[01:21] <psusi> can you connect a glib signal directly to a dbus signal, or do you have to set up a proxy object and a callback function to raise the signal in the gobject when the dbus object signals?
[03:58] <c2tarun> bug 216301 shows that fix is released in debian, but rmadison is not detecting elog into debian.
[03:58] <ubottu> Launchpad bug 216301 in elog (Ubuntu Hardy) "[CVE-2008-0444, CVE-2008-0445] XSS and DoS" [High,Confirmed] https://launchpad.net/bugs/216301
[03:58] <c2tarun> why so?
=== Amaranth_ is now known as Amaranth
[04:19] <micahg> c2tarun: it was removed from debian almost 3 years ago
[04:19] <Mase_wk> heh
[04:20] <c2tarun> micahg: can you tell me some security bugs on which I can work on?
[04:21] <micahg> c2tarun: anything here: http://people.canonical.com/~ubuntu-security/cve/universe
[04:42] <c2tarun> micahg: I need a bit help on this, are you free for a moment?
[04:42] <micahg> c2tarun: in a bit, working on something ATM
[04:43] <c2tarun> micahg: sure :) can you please ping me when you are free I am waiting
[05:05] <micahg> c2tarun: go ahead
[05:06] <c2tarun> micahg: I want to work on some security bugs, but dont know how to start, I read the manual pages and found that there are some CVE issues which raise the security threat in bugs, My question is how can I start working on a security bug?
[05:07] <micahg> c2tarun: pick a package, pick a release, try to find the patches for the CVEs and create a debdiff
[05:08] <c2tarun> micahg: suppose I pick a this package http://people.canonical.com/~ubuntu-security/cve/pkg/sql-ledger.html , how can i look for the patch?
[05:10] <micahg> c2tarun: each CVE should list an upstream bug and/or an upstream commit, find the upstream commit and/or a patch with the fix in Debian and prepare a debdiff with the fixes for Ubuntu with a changelog like here: https://wiki.ubuntu.com/SecurityTeam/UpdatePreparation
[05:11] <micahg> c2tarun: I can't walk through a lot of stuff tonight, maybe another night, you can also ask in #ubuntu-hardened for security stuff
[05:12] <c2tarun> micahg: thanks :)
[05:42] <c2tarun> micahg: I failed to find any patch or upstream commit for the package I selected, may b I dont know where to, can you please help.
[05:43] <micahg> c2tarun: try another package would be my suggestion ATM
[05:45] <c2tarun> micahg: I tried this one also http://people.canonical.com/~ubuntu-security/cve/pkg/flatnuke.html but failed to find
[05:45]  * micahg never heard of these packages
[05:46] <micahg> c2tarun: you want to try phpmyadmin lucid?
[05:47] <micahg> it's kinda crazy for a first time though
[05:47] <c2tarun> micahg: oh... there is a patch :)
[05:47] <micahg> c2tarun: there are lots of patches :)
[05:48]  * micahg has about 20 sitting on his machine waiting to make a debdiff...
[05:48] <c2tarun> micahg: all 20 are from that same canonica CVE bug tracker?
[05:49] <micahg> c2tarun: no, those 20 are from 1 upstream advisory
[05:49] <micahg> c2tarun: yes, they're all listed on teh CVE tracker
[05:49] <micahg> there are about 8 advisories w/patches, some of the patches are in the maverick package
[05:50] <c2tarun> micahg: in that phpmyadmin whenever I am opening any patch I am getting XML parsing error
[05:50] <micahg> c2tarun: someone else will have to help here, I can't do this tonight
[05:51] <c2tarun> ok, so should I ask in ubuntu-hardened?
[05:52] <micahg> c2tarun: sure
[05:52] <c2tarun> micahg: thanks for help :)
[08:17] <geser> c2tarun: you pinged me yesterday, is the question resolved?
[08:22] <c2tarun> geser: yup :) thanks for replying
[08:33] <dholbach> good morning
[08:49] <geser> good morning dholbach
[08:50] <dholbach> hi geser
[09:31] <iulian> Morning dholbach, geser.
[09:32] <dholbach> hey iulian
[09:33] <iulian> How's it going?
=== Guest79780 is now known as Kmos
[09:54] <dholbach> iulian, good good - how are you?
[09:59] <iulian> dholbach: Not bad, I'm trying to wake myself up.  I've just had a couple of hours of sleep last night.
[09:59] <dholbach> good luck with that :)
[09:59] <iulian> Heh. :)
[10:05] <jfi> Hello, if someone at the time to sponsor it, bug 731832 is trivial and I have attached a debdiff for the fix. Anyway, that's a low importance one.
[10:05] <ubottu> Launchpad bug 731832 in dee (Ubuntu) "Comma at end of enumerator list" [Low,New] https://launchpad.net/bugs/731832
[10:56] <geser> jfi: I see that the Ubuntu task is "Fix committed". Where was it committed?
[10:58] <jfi> geser, yes, it appears that somebody has commited a fix, but I don't have enough knowledge of launchpad to know where exactly it has been comited. Anyway it seems that the project is using bzr for the code.
[10:59] <geser> jfi: please also add "(LP: #731832)" to your debian/changelog entry to auto-close the bug upon upload (the brackets are optional)
[11:00] <jfi> geser: you mean for the debdiff that I have attached to the bug report?
[11:01] <geser> jfi: yes (generally speaking)
[11:02] <jfi> geser: ok, I am going to upload a new debdiff, thanks for the information.
[11:02] <geser> I'll ask seb128 (who set the bug to Fix Committed) about the current status
[11:06] <geser> jfi: your patch will get uploaded as part of the weekly dx updates tomorrow, so nothing has to be done on your part anymore (just wait :) )
[11:07] <jfi> geser, nice! thanks!
[11:10] <geser> jfi: for your next fix: if you want attention from sponsors subscribe "ubuntu-sponsors" to the bug you want sponsored (see https://wiki.ubuntu.com/SponsorshipProcess)
[11:13] <jfi> geser, ok
=== ogra is now known as Guest90542
=== Guest90542 is now known as ogra_
=== ogra_ is now known as ogra
=== andreas__ is now known as ahasenack
[16:07] <micahg> \sh: did you see the security advisory for zf
[16:24] <c2tarun> I am trying to link bug 732064 with debian bug 617529 but getting error. Can anyone please help?
[16:24] <ubottu> Launchpad bug 732064 in ckermit (Ubuntu) "Package ckermit_211-15 failed to build from source with "ld --as-needed" option" [Undecided,Confirmed] https://launchpad.net/bugs/732064
[16:24] <ubottu> Debian bug 617529 in ckermit "Package ckermit_211-15 failed to build from source with "ld --as-needed" option" [Normal,Open] http://bugs.debian.org/617529
[16:27] <Ampelbein> c2tarun: what error do you get?
[16:27] <c2tarun> Ampelbein: There is no project in Launchpad named "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=617529". Please search for it as it may be registered with a different name.
[16:28] <Ampelbein> c2tarun: you have to click on 'Also affects Distribution' then select debian from the drop-down list.
[16:31] <\sh> micahg: yes
[16:31] <micahg> \sh: are you preparing updates?
[16:33] <\sh> micahg: you mean security updates? when I find the time, sure, but regarding my actual work I think I have to find someone who is doing the security updates
[16:34] <micahg> \sh: I was referring to debdiffs for any previous releases that might need them :)
[16:39] <\sh> micahg: yeah, that means security updates :) I don't know when I have the time for it to extract the patch and provide debdiffs (via security pocket)
[16:40] <micahg> \sh: ok, idk when I'll have time either
[17:48] <kklimonda> debfx: is the current Gtk+ view in Qt the best we can get?
[17:49] <geser> does somebody know if a sync request with a binary package rename needs a FFe?
[17:49] <kklimonda> debfx: "current Gtk+ look & feel" event
[17:49] <kklimonda> even*
[18:03] <bdrung> tumbleweed: do you got the debian-devel mail about "new scripts and patches for devscripts". would you volunteer to maintain the python scripts if they moved from u-d-t to devscripts?
[18:04] <c2tarun> can anyone help me with this error http://paste.kde.org/6936/ I was trying to pull a source code.
[18:05] <geser> c2tarun: can you please paste the ownership and permissions of /home/tarun/.launchpadlib?
[18:06] <c2tarun> geser: there is no such file
[18:07] <tumbleweed> bdrung: just read it
[18:09] <tumbleweed> bdrung: yeah I'd help maintain them
[18:09] <c2tarun> geser: very sorry I thought it was a file and not a folder, drwx------  3 root  root   4096 Mar  9 09:10 .launchpadlib here is the permissions
[18:10] <bdrung> tumbleweed: thx, i'll respond to the mailing list later today offering us two to maintain the python scripts
[18:11] <geser> c2tarun: looks like you a script created it which got run as root, chown the directory to your user to fix it (sudo chown tarun:tarun ~/.launchpadlib)
[18:11] <tumbleweed> bdrung: cool
[18:12] <c2tarun> geser: fixed :) thanks
=== vish is now known as evilvish
[18:40] <debfx> kklimonda: yes, assuming it correctly uses qgtkstyle
[18:53] <kklimonda> debfx: hmm.. even the simplest button looks different. I was under the impression that Qt uses Gtk+ widgets completely (i.e. for the button it displays GtkButton with the set text, and mnemonics) and it doesn't seem to be the case.
[18:53] <directhex> toolkits pretending to be other toolkits always feel alien
[18:53] <directhex> hell, firefox and openoffice on ubuntu feel alien
[18:55] <kklimonda> directhex: sure, but I've hoped that the difference comes mostly from the fact that you create one gui for three platforms, and that if you work with Linux in mind you could create something closely following the look and feel of Gtk+.
[18:56] <kklimonda> and it's close.. just not close enough - it leaves this nagging feeling in the back of my head, that something isn't completely right.
[18:56] <directhex> kklimonda, even if you emulate gtk's widgets 100%, the HIG for apps differs
[18:56] <kklimonda> directhex: yes, but I've hard idea to follow GNOME HIG in Qt
[18:57] <debfx> afaik qgtkstyle uses native gtk widgets
[18:58] <kklimonda> debfx: it seems to be using gtk widgets' style
[18:59] <kklimonda> they do link with gtk+ and create gtk widgets - but they don't look and feel like gtk widgets. So I assume that they just take style from buttons and still paint their own widgets using this style.
=== sebner_ is now known as sebner
[20:32] <ari-tczew> Daviey: please don't write about updated maintainer field in d/changelog.
[20:33] <soren> It really doesn't matter.
[20:33] <Daviey> ari-tczew, uh?
[20:34] <ari-tczew> Daviey: https://launchpad.net/ubuntu/+source/tomcat6/6.0.28-10ubuntu1
[20:34] <ari-tczew> soren: it's wrong with policy.
[20:34] <soren> Which policy forbids it?
[20:35] <Daviey> ari-tczew, url please
[20:42] <ari-tczew> Daviey: I don't have anything which could tell it 100%, http://people.canonical.com/~cjwatson/ubuntu-policy/policy.html/ch-source.html#s-dpkgchangelog
[20:43] <Daviey> ari-tczew, that seems to make no reference to it :/
[20:43] <ari-tczew> Daviey: In general, we keep the information in d/changelog only which mean remaining changes which are blocking sync.
[20:43] <Daviey> ari-tczew, Where did you hear/read it was against policy, because that is /totally/ new to me
[20:43] <ari-tczew> Daviey: a lot of times
[20:44] <ari-tczew> herer
[20:44] <ari-tczew> here *
[20:44] <Daviey> ari-tczew, Well i can see your point, but i disagree..
[20:44] <ari-tczew> Daviey: why?
[20:44] <ari-tczew> is it really urgent information to keep in d/changelog?
[20:44] <Daviey> ari-tczew, it's something which has changed....
[20:44] <soren> Is it really so bad to put it there that you think it's necessary to complain when people do?
[20:44] <ari-tczew> Daviey: but it doesn't block sync
[20:45] <Daviey> ari-tczew, In a package lifecycle from diverging from Debian it should only be there ONCE... it's not like it's excess noise.
[20:45] <ari-tczew> soren: I don't say it's bad. Just telling it's not necessary and I discourage to using it next time.
[20:45] <Daviey> ari-tczew, Please find something documented.
[20:45] <ari-tczew> Daviey: I have to ask cjwatson, he has got policy.
[20:46] <soren> I agree it's rather useless information. Making that change is required by policy, but if people want to write in in the changelog, I don't care.
[20:47] <soren> Certainly not enough to be confrontational about it.
[20:47] <Daviey> ari-tczew, so if it's things purely blocking sync, if i cherry pick a patch from a debian package... but don't want the whole thing (think post feature freeze), what do you sugest the changelog entry is?
[20:47] <ari-tczew> soren: I like when everything is done perfect. <3
[20:47] <Daviey> because that situation does not block a sync.
[20:48] <ari-tczew> Daviey: I don't understand your question. don't you know how describe it in d/changelog?
[20:48] <Daviey> ari-tczew, Let me try again...
[20:49] <Daviey> Debian unstable has a new upload, fixing super-awesome-thing.patch....
[20:49] <ari-tczew> * debian/patches/XXXX.patch: fix blah blah blah (LP: #xxxx, Closes: #XXX)
[20:49] <Daviey> But also lots of new features
[20:49] <Daviey> Now, this patch is cherry picked, unedited from debian.
[20:49] <Daviey> I ONLY want that one patch, not the rest of the changes.
[20:49] <ari-tczew> yes
[20:49] <ari-tczew> so do it
[20:49] <Daviey> Threfore, it's not a sync blocker next cycle
[20:50] <ari-tczew> with *ubuntu1 upload
[20:50] <Daviey> Therefore, by your defintion - it doesn't need a changelog entry.
[20:50] <ari-tczew> Daviey: you don't understand me
[20:50] <ari-tczew> it blocks sync
[20:50] <Daviey> ari-tczew, no - i think you missunderstand me.
[20:50] <soren> It doesn't block sync. The change he made is in the Debian version, so a sync would include it.
[20:50] <Daviey> d/changelog is /purely/ sync blockers, when people are decided in the next cycle to sync or merge, right?
[20:51] <Daviey> ^^ That is how i understood your defintion.
[20:51] <ari-tczew> Daviey: look, QA changes like update maintainer or Vcs fields can be dropped for sync.
[20:51] <Daviey> agreed.
[20:51] <ari-tczew> patch of course, but it needs to be described
[20:51] <ari-tczew> in d/changelog
[20:51] <Daviey> So can my cherry picked patch, super-awesome.patch
[20:51] <ari-tczew> update-maintainer doesn't
[20:53] <Daviey> ari-tczew, as i said, this issue is pretty much resolved if you can find /any/ documentation that states we have policy describing this.
[20:54] <geser> Daviey: see the last sentence of http://people.canonical.com/~cjwatson/ubuntu-policy/policy.html/ch-binary.html#s3.3
[20:55] <geser> about the documentation of Maintainer changes
[20:55] <ari-tczew> thanks geser
[20:57] <Daviey> geser, Okay, that does confirm it.  I don't agree with it, considering it should only happen once in a lifecycle - but if that is what is stated, ok.
[20:57] <Daviey> I'd like to know when that was approved, as it's *very* common for people to note that change.
[20:58] <ari-tczew> Daviey: I think a lot of developers know this one, looking on their uploads. ;-)
[20:58] <ScottK> Daviey: It's been a couple of years.
[20:58] <geser> Daviey: it was mentioned on the ubuntu-devel mailing list or even ubuntu-devel-announce, let me try to find it
[20:58] <soren> update-maintainer was updated to stop mentioning it in 2008.
[20:58] <Daviey> That is interesting... /me is tempted to do some grep to look at stats.
[20:59] <ari-tczew> This is an example when I'm afraid of giving core-dev for non expierenced Canonical staff.
[20:59] <Daviey> ari-tczew, dude... back off.
[20:59] <soren> *sigh*
[21:01] <ScottK> ari-tczew: That's really out of line.  An extra changelog entry is not ideal, but it has exactly zero affect on anything the user sees or does.
[21:01] <ari-tczew> ScottK: I wrote example.
[21:02] <ari-tczew> small example, right
[21:02] <ari-tczew> and nothing terrible
[21:02] <ScottK> ari-tczew: It's not an example of the kind at all.
[21:02] <soren> I've been core-dev for years and was MOTU for years before that and was developing on Ubuntu for years before that. I still make mistakes.
[21:02] <soren> We're not robots.
[21:02] <soren> Doesn't many any of us is any less suited to be core-dev.
[21:02] <geser> Daviey: a reference to the change I could find is https://lists.ubuntu.com/archives/ubuntu-devel/2008-October/026623.html
[21:03]  * ari-tczew no? looking sometimes on people character here, I think so
[21:03] <highvoltage> soren++ (any human will make mistakes)
[21:03] <soren> If being core-dev meant you had to be infallible, there'd be exactly 0 core-devs and we'd get nothing at all done.
