| dholbach | good morning | 07:09 |
|---|---|---|
| angelabad | good morning | 07:16 |
| ronin___ | dholbach: good morning | 07:34 |
| dholbach | hi ronin___ | 07:35 |
| * rextsai need help to review the patch for sru - https://launchpad.net/bugs/842115 | 07:46 | |
| ubottu | Launchpad bug 842115 in libchewing (Ubuntu) "ibus-engine-chewing crashed with SIGSEGV" [Medium,Confirmed] | 07:47 |
| === almaisan-away is now known as al-maisan | ||
| === al-maisan is now known as almaisan-away | ||
| jtaylor | how does security support for universe work? | 11:18 |
| jtaylor | e.g. the bcfg2 security vurnability fixed in debian, there is no bug in ubuntu, will that be handled by some team? | 11:21 |
| Laney | not really | 11:25 |
| === almaisan-away is now known as al-maisan | ||
| jtaylor | so how does one proceed in fixing this? | 12:09 |
| Laney | I think there's a ubuntu-security-sponsors team | 12:09 |
| Laney | but ask in #ubuntu-hardened how it works | 12:10 |
| Daviey | jtaylor: security raised that with me yesterday, there isn't currently a Ubuntu bug opened (last i checkd) | 12:13 |
| Daviey | jtaylor: so, if you want to raise a ubuntu bug, propose a fix via debdiff or bzr (set the pocket to $release-security).. i imagine it'll get uploaded today | 12:14 |
| Daviey | (sponsored by the security team as Laney said.) | 12:14 |
| Daviey | jtaylor: If you do that, you'll win the love of all BTW. | 12:17 |
| nigelb | You forgot about the $beer bit. | 12:18 |
| jtaylor | I can do that, but what is a pocket? | 12:18 |
| Daviey | jtaylor: in debian/changelog, where you'd normally put lucid etc.. put lucid-security | 12:19 |
| Daviey | top line. | 12:19 |
| nigelb | jtaylor: This could be helpful - https://wiki.ubuntu.com/SecurityTeam/UpdateProcedures | 12:20 |
| jtaylor | the package has a version in -updates in natty, should one base the fix on that or in the release version? | 12:21 |
| Daviey | jtaylor: BTW, Oneiric will also need a fresh merge. | 12:21 |
| jtaylor | ah that is in the link, base on release | 12:21 |
| jtaylor | probably a bit late for a merge | 12:22 |
| Laney | the link says -updates | 12:22 |
| Daviey | erm, you probably want to base on -updates... depending on the nature of what is in -updates | 12:22 |
| Daviey | i'd be pretty suprised if you didn't want to base on -updates | 12:22 |
| Laney | "always base it on the latest approved version of the source package for the release in the archive" | 12:22 |
| jtaylor | reading is hard ._. | 12:23 |
| nigelