[00:32] <kb9vqf> Can someone take a look and see why my PPA does not seem to be purging superceded packages?
[00:32] <kb9vqf> https://launchpad.net/~kde3-maintainers/+archive/trinity-svn-nightly/+packages?start=0&batch=75
[00:32] <kb9vqf> It should have over 1Gb free at the moment
[00:33] <wgrant> kb9vqf: Packages that are superseded by newer versions will be deleted after 24 hours.
[00:34] <wgrant> If you want to get rid of them more quickly, go to 'Delete packages' and remove them manually.
[00:36] <kb9vqf> wgrant: They don't show up, even when I select superceded packages from the filter drop-down
[00:36] <kb9vqf> But they are still taking space
[00:38]  * kb9vqf admits it hasn't been 24 hours though
[04:31] <AnAnt> Hello, I cannot do any changes on launchpad from elinks browser, I get this error:
[04:31] <AnAnt>    Launchpad doesn't understand the form data submitted in this request.
[04:31] <wgrant> AnAnt: Do your browser settings block the Referer header?
[04:32] <AnAnt> wgrant: ah, thanks
[04:32] <wgrant> The error message should soon be less completely unobvious.
[04:40] <poolie> i'm sure it's true if you say it but i'm surprised lp relies on the referer header
[04:41] <wgrant> It shouldn't. But it was easier than adding cookies to every form.
[04:41] <wgrant> And all internal API calls.
[04:42] <wgrant> (it didn't rely on it completely until recently, but that was a grave bug)
[04:43] <cody-somerville> Is this to prevent XSRF?
[04:43] <wgrant> Yes.
[04:43] <AnAnt> wgrant: elinks says that sending previous URL as Referer is insecure though
[04:43] <cody-somerville> wgrant, How is using the Referer header secure?
[04:44] <cody-somerville> wgrant, Isn't that relying on the client to be truthful?
[04:44] <AnAnt> (correct, but insecure)
[04:44] <wgrant> cody-somerville: You have to be able to trust the browser for any security to work.
[04:44] <cody-somerville> Not true.
[04:44] <wgrant> And browsers do not allow client code to set Referer.
[04:45] <cody-somerville> I can write my own code to pretend to be a browser.
[04:45] <wgrant> You can easily convince a browser to omit it, but not set a fake one.
[04:45] <wgrant> cody-somerville: And that's not a problem.
[04:45] <wgrant> cody-somerville: If users are authenticating to LP through a malicious app that's not a browser, that's not CSRF.
[04:46] <wgrant> Referer checking prevents a trustworthy browser from being used by a site to hijack the Launchpad session.
[04:46] <wgrant> If a user is running code that fakes Referers, that's up to them.
[04:46] <mwhudson> cody-somerville: the exploit is getting someone who is using a trustworthy browser to go to a malicious page which then makes xhr requests to do nasty things
[04:46] <wgrant> No, not XHR.
[04:47] <mwhudson> er right
[04:47] <wgrant> XHR is safe.
[04:47] <wgrant> Form POSTs.
[04:47] <mwhudson> forms
[04:47]  * mwhudson steps away from the computer
[04:48] <wgrant> So, browser's shouldn't allow pages to set arbitrary Referer values on their requests. Any that do so have a bug.
[04:48] <wgrant> Flash used to, but that was fixed ages ago
[04:48] <cody-somerville> There are other solutions to this problem that don't have this problem.
[04:49] <wgrant> Adding nonces to every form and API request is, as I said earlier, not a trivial solution to implement in an existing supermassive webapp.
[04:49] <wgrant> But Referer checking is fine, as long as your browser is not buggy.
[04:49] <wgrant> Nonces are much much better, though.
[04:50] <wgrant> cody-somerville: What attack can you come up with that works around this defence?
[04:52] <cody-somerville> Checking the referrer definitely makes it trickier but means you're clearly not 100% secure from this sort of attack.
[04:52] <wgrant> You are clear unless your browser is broken.
[04:53] <spiv> cody-somerville: how is it any different to relying on the browser's cookie handling?
[04:53] <wgrant> And if your browser is broken and allowing Referer overrides, it might as well be broken and allow cross-site XHR or cross-window leaks.
[05:00] <cody-somerville> I wonder if a Java applet could be malicious in this regard. I suspect not.
[05:01] <cody-somerville> And I suppose when you start calling browser security features into suspect, you're pretty much screwed.
[05:02] <wgrant> You have to be able to trust the browser and its plugins.
[05:02] <wgrant> Java should be safe, since even Flash is fixed.
[05:02] <wgrant> And the Java security model would be pretty broken if it let you do this.
[05:05] <wgrant> (I'm pretty sure I found a reference for that somewhere, or I would have checked)
[06:17] <mtaylor> this may be a silly question - but is there a java-version of launchpadlib anywhere (or any Java API for launchpad?)
[06:18] <lifeless> mtaylor: look for a java rest toolkit
[06:18] <lifeless> e.g. http://java.sun.com/developer/technicalArticles/WebServices/restful/
[06:20] <mtaylor> lifeless: k. I was hoping someone had encapsulated it for me already
[06:20] <mtaylor> :)
[06:21] <lifeless> mtaylor: the general pattern is a metric tonne of reflection
[06:21] <mtaylor> lifeless: yay!
[06:21] <mtaylor> lifeless: I look forward to my new java reflection master
[06:21] <lifeless> its what python-lplib is
[06:24] <lifeless> the biggest issue you'll have is oauth
[06:24] <lifeless> so you need to find a restful + oauth combo
[06:25] <lifeless> and then point it at lp and you should only need enough glue to specify where the api definition file is
[06:33] <mwhudson> i guess launchpadlib probably works with jython
[06:33] <mwhudson> so you could probably expose a few things by that route
[06:36] <mtaylor> mwhudson: well... I'm starting work on hudson integration - so I should probably just go ahead and do it in java
[06:36] <mtaylor> lifeless: is there actually an api def file?
[06:37] <mtaylor> lifeless: http://people.canonical.com/~flacoste/launchpad-api-doc.html seems broken
[06:38] <mwhudson> mtaylor: it's described using WADL
[06:39] <mtaylor> awesome
[06:39] <wgrant> Up-to-date documentation can always be found at https://launchpad.net/+apidoc
[06:40] <wgrant> The WADL is retrieved by making a request to the API root with the WADL MIME type in the Accepts header.
[06:40] <mtaylor> awesome
[06:40] <wgrant> But depending on how much you want to do, dealing with WADL is probably overkill.
[06:42] <thumper> mtaylor: I know someone was doing a java launchpadlib but I don't remember who
[06:43] <thumper> mtaylor: ask on the launchpad-dev mailinglist
[06:43] <mtaylor> wgrant: well... my current plan is to have a hudson plugin which monitors launchpad for accepted merge requests, tests them and potentially writes status information back to the merge request
[06:43] <mtaylor> wgrant: so I may not need _huge_ amounts of the API to start with
[06:44] <lifeless> mtaylor: you can probably get by with basic auth in that case ;)
[06:45] <mtaylor> lifeless: the first element can be anonymous :)
[06:45] <lifeless> unless its actually been disabled these days
[06:45] <mtaylor> lifeless: the second part, where I change the status to "needs fixing" if something breaks in the test build ... that'll need some auth
[06:45] <wgrant> lifeless: It won't work for the API.
[06:45] <wgrant> lifeless: And it won't work at all soon.
[06:45] <lifeless> wgrant: dang
[06:45] <mtaylor> lifeless: worked for me a few moments ago...
[06:45] <mtaylor> oh, really?
[06:46] <mtaylor> as in - anon access to launchpad is going away?
[06:46] <wgrant> LP is about to forget about passwords entirely.
[06:46] <lifeless> mtaylor: no, basic auth
[06:46] <mtaylor> ah. gotcha
[06:46] <lifeless> mtaylor: as in rfc2617 web authentication.
[06:46] <lifeless> the standard for web auth :)
[06:46] <mtaylor> is LP going to allow me to choose my own openid provider - or am I still only going to be able to use the ubuntu sso ?
[06:47] <mtaylor> which really has nothing to do with oathing for API I know ... just curious as to what's happening
[06:47] <lifeless> eventualy, yes I think.
[06:47] <mtaylor> s/oathingoauthing/
[06:47] <wgrant> mtaylor: For now it is locked to LP SSO. Soon it will be Ubuntu SSO instead (which still uses the same database). After that, the database will be split, and LP will be a reasonably normal OpenID consumer.
[06:47] <wgrant> Then it's not that hard to let it accept any OpenID provider.
[06:48] <mtaylor> neet
[06:48] <lifeless> it will be a policy choice
[06:48] <lifeless> what is probably needed is an admin blacklist of providers
[06:48] <lifeless> so that spammers don't just use the public ip of botnet machines as auth providers
[06:48] <lifeless> or perhaps whitelist
[06:48] <wgrant> Whitelists will make people stab you rapidly.
[06:49] <wgrant> You do not whitelist OpenID.
[06:49] <mtaylor> yup. because then I'll be like "hey! add inaugust.com"
[06:49] <lifeless> wgrant: I was thinking an API call anyone can make to add a provider
[06:49] <wgrant> lifeless: Hmmm.
[06:49] <lifeless> and another call only admins and high karma people can make to nuke a provider - and that will flag the person that added it as not being able to add more.
[06:50] <wgrant> LP will still probably require a captcha and email verification on first login, I imagine.
[06:50] <lifeless> captcha has been broken by spammers
[06:50] <mtaylor> catpcha is annoying
[06:50] <wgrant> But so are spammers.
[06:50] <lifeless> 'meow'
[06:50] <mtaylor> agree
[06:58] <mtaylor> bwahaha
[06:58] <mtaylor> http://pastebin.com/ZpEssrXM
[06:58] <mtaylor> I love the java view on "simple"
[07:05] <buxy> A DD is telling me that he avoids using new source format 3.0 (quilt) because karmic PPA in launchpad do not support the new source formats. Is there a way to fix that?
[07:05] <wgrant> buxy: We can trivially enable it if you think Karmic's dpkg is sufficient.
[07:06] <wgrant> I know it has a few broken bits around 3.0 (quilt).
[07:07] <buxy> I think it should be sufficient yes, even lenny's dpkg supports 3.0 (quilt)
[07:08] <wgrant> I know it mostly works.
[07:09] <wgrant> But it's a bit stricter about component-orig names, and doesn't have the full quilt emulation, which have both been backported to Lenny's, right?
[07:09] <buxy> There have been no important bugfixes since 1.15.4 AFAIK only new features added
[07:10] <buxy> hum ah right, been too quick, let me review
[07:10] <wgrant> Still, even with those holes it should just fail to build the broken cases.
[07:10] <wgrant> So there's little risk enabling it.
[07:11] <wgrant> Unless your further review reveals anything, I'll try to convince the relevant people tonight.
[07:11] <wgrant> Distro folk have already mostly agreed to it.
[07:12] <buxy> that version can/will use quilt true, but that's not a problem since packages generate nowadays are compliant with the stricter dpkg implementation
[07:13] <buxy> wgrant: looks safe here, worst case as you say means a package fails to build
[07:14] <buxy> wgrant: thanks!
[07:18] <wgrant> buxy: Thanks for the poke. I meant to do this convincing a month or so ago, but forgot.
[07:26] <mtaylor> I have someone trying to do an add-apt-repository ppa:drizzle-developers/ppa and they're getting  "<urlopen error [Errno 111] Connection refused>"
[07:26] <mtaylor> is there anything specific I should get them to check?
[07:28] <wgrant> mtaylor: It should only make two connections, the destinations for which are both fine.
[07:28] <wgrant> launchpad.net:443
[07:28] <wgrant> keyserver.ubuntu.com:11371
[07:29] <wgrant> That error looks like it's for the former.
[07:29] <wgrant> So they're probably behind a firewall that blocks direct HTTPS.
[07:30] <mtaylor> that's ass
[07:30]  * mtaylor hates dumb firewalls
[07:30] <mtaylor> wgrant: thanks!
[07:30] <wgrant> It should have given the exact URL of the request, though.
[07:30] <wgrant> Something like 'Error reading https://launchpad.net/api/beta/~someuser/+archive/someppa: <urlopen error [Errno 111] Connection refused>'
[08:37] <marmuta> Hi, I'm getting "Unexpected form data" when filing bugs or trying to log out. Anybody know how to debug this?
[08:38] <marmuta> It's fine in Epiphany, only seems to happen with my firefox profile.
[08:40] <wgrant> marmuta: Your Firefox configuration is blocking the Referer header.