[21:04] <Daviey> geser, "There is no need" is not exactly the same as TB resolution on policy change.
[21:05] <ari-tczew> ScottK: I mean cases when people not very familiar with policies gain full upload access.
[21:05] <geser> Daviey: if you follow this thread to the third message, you will see the proposal for the change to the ubuntu-policy document
[21:06] <ScottK> ari-tczew: I don't think that's a conclusion you can reasonably draw from this incident.
[21:06] <Daviey> geser, ack
[21:06] <highvoltage> ari-tczew: I think the DMB would be quite offended at that statement, they take giving upload rights very seriously, and don't just hand out upload rights to Canonical staff if they didn'r already deserve it
[21:07] <geser> Daviey: I only want to point out, that this "no need to document it" is nothing new (didn't remember myself that it was that old already (Oct 2008))
[21:07] <Daviey> At *no* point has my employer been part of my application.  I'm not entirely happy about it being mentioned like this.
[21:07] <Daviey> I am a Ubuntu Developer, Not a Canonical Developer.
[21:08] <Daviey> geser, Yeah.. I was wrong about that..  Although i do feel a little hard done by here, I am tempted to grep changelogs to show that a significant amount of people do this.
[21:08] <soren> I think we'd be hard pressed to find a developer who remembered every tiny little bit of information in the policy anyway.
[21:08]  * Daviey feels attacked, and that makes him sad.
[21:09] <ScottK> Daviey: It's not worth it.  Spend your time on something productive.
[21:10] <highvoltage> Daviey: you woulndn't even need to, https://launchpad.net/~davewalker/+related-software speaks for itself!
[21:12] <ari-tczew> Daviey: Don't mess your feeling by me. Really.
[21:13] <ari-tczew> Daviey: Sorry for bad feeling. I wanted to make it as usual discussion.
[21:14] <Daviey> ari-tczew, you approached it very badly.
[21:14] <Daviey> Equally, I'm interested if you have been specifically following my work.
[21:14] <Daviey> I am interested why you added a comment, which mirrored exactly what i said on.
[21:14] <Daviey> https://code.launchpad.net/~brian-murray/ubuntu//ubuntu-geoip/fix-719324/+merge/52268
[21:15] <ari-tczew> Daviey: It doesn't exist.
[21:16] <ari-tczew> Daviey: IIRC it was on sponsors overview, so I left a comment. I think it's not prohibited.
[21:16] <Daviey> https://code.launchpad.net/~brian-murray/ubuntu/natty/ubuntu-geoip/fix-719324/+merge/52268
[21:16] <ari-tczew> Daviey: Do you think I'm spying you?
[21:16] <Daviey> ari-tczew, It did make me wonder.
[21:16] <cody-somerville> Lets assume everyone is working in good faith please.
[21:17] <ari-tczew> Daviey: In ubuntu-geoip's case as I wrote, it was on sponsors overview, I left a comment.
[21:18] <ari-tczew> Daviey: About today's case - I check every upload when I look on https://launchpad.net/ubuntu/natty
[21:18] <ari-tczew> every *last* upload
[21:18] <cody-somerville> Daviey, FWIW, I believe ari-tczew when he says that. I've seen him make this comment to numerous individuals.
[21:19] <ari-tczew> cody-somerville: thanks for trust :)
[21:26] <geser> Daviey: that was meant to be "used" against you, just informational (at least from me). I forget some specifics sometimes too and have to ask others.
[21:26] <geser> s/was/wasn't/
[21:27] <geser> my usual mistake: to think the "not" but not type it
[21:28] <cody-somerville> ari-tczew, On the same token, Daviey is core-dev and I trust him to make his changelogs useful. If he wants to include that bit of information, I'm fine with that. You're welcome to point out to people that they don't need to but I don't think it represents a serious lack of skill or experience. Its pedantic of you but thats your choice ;)
[21:30] <ari-tczew> cody-somerville: yea, it's nitpick
[21:33] <cody-somerville> And I don't think 'nitpicks' are worth making the accusation that someone is not fit for core-dev, don't you agree? ;)
[21:37] <ari-tczew> cody-somerville: Agree. I apologized.
[21:38] <cody-somerville> Daviey, Do you accept ari-tczew's apology? :)
[21:39] <Daviey> cody-somerville, Yes.
[21:40]  * Daviey is gonna get away from the computer for a bit.
=== mok0_ is now known as mok0