem to be tailored to the case that the owner is an individual.	09:19
noodles775	wgrant: I don't think so... it's just trying to tell you who was responsible for creating your subscription...	09:19
wgrant	noodles775: Why do I care about that?	09:20
wgrant	They're probably not the engineer behind the software.	09:20
noodles775	wgrant: because you may not be able to view the owning team (could be private) or the ppa page itself.	09:20
wgrant	Argh.	09:21
noodles775	(and yes, we do want to reconcile these ;) ).	09:21
noodles775	So the person who added you is someone that you can contact if you've got questions about it.	09:21
wgrant	Do you have to confirm the subscription before you can see the PPA page?	09:21
noodles775	wgrant: even then you won't be able to see the PPA page unless you are a member of the owning team (currently)	09:22
* wgrant cries.		09:22
* noodles775 put his arm around wgrant in support.		09:22
wgrant	Now I see why it is how it is.	09:22
wgrant	But... ew.	09:22
noodles775	As I said, we do want to reconcile these, but it's not trivial.	09:22
wgrant	So private teams (not PMTs!) can have PPAs?	09:24
noodles775	wgrant: I don't know, all I know is that archive subscriptions currently have nothing to do with access to the PPA page.	09:26
bigjools	PMs can have PPAs	09:26
bigjools	PMTs cannot	09:26
bigjools	P3As I mean	09:26
bigjools	acronym overload	09:27
wgrant	I would have thought the opposite would make more sense.	09:27
wgrant	So I can have a subscription to an archive in a person that doesn't exist?	09:27
bigjools	urgh I haven't woken up yet	09:28
bigjools	let me start again	09:28
bigjools	Private Teams can have Private PPAs	09:28
bigjools	Private Membership Teams cannot	09:29
=== bigjools changed the topic of #launchpad to: https://launchpad.net/ \| Help contact: bigjools \| Join https://launchpad.net/~launchpad-users \| Channel logs: http://irclogs.ubuntu.com \| Open Sourcing: https://dev.launchpad.net/OpenSourcing
wgrant	Right. Very odd, that is.	09:30
bigjools	why?	09:30
wgrant	It really doesn't seem like a good idea to send out those emails with no information about the actual archive.	09:30
james_w	hi all	09:31
bigjools	hi there james_w	09:31
noodles775	wgrant: the name of the archive is included (always was in the subject, but now also in the body as per your recommendation)	09:31
james_w	I'm still getting the OOPS from getPublishedSources, has edge been updated since we spoke on Friday?	09:31
wgrant	edge updates have been disabled, apparently :(	09:31
noodles775	james_w: nope :/	09:32
bigjools	no :(	09:32
james_w	damn	09:32
bigjools	it's a pain	09:32
wgrant	noodles775: Right, but that doesn't give me much information.	09:32
bigjools	I am going to get my fix cherrypicked	09:32
wgrant	noodles775: How do I verify who the owner is?	09:32
wgrant	I can't see that team.	09:32
noodles775	wgrant: no, but as much information as you can have about a private PPA right?	09:32
noodles775	(well, there are other public tid-bits I think, but nothing more relevant than the name)	09:33
wgrant	But I have a subscription. Why can't I see the archive?	09:33
noodles775	wgrant: you have a subscription (or access) to download software from that archive...	09:33
noodles775	not necessarily to see the builds etc. for that archive.	09:34
wgrant	But that is insane.	09:34
noodles775	Again, we do want to reconcile the two, but it's not straight-forward to do so (I've got a bug somewhere... one tick, then you can comment there :) ).	09:35
bigjools	wgrant: why is it insane?	09:38
noodles775	wgrant: bug 336779	09:38
ubottu	Launchpad bug 336779 in soyuz "ArchiveView permissions should use subscriptions" [Low,Triaged] https://launchpad.net/bugs/336779	09:38
wgrant	bigjools: What privileged information is there in a build log? As long as you're not leaking P3A buildd keys again...	09:39
bigjools	why, as someone who wants to download software from your repo, would I want to look at your PPA index page?	09:40
bigjools	it's a developer page	09:40
bigjools	not a user page	09:40
wgrant	So I can see who is giving me this software.	09:40
wgrant	And what is available.	09:40
bigjools	no	09:40
bigjools	you get to download what you're told you can download	09:41
wgrant	And I'm expected to add this invisible archive to my sources.list?	09:41
bigjools	depends how much you trust them	09:41
wgrant	Trust who?	09:42
wgrant	All I know is whoever created my subscription.	09:42
bigjools	it's an interesting point	09:43
wgrant	What happens if I am evil, buy a P3A, and give it a display name the same as some other very popular one.	09:45
wgrant	I then fill it with malware of the purest variety.	09:45
wgrant	I then invite lots of people.	09:45
wgrant	How do the users of the other one distinguish it from mine?	09:46
bigjools	I don't necessarily think the right answer is to let you see his ppa index page	09:47
wgrant	Right, it's possibly to see the team.	09:47
wgrant	But that seems even less possible.	09:47
bigjools	it might help you, as someone who is technical enough to understand it	09:47
wgrant	Where do I actually find my password? I have no access to a P3A, so I'm sort of guessing how things work.	09:49
bigjools	the subscription page shows you when you get access	09:50
* wgrant remembers and find the screenshots.		09:50
bigjools	I will give you access to soyuz team if you want	09:50
wgrant	That would be even better.	09:50
bigjools	the email is heading your way	09:52
wgrant	Hmm.	09:56
wgrant	noodles775: Um, the cancellation of access email links me to the PPA owner. Isn't that impossible?	09:58
noodles775	wgrant: not impossible, but might not be possible...	10:01
wgrant	noodles775: Well, yes.	10:01
noodles775	bigjools: ^^^ perhaps we should use cancelled_by there.	10:02
* noodles775 wonders if we should move this kind of conversation to lp-dev so lp stays a bit more friendly :)		10:03
bigjools	noodles775: yes probably	10:03
noodles775	k. I'll include it in this change.	10:03
bigjools	I was thinking of -dev as well	10:03
wgrant	noodles775: Oops, yes, we can do that now.	10:03
qball	hi I am getting this error when trying to import from git: http://launchpadlibrarian.net/28956734/gmpc-main-log.txt	11:10
* bigjools looks		11:10
bigjools	qball: I think you need to file a bug about that	11:11
mwhudson	ah, i know that one	11:11
bigjools	aha code people are still awake	11:11
mwhudson	barely	11:12
mwhudson	qball: i need to kill the import and restart it	11:12
qball	mwhudson: I clicked restart when I did this..	11:12
bigjools	mwhudson: is it a bug or something else CHR people need to be aware of?	11:12
huats	does anyone can help me to understand why something builds fine on my ppa and not on my local pbuilder ?	11:13
mwhudson	qball: a more comprehensive restart than that :)	11:13
qball	how do I do that	11:13
mwhudson	qball: you don't; i do	11:14
qball	owh ok	11:14
qball	sorry	11:14
bigjools	huats: not really a question for this channel, but paste me your output and I will take a look	11:14
* qball busy :(		11:14
mwhudson	bigjools: we should fix all branches that have this problem	11:14
mwhudson	qball: np, it's our bug!	11:14
* qball should not do multiple things		11:14
huats	bigjools: hum the output from my pbuilder ?	11:14
mwhudson	qball: i've restarted the import now	11:14
bigjools	huats: yes please	11:14
qball	mwhudson: thanks!	11:14
mwhudson	qball: should be ready in a few minutes	11:14
bigjools	mwhudson: is there a bug open?	11:14
mwhudson	qball: https://code.edge.launchpad.net/~vcs-imports/gmpc/main, you might want to subscribe	11:15
mwhudson	bigjools: no	11:15
huats	bigjools: in fact I'd like to figure out if it is related to sbuild vs pbuilder...	11:15
huats	bigjools: I am pasting the outputs	11:15
mwhudson	bigjools: i should spend a while with spm fixing this tomorrow	11:15
bigjools	mwhudson: ok.	11:16
* mwhudson writes this down on a piece of paper		11:16
bigjools	or better, file a bug ;)	11:16
mwhudson	not sure that's better, but it probably is	11:16
qball	another question, is it possible to (if code is in launchpad bzr natively) to "auto commit" translations?	11:21
qball	https://edge.launchpad.net/gpx-viewer I would like todo that for this project	11:21
mwhudson	i believe that's very much in progress	11:23
mwhudson	(but could be wrong)	11:23
qball	owh last question, I made tags (in gpx-viewer) for releases.. but they don't show up under code?	11:23
qball	what is the best (visible) way to mark release then?	11:24
huats	bigjools: http://paste.ubuntu.com/216813/	11:24
wgrant	huats: Run away.	11:24
wgrant	Very, very fast.	11:25
wgrant	This is maxima!	11:25
bigjools	heh :)	11:25
huats	so ?	11:25
huats	:)	11:25
wgrant	We've tried to get that to build with gcl for a year now.	11:25
huats	wgrant: ok I was not aware of that :)	11:25
huats	you should comment the bugs ;)	11:25
wgrant	I thought I had.	11:25
huats	may be I haven't seen your comment :)	11:25
wgrant	But you say you managed to get it to build locally?	11:26
bigjools	make[2]: *** [gcl-depends.mk] Segmentation fault	11:26
bigjools	nice!	11:26
huats	wgrant: actually not	11:26
wgrant	bigjools: Eeeehyes. It doesn't do it in Debian, and we can't work out what's wrong.	11:26
huats	wgrant: it builds fine on LP butnot on my pbuilder	11:26
bigjools	wgrant: but he said it built in a ppa ...	11:26
wgrant	Huh.	11:26
bigjools	huats: which series, karmic?	11:26
wgrant	It didn't build for me in sbuild a month or two ago.	11:26
huats	have a look at https://edge.launchpad.net/~christophe.sauthier/+archive/ppa	11:27
qball	mwhudson: imported correctly, thanks	11:27
mwhudson	qball: woo	11:27
bigjools	huats: what series are you building on with pbuilder?	11:27
huats	bigjools: I have tried both karmic and jaunty for the same result	11:27
bigjools	weird!	11:27
mwhudson	qball: now, will a subsequent import work?	11:28
mwhudson	that was the problem before	11:28
qball	let me try	11:28
mwhudson	qball: yes, hooray	11:28
qball	neat,t hanks	11:29
mwhudson	bigjools: i filed https://bugs.edge.launchpad.net/launchpad-code/+bug/398722, thanks for the prod	11:30
ubottu	Ubuntu bug 398722 in launchpad-code "fix branches damaged by non-preservation of git.db files" [High,Triaged]	11:30
bigjools	mwhudson: don't mention it, thanks :)	11:31
flixr	hi, can I drop a VCS import somehow and reset it with a new one?	11:32
huats	wgrant: actually it says seg fault	11:32
huats	but when I run it step by step	11:33
huats	I get : http://paste.ubuntu.com/216816/	11:33
huats	don't know if it helps...	11:33
bigjools	flixr: you would need to file a question and someone can do that for you (the question verifies your identity)	11:34
flixr	bigjools, I already did that: https://answers.edge.launchpad.net/launchpad-code/+question/74491	11:35
flixr	but then it was suggested that I can do that by myself	11:35
bigjools	let me check	11:36
bigjools	mwhudson: is that possible? --^	11:36
wgrant	A user can request a new one, but not delete an old one.	11:37
mwhudson	right	11:37
flixr	right, that's what I though	11:38
bigjools	mwhudson: it's assigned to you, I'll just leave you with it then	11:39
mwhudson	flixr: i requested a new import: https://code.edge.launchpad.net/~vcs-imports/paparazzi/trunk	11:39
flixr	great, thanks a lot!	11:39
mwhudson	sorry this took so long to sort out	11:40
flixr	no worries	11:41
Nafallo	that has to be an application to control remote cameras!	11:41
Nafallo	like the small spy cameras...	11:41
=== bigjools changed the topic of #launchpad to: https://launchpad.net/ \| Help contact: bigjools (at lunch) \| Join https://launchpad.net/~launchpad-users \| Channel logs: http://irclogs.ubuntu.com \| Open Sourcing: https://dev.launchpad.net/OpenSourcing
fta2	while discussing with some upstream, we were wondering how accurate the popcon stats are. some say there's a factor 10, i really doubt it. could we use launchpad data to check that? i mean, using a well kwnow PPA, if popcon says 5000, and lp stats 50000, that would confirm the factor 10.	13:01
=== rmcbride_ is now known as rmcbride
VK7HSE	is there a known time delay from when a source file is uploaded ? as when I run uscan the current source that I have just uploaded isn't picked up ?	13:55
=== bigjools changed the topic of #launchpad to: https://launchpad.net/ \| Help contact: bigjools \| Join https://launchpad.net/~launchpad-users \| Channel logs: http://irclogs.ubuntu.com \| Open Sourcing: https://dev.launchpad.net/OpenSourcing
bigjools	VK7HSE: yes, the scanner runs about every 5 minutes	13:56
VK7HSE	Ahh cool thanks...	13:57
* VK7HSE needs to be more patient !!!		13:57
=== flacoste_lunch is now known as flacoste
huats	wgrant: i just did the merge for maxima (and build it on my ppa) : works great.... So I'll upload it like this in universe....	14:14
=== Kangarooo1 is now known as Kangarooo
geser	bigjools: do you know if updating edge will be enabled soon again?	15:58
bigjools	geser: we're working on it right now	15:58
bigjools	there was a problem	15:58
=== fjlacoste is now known as flacoste
=== deryck is now known as deryck[lunch]
=== salgado is now known as salgado-lunch
=== matsubara is now known as matsubara-lunch
=== kiko is now known as kiko-fud
=== maxb_ is now known as maxb
=== bigjools changed the topic of #launchpad to: https://launchpad.net/ \| Help contact: - \| Join https://launchpad.net/~launchpad-users \| Channel logs: http://irclogs.ubuntu.com \| Open Sourcing: https://dev.launchpad.net/OpenSourcing
micahg	ping sinzui	17:22
sinzui	hi micahg	17:22
micahg	hi sinzui	17:22
micahg	I was looking at bug 73890	17:22
ubottu	Launchpad bug 73890 in blueprint "Show diff of whiteboard changes in e-mail notifications" [Undecided,Won't fix] https://launchpad.net/bugs/73890	17:22
micahg	is it still the intention to remove the whiteboards	17:23
sinzui	yes	17:23
micahg	will it be replaced with something more trackable?	17:23
=== deryck[lunch] is now known as deryck
sinzui	blueprints should have comments like bugs	17:23
micahg	with a master description as well?	17:23
sinzui	probably	17:24
micahg	ok, is there a master bug I can subscribe to?	17:25
* sinzui looks		17:25
sinzui	micahg: bug 49698	17:28
ubottu	Launchpad bug 49698 in blueprint "specifications should allow comments" [Low,Triaged] https://launchpad.net/bugs/49698	17:28
micahg	I have a comment about comments	17:29
micahg	There should be a way to lock a spec so only approved people can comment	17:30
micahg	otherwise it might get out of hand	17:30
micahg	would that be a new bug	17:30
micahg	or a comment on this one?	17:30
sinzui	micahg: I don't think we would implement that or accept someone's submission for that. We allow everyone to comment on bugs and questions	17:31
micahg	or and edit on the whiteboard	17:31
sinzui	micahg: There is a feature I want o implement that makes comments for trusted project members very visible	17:31
sinzui	s/for trusted/from trusted/	17:31
micahg	I guesss as long as tehre's a changelog or we're e-mailed a changelog of changes to the master description, it would be ok	17:33
micahg	I just don' tlike the idea of a spec being hijacked	17:33
sinzui	micahg: right. We need better activity reporting in launchpad	17:33
=== dpm is now known as dpm-afk
sinzui	micahg: That has yet to be seen as an issue. Ubuntu is massive, and they have not reported a problem with this	17:34
micahg	yes, but I don't think the blueprints are as highly used as the bug tracker	17:35
sinzui	Bug are and that is not a problem with bugs	17:36
micahg	right, but bugs are very targetted in scope	17:36
sinzui	Nor is it a problem with answers. In general, we do design for features that may not ever be needed	17:36
micahg	occasionally we have people troll in bugs	17:37
micahg	but whatever, that's fine	17:37
micahg	you answered my original Q and I subscribed to the bug and blueprint	17:37
micahg	thanks sinzui	17:37
=== salgado-lunch is now known as salgado
=== kiko-fud is now known as kiko
=== Kangarooo1 is now known as Kangarooo
=== Kangarooo2 is now known as Kangarooo
=== yofel_ is now known as yofel
=== magcius_ is now known as magcius
MT-	Is anyone aware of an issue where I get getting duplicate email?	18:55
=== micahg1 is now known as micahg
=== arianit_ is now known as arianit
=== jon is now known as Guest40234
SiDi	Hello. Does anyone know if there are irc commit bots that can watch changes on LP bzr branches ?	20:52
racecar56	anyone here?	20:58
maxb	racecar56: Just ask. If there's someone who's able to help, they'll answer,	21:01
racecar56	maxb: kk	21:01
racecar56	im going to make some modifications with kblocks (which is in kdegames), should i get the bzr version or the one you get with apt-get source? (i don't know if this is actually related to here...)	21:02
racecar56	the one from bzr is from launchpad but the apt-get source one is from the ubuntu repos	21:02
maxb	#launchpad is for Launchpad the service - for questions about projects that simply use Launchpad, use a project specific IRC channel.	21:03
racecar56	oh, then it's #ubuntu	21:03
racecar56	ill be there	21:03
=== matsubara-lunch is now known as matsubara
=== Kangarooo1 is now known as Kangarooo
smo_	hi, i created a ppa some days ago, yesterday i uploaded my packages, dput is ok.. but i still have the message , no packages in this ppa... and no dir in ppa.launchpad.net, our project is launchpad.net/ubukey, how can i know what s wrong please ?	21:28
smo_	oups, hi first ^^	21:28
maxb	smo_: You should have received email confirmation after uploading packages	21:34
maxb	usually within 5 minutes of uploading	21:35
maxb	If you receive no email at all the usual cause is either your uploaded .changes file was improperly signed, or you haven't bound the signing key to a launchpad account	21:36
maxb	either of those problems stops launchpad being able to tell who did the upload, so it has no way to tell you about the problem	21:37
aboSamoor	I want to translate reddit, how can I do that using the launchpad facilities ?	21:38
=== salgado is now known as salgado-afk
=== ripps_ is now known as ripps
=== MT- is now known as MTecknology
=== EdwinGrubbs_ is now known as EdwinGrubbs
=== MTecknology is now known as MT-
aboSamoor	I want to mirror git repository but I get this message "This branch may be out of date, as Launchpad was not able to access it 18 minutes ago. (Not a branch: "http://code.reddit.com/repo/reddit.git/".) Launchpad will try again in 5 hours. If you have fixed the problem, please ask Launchpad to try again. "	22:39
AnMaster	how do I change https://code.launchpad.net/~anmaster/cfunge/main to a hosted branch, my hosting went down forever.	22:47
AnMaster	I used mirrored before	22:47
AnMaster	same for all my other branches	22:47
=== Edwin is now known as Guest3052
mwhudson	aboSamoor: did you request the import at https://code.edge.launchpad.net/+code-imports/+new	23:05
mwhudson	?	23:05
aboSamoor	mwhudson, no	23:06
mwhudson	aboSamoor: well you should have, i guess	23:08
mwhudson	AnMaster: ask a question please	23:08
AnMaster	mwhudson, in which project?	23:08
mwhudson	AnMaster: launchpad-code	23:08
AnMaster	thanks	23:08
aboSamoor	mwhudson, I think it is working, how should found that, it think it is not clear !	23:08
mwhudson	aboSamoor: it's not very clear no,	23:09
AnMaster	mwhudson, should I list the affected branches or?	23:11
mwhudson	that would be useful	23:12
AnMaster	right	23:12
AnMaster	mwhudson, anyway there should be a way for users to convert them. :)	23:12
mwhudson	yes	23:12
mwhudson	i think there's already a bug for this	23:12
AnMaster	mwhudson, https://answers.launchpad.net/launchpad-code/+question/76897	23:13
* mwhudson on the phone now sorry		23:14
qball	"no you hang up"	23:14
AnMaster	no rush	23:15
=== Edwin is now known as Guest72729
smo__	hi	23:39
smo__	i need help with ppa repository on launchpad please	23:40
wgrant	smo__: What is the problem that you're having?	23:40
smo__	first, do i must sign my packages or not ?	23:40
wgrant	smo__: You must sign anything that you upload, yes.	23:41
smo__	so it s maybe my problem	23:41
smo__	in my dput.cfg	23:41
smo__	i have allow_unsigned_uploads = 1	23:42
smo__	so if packages are not signed, is it normalthat i still have the message : This PPA does not contain any packages yet. Find more information about how to upload packages in the PPA help page	23:42
smo__	?	23:42
wgrant	smo__: If you uploaded something and didn't get an email saying it was accepted, I would indeed expect your PPA to say it didn't have any packages.	23:44
smo__	what s the validating process?	23:45
wgrant	As maxb said earlier, you are not uploading to the right place, or you're not signing the package with a key that Launchpad knows about.	23:45
smo__	i created my key	23:45
smo__	it s on the lp servers	23:45
wgrant	Have you attached it to your Launchpad account?	23:45
smo__	yes	23:45
wgrant	And did you sign the package?	23:46
smo__	no ^^	23:46
smo__	i m searching howto do that	23:46
wgrant	There's your problem.	23:46
wgrant	debsign blah_source.changes	23:46
smo__	the whole process is very complicated (for me)	23:46
smo__	so i sign the .changes .dsc .deb ....	23:47
wgrant	You just debsign the .changes. It will do everything else for you.	23:47
smo__	nice	23:47
smo__	have a fast exemple? (or i ll search np..)	23:48
smo__	gpg --sign-key keyID	23:48
smo__	gpg --sign-key F378FBB4	23:49
smo__	for me , right ?	23:49
wgrant	I gave one above: 'debsign package_version_source.changes'	23:49
smo__	ok thx, i try	23:49
smo__	gpg: [stdin]: clearsign failed: la clé secrète n'est pas disponible	23:50
smo__	secret key not available	23:50
smo__	...	23:50
=== Edwin is now known as Guest23169
wgrant	smo__: Your key obviously doesn't match the name in your package changelog. Give debsign your key id with '-kKEYID'	23:52
smo__	ok i try	23:52
smo__	Successfully signed dsc and changes files	23:53
smo__	^^	23:53
wgrant	Now, try dputting!	23:54
smo__	it will overwrite ?	23:54
wgrant	There's nothing there, so it doesn't have to.	23:54
smo__	Already uploaded to ppa on ppa.launchpad.net	23:55
wgrant	Ah, that's a local thing. Give dput '-f'.	23:55
smo__	nice	23:56
smo__	thx a lot ^^	23:56
wgrant	np	23:56
smo__	works	23:56
wgrant	We'll see in three minutes if it actually did work.	23:57

Generated by irclog2html.py 2.7 by Marius Gedminas - find it at mg.pov.lt!