[08:40] <wgrant> Or otherwise mangling it.
[08:42] <marmuta> :) yes it did, whitelisting launchpad did the trick
[08:42] <marmuta> thank you!
[08:43] <wgrant> marmuta: The error message should be a bit less opaque soon.
[08:45] <marmuta> great, that would help
[08:46] <marmuta> thanks again :)
[08:51] <edakiri> "The following errors were encountered: Server error, please  contact an administrator."
[08:51] <edakiri> while posting follow up to bug report.
[08:52] <wgrant> edakiri: Is it reproducible?
[08:53] <edakiri> I don't know.  I haven't touched my browser for fear I disrupt some information that I should gather from it.
[08:53] <edakiri> Or disrupt the status on the server or create more noise in logs
[08:54] <edakiri> would you like me to retry?
[08:54] <wgrant> edakiri: Can you use other forms on Launchpad? For example, can you click on your name in the top right, click 'Change details', then click Save?
[08:54] <edakiri> reattempting post, reproduced error.
[08:56] <edakiri> Editing profile details gave:   Unexpected form data              Launchpad doesn't understand the form data submitted in this  request.
[08:57] <wgrant> edakiri: OK, as I suspected. Your browser is blocking or otherwise mangling the Referer header. Can you disable that, or at least whitelist launchpad.net, and try again?
[08:57] <edakiri> I will look into that.
[09:02] <edakiri> My browser is not sending referer
[09:04] <edakiri> Enabling referer allowed post
[09:11] <aquarius> If I have a project where upstream is hosted on launchpad, and that project is also packaged in Ubuntu, I can get bugs for the upstream project from launchpadlib with launchpad.projects['projectname'].searchTasks(). How do I get bugs which are only assigned to the Ubuntu package of the project?
[09:12] <wgrant> *Only* assigned? You can't, directly.
[09:12] <aquarius> a project doesn't seem to have a packages member?
[09:12] <aquarius> wgrant, oh :(
[09:12] <wgrant> You would have to do a set difference between that and launchpad.distributions['ubuntu'].getSourcePackage('somepackage').searchTasks()
[09:12] <aquarius> wgrant, so I'd have to get all the Ubuntu bugs and walk through them?
[09:12] <dnjl> what happens to the builders? 30+ hours is a new record and totally unacceptable for productive work! What can we do?
[09:12] <aquarius> ah!
[09:12] <aquarius> getSourcePackage, that's what I want.
[09:13] <aquarius> so launchpad.distributions['ubuntu'].getSourcePackage('somepackage').searchTasks() wil return bugs which are assigned to the upstream package as well?
[09:13] <wgrant> aquarius: It will get bugs with tasks against the package, whether or not they also have tasks against the upstream project.
[09:14] <aquarius> right, that's cool. I can de-dupe the list myself
[09:14] <aquarius> thanks
[09:14] <aquarius> ubuntu is a distribution, not a product. that's where I went wrong :)
[09:30] <aquarius> How do I assign a bug to an Ubuntu package? If I search for Rhythmbox in the "also affects project" thing, it only finds the upstream Rhythmbox project (synced from gnome bugzilla), not the Ubuntu package.
[09:31] <wgrant> aquarius: "Also affects distribution..."
[09:32] <aquarius> right, every time I mention the word "package" from now on, someone hit me in the face with a shovel and remind me about distributions, eh?
[09:32] <aquarius> how can I make the same mistake twice in successive tasks?
[09:33] <wgrant> Heh.
[09:33] <lifeless> aquarius: a shovel ?
[09:33] <aquarius> well, y'know, if you're feeling decent then you could hit me in the face with a cream cake or something
[09:34] <lifeless> ask kiko about me and cream cakes
[09:38] <gmb> Kiko is the only person in the world afraid of dessert as a result.
[09:41] <lifeless> heh
[09:41] <lifeless> if he ate dessert, he'd double his bfp
[10:03] <aquarius> hooray, my page that displays all the bugs I need to work on now contains 59 bugs, not 26. Darn.
[10:03] <aquarius> this is what I get for not using the API properly :)
[10:03] <wgrant> Heh.
[10:04] <aquarius> still, I'm now more convinced that that's all of them.
[10:04] <wgrant> Well, did you know about the other potential target?
[10:06] <aquarius> I knew that there were bugs that I'd seen that weren't in my manually-built list, but I didn't know why. Then I worked out why :)
[11:46] <aquarius> hm, edge is timing out for everything :(
[11:50] <bilalakhtar> hello everyone I have been facing problems with loggerhead its not loading
[12:02] <edakiri> Is there a way to dissolve or deprecate a project in favor of another project?
[12:05] <edakiri> Nevermind.  I can retitle the project and switch branches.
[12:58] <gnomefreak> ok Launchpad allows you to reply to upstream bugs. is there a way i can do that from email like i do for Ubuntu Lp bugs?
[13:00] <deryck> gnomefreak, you mean can you link an LP bug to the upstream bug report via email?
[13:01] <gnomefreak> deryck: no can i reply to the linked upstream bug using email? i use email now to reply to ubuntu bugs i would like to do that for upstream if there is a way
[13:02] <deryck> gnomefreak, no, not currently.  replies are to the lp bug.
[13:03] <gnomefreak> deryck: ok thanks. any plans on it?
[13:03] <gnomefreak> implementing it
[13:03] <deryck> gnomefreak, no, not at this point.  You're the first to ask, as far as I know.  Though I'm sure others would like it.
[13:04] <gnomefreak> ah i thought about filing a wishlist bug but not sure if it is worth it
[13:08] <deryck> there's certainly no harm in making sure the request is recorded and tracked.
[14:20] <seb128> hey
[14:20] <seb128> bug #543890 oops on edge and non-edge
[14:22] <wgrant> Hm, another deleted attachment LFC.
[14:22] <seb128> ups, sorry
[14:22] <seb128> so this bug was making the retracer crash
[14:22] <wgrant> OH.
[14:23] <seb128> I just found that +edit works
[14:23] <wgrant> Yeah.
[14:23] <seb128> so I managed to untag it
[14:23] <wgrant> It's just the rendering of comment #1.
[14:23] <seb128> so it's good now
[14:23] <seb128> is the issue a known one?
[14:24] <wgrant> I wonder if that's the raw attached apport blob, that has since been garbage collected.
[14:24] <wgrant> It's not known, but I saw it on one other bug a few days ago.
[14:25] <wgrant> Bugs people, ^^. That's the second bug I've seen with an apport gzip attachment with a missing LFC.
[14:49] <stani> I know there are arguments against it, but I would like to configure the mailing list phatch-dev with repy-to to itself. Can I request this somewhere?
[17:03] <kb9vqf> Is there anything that can be done about the length of the amd64 PPA queue?
[17:03] <kb9vqf> 2 days seems a bit excessive ;-)
[17:46] <mtaylor> GAHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHH
[17:46] <mtaylor> sorry
[17:46] <mtaylor> so - I'm trying to develop a java app that will consume some of the launchpad API
[17:47] <mtaylor> netbeans has a wonderful "add a web service" feature which allows me to just add in the URL of something and it will pull the wadl file and do all the work
[17:48] <mtaylor> except... https://api.staging.launchpad.net/beta/ seems to want me to be oauthed - and there doesn't seem to be a simple way to just get the file
[17:50] <bigjools> kb9vqf: the missing builders are being used to test lucid, when they're done the queue will process quickly again
[17:50] <kb9vqf> OK, thanks for the explaination.  I'll wait patiently :-)
[17:51] <bigjools> leonardr: can you help mtaylor?
[17:51] <bigjools> kb9vqf: yeah, PPAs are sometimes hurt by their own popularity
[17:52] <geser> mtaylor: I've a python script to just fetch the wadl file if it helps you
[17:52] <mtaylor> geser: I believe that would help very much!@
[17:53]  * mtaylor would like to officially grumble about hiding the wadl behind the oauth ... seems like a chicken-and-egg issue there 
[17:54] <geser> mtaylor: http://paste.ubuntu.com/401278/ but you need to authenticate the script once
[17:55] <mtaylor> geser: no problem!
[17:55] <mtaylor> geser: thanks
[17:56] <edakiri> mtaylor: is this going to be another end UI to launchpad.  A non-web one?
[17:57] <mtaylor> edakiri: no... working on hudson integration
[17:58] <mtaylor> edakiri: so that hudson can read accepted merge requests and spawn off builders for them
[18:00] <mtaylor> sigh
[18:00] <mtaylor> geser: I know this isn't your problem ... but I'm getting lazr.restfulclient.errors.HTTPError: HTTP Error 404: Not Found
[18:02] <james_w> mtaylor: try http://paste.ubuntu.com/401283/
[18:02] <james_w> addition of the .replace("/beta", "") near the edn
[18:02] <james_w> end
[18:03] <mtaylor> james_w: awesome. thanks
[18:05] <mtaylor> still getting lazr.restfulclient.errors.HTTPError: HTTP Error 404: Not Found
[18:15] <kamalm> is there a command-line tool I can use to upload several files to a LP bug at once?
[18:16] <geser> james_w: the problem is not the additional "beta" but its missing
[18:16] <james_w> mtaylor: I got it the wrong way round, you need to '+ "beta"', rather than remove it
[18:16] <h00k> so, I'm working on a project with quickly, I created a ppa on launchpad, I'd like to...get them talking to each other. Is this the place to ask?
[18:16] <mtaylor> james_w: :)
[18:17] <geser> mtaylor: try http://paste.ubuntu.com/401291/
[18:17] <geser> I've "fixed" the problem and also made it use of the anonymous login to getch the wadl file
[18:17] <geser> it's some time since I used this script
[18:18] <mtaylor> woot! works
[18:31] <_lemsx1_> cannot post a bug. getting this error (Error ID:         OOPS-1545K2297)
[19:06] <KdaG> hi all, im trying to upload the first package to my PPA
[19:06] <KdaG> i have read the help and searched google
[19:06] <KdaG> but about the error i get there nothing clear enough to help me out
[19:07] <KdaG> im really, as the topic says, "Still stuck"
[19:08] <KdaG> will this be a good place to ask, is there someone who has 5min to help me out and understand whats wrong
[19:09] <KdaG> dput tells me this:
[19:09] <KdaG> Checking Signature on .changes
[19:09] <KdaG> gpg: no valid OpenPGP data found.
[19:09] <KdaG> gpg: the signature could not be verified.
[19:10] <_lemsx1_> KdaG: do you have a gnupg key?
[19:10] <_lemsx1_> KdaG: gpg --list-keys
[19:11] <_lemsx1_> KdaG: use seahorse to create one (Applications > Accessories > Passwords and keys... )
[19:12] <KdaG> _lemsx1_: hi, thanks for
[19:12] <KdaG> yes i have a key
[19:13] <KdaG> debuild -S -k6ACABFC1 -sd
[19:13] <_lemsx1_> KdaG: then your changelog file must match your first lastname <key>
[19:13] <KdaG> maybe the caps?
[19:13] <KdaG> let me try
[19:14] <_lemsx1_> I have a rule in my .vimrc file (.vimrc-`hostname` to be exact)
[19:14] <_lemsx1_> it inserts the proper sig in the changelo when i type: idebian
[19:14] <_lemsx1_> this is the rule:
[19:14] <_lemsx1_> iab idebian -- FirstName LastName <my_uid@my_mail.com>  <C-R>=strftime("%a, %d %b %Y %H:%M:%S %z")<CR>
[19:15] <_lemsx1_> there must be two spaces in from of --
[19:15] <_lemsx1_> KdaG: you might want to read the Debian New Developer documentation :-)
[19:27] <KdaG> _lemsx1_: now it uploaded, i had to manualy rm the prev generated .changes
[19:27] <_lemsx1_> KdaG: cool
[19:27] <KdaG> well, yes
[19:28] <KdaG> but it should rewrite the file or give an error or a message
[19:28] <KdaG> but nothing
[19:28] <KdaG> one can stay there for hours like i did
[19:28] <KdaG> man..
[19:30] <_lemsx1_> KdaG: part of the fun and games of growing up :-)
[19:54] <mtaylor> the launchpad WADL file seems pretty broken
[19:55] <mtaylor> which doesn't seem to be out of character for the APIs I'm trying to consume today - but it's still frustrating
[19:56] <james_w> mtaylor: in what way?
[19:56] <mtaylor> james_w: well... two things.
[19:56] <mtaylor> james_w: the most important being that when I try to import it in to the Web Service system in netbeans, I get no resources
[19:57] <mtaylor> james_w: which could be a bug in netbeans, but there are a BUNCH of services that do work there (amazon, yahoo, google, zillow)
[19:57] <james_w> sounds like a big one :-)
[19:57] <mtaylor> james_w: secondly, there is no publicly accessible URL I can feed to anything to say "here's the WADL describing this service" (again, trying to use netbeans)  - I had to use that script of yours to get it
[19:58] <mtaylor> I think that protecting API members is important and all, but it should be simple to get the wadl
[19:58] <james_w> right, the OAuth requirement was a conscious decision AIUI. Not one that I agree with though.
[19:59] <mtaylor> james_w: it's just plain wrong
[19:59] <james_w> I don't remember the reasons now though
[20:00] <mtaylor> james_w: it's a public interface description to describe how to get to the services which are behind oauth ... for that matter, I imagine the oauth bit should likely be described in the wadl :)
[20:00] <mtaylor> sigh
[20:00] <mtaylor> my work on this project is not going smoothly :)
[20:03] <james_w> mtaylor: do you have links to any of the other wadls? I'd like to see what may cause the first problem
[20:03] <james_w> for the second you can file a bug at https://bugs.launchpad.net/launchpad-foundations/+filebug
[20:04] <mtaylor> james_w: I'm working on filing a bug right now - I'll attach the amazonec2 wadl I've got
[20:04] <james_w> great
[20:07] <mtaylor> james_w: but with wadl filed ... bug#547216
[20:09] <james_w> mtaylor: that wadl is significantly less complex. My hunch is that netbeans doesn't support all the ways you can write wadl
[20:11] <mtaylor> james_w: that's very possible
[20:17] <mtaylor> james_w: this one also works: https://sandbox.google.com/api/adsense/v2/AdSenseForContentService?wsdl
[20:18] <james_w> mtaylor: that's wsdl not wadl
[20:19] <mtaylor> james_w: ah - so it is. sorry
[20:21] <james_w> mtaylor: does http://people.canonical.com/~jamesw/wadl-development-devel.xml work?
[20:21] <james_w> it's a hugely stripped down version of the LP wadl
[20:23] <mtaylor> james_w: trying
[20:24] <mtaylor> james_w: service-root-get shows up!
[20:25] <james_w> mtaylor: ok, let me test my hypothesis by changing one thing
[20:26] <mtaylor> aweomse
[20:26] <mtaylor> james_w: thanks for helping, btw
[20:27] <james_w> mtaylor: ok, try again
[20:28] <mtaylor> james_w: ok. that method went away
[20:28] <james_w> right
[20:30] <james_w> so netbeans doesn't support resource_type declarations, which to my reading are part of the spec and have been since at least 2006
[20:42] <mtaylor> james_w: awesome
[20:47] <mtaylor> james_w: let's see if eclipse does better...
[20:50] <edakiri> james_w: and both netbeans and eclipse do not support the console object.
[20:52] <mtaylor> edakiri: what's the console object?
[21:00] <edakiri> It's an alternative API to System.out & friends.  I remember 1 special feature it has is masking passwords. I never used it except as a test of course because it is so unsupported.
[21:01] <edakiri> It apperade to me to be intended to be 'the future' way.
[21:02] <mtaylor> AAAAAGGGGGGGGGGGGHHHHHHHHHHHHHHHHHHHHH
[21:02]  * mtaylor quits attempting to use Java for the day
[21:03] <mtaylor> james_w: thanks for all the help - I will come back to the task when I'm less annoyed by the world
[21:06] <james_w> mtaylor: good call
[21:40] <bjsnider> i just sent a package into the ppa build system and it said it was queued until schwarzenegger becomes president
[21:41] <bigjools> that's the best complaint I've seen all day
[21:42] <bigjools> Some of the build slaves are busy testing lucid, when they come back the queue will process more quickly
[21:55] <KdaG> bigjools: perhaps thats why i cant sign the code of conduct?
[21:55] <KdaG> https://edge.launchpad.net/codeofconduct
[21:55] <KdaG> is giving errors
[21:55] <wgrant> KdaG: What sort of errors?
[21:55] <KdaG> (Error ID: OOPS-1545ED1138)
[21:56] <KdaG> is there another way for me to sign it?
[21:57] <bigjools> that's an odd one
[21:57] <wgrant> What is it?
[21:57] <bigjools> sinzui: you'd better take a look at that ^^
[21:57] <bigjools> KdaG: can you try disabling edge redirect and do it again
[21:58] <mwhudson> is that tal swallowing an attribute error in a deeply unhelpful way?
[21:58] <KdaG> (Error ID: OOPS-1545EC1215)
[21:58] <bigjools> looks like a traversal error in the template
[21:59] <KdaG> any other method to sign the code of conduct or only that one?
[21:59] <mwhudson> oh yeah
[21:59] <mwhudson> it's gpg_keys
[21:59] <mwhudson> not gpgkyes
[21:59] <bigjools> KdaG: did you try disabling edge redirect as I suggested?
[21:59] <KdaG> bigjools: yes, thats the second error i pasted
[22:00] <KdaG> diff id
[22:00] <sinzui> there are lots of those in the oops. They have been there for many months
[22:00] <bigjools> that is stil ising edge
[22:00] <bigjools> usnig*
[22:00] <bigjools> gar
[22:00] <KdaG> oke, can someone tell me. is there another way to sign the code of conduct?
[22:01]  * bigjools defers to sinzui
[22:01] <mwhudson> er
[22:01] <KdaG> i need to upload a package tonite
[22:02] <sinzui> I do not have much else to say at this point. These error are usually from a new user who's profile is screwed up because part of the account is missing
[22:02] <KdaG> argg
[22:03] <mwhudson> i think it is tal obscuring the real error :/
[22:03] <KdaG> sinzui: anyone who could help me fix my account?
[22:03] <sinzui> KdaG: I'm going to look at your keys over api to see if seomthing interesting happens
[22:03] <KdaG> thanks
[22:03] <sinzui> KdaG: You profile page looks fine. This is the first example of this that I have seen with what looks like a perfect profile
[22:04] <KdaG> uhmm, sounds not to promising
[22:04] <KdaG> i just need to sign the code of conduct
[22:05] <sinzui> I can see your keys over api fine
[22:05]  * sinzui looks at CoC form
[22:08] <KdaG> sinzui: i reopened chrome, now im there
[22:08] <KdaG> thanks for fixing it!
[22:08] <KdaG> :)
[22:09] <sinzui> KdaG: I have done nothing, and the error I see looks like Launchpad, not your browser
[22:09] <KdaG> ez, i was making a little joke
[22:11] <sinzui> KdaG: this may be a memcache issue. I see you just created a key
[22:12] <sinzui> I think api is bypassing the cache. What may have happened is that there was a reference to the new key that was not in the cache
[22:12] <wgrant> s/memcache/DB replication/?
[22:15] <sinzui> This code is rubbish. The keys we iterate over are a re-retrieved set of the ones we just checked to decide to show them. They should be the same, but it possible they could change.
[22:17] <sinzui> wgrant: The latter is what I have suspected for some weeks, but this profile is many weeks old. only the key is new, and I see the new memcache tales is implicitly used when we iterate
[22:17] <sinzui> KdaG: how many hours/minutes ago did you register the new gpgkey?
[22:17] <wgrant> sinzui: Er, memcached shouldn't be used unless the element or a parent explicitly requests it, should it?
[22:18] <wgrant> s/parent/ancestor/
[22:18] <sinzui> I think repeat was altered to use memcache
[22:18] <wgrant> That seems very unlikely and would be very wrong.
[22:20] <sinzui> The mixing of python and path expressions in this template is nasty. I think we are effectively working with two different groups of objects
[22:20] <mwhudson> sinzui: i don't think repeat uses memcache implicitly
[22:21] <mwhudson> sinzui: repeat was hacked a bit so that if there's a cache: inside the loop, where we are in the loop forms part of the key used with memcache
[22:21] <sinzui> sweat we access the count of the keys in two ways, the first one in python worked, and the path expression failed. \o/ for mixing code styles.
[22:22] <mwhudson> \o/
[22:23] <sinzui> mwhudson: we can disregard my early memcache+repeat guessing. we dies in the inline path expression that guard the repeat.
[22:44] <KdaG> sinzui: it was perhaps 2 hours old
[23:20] <cody-somerville> Do replies to merge proposal comments from gmail look half decent on launchpad? (Thinking of how gmail does quoting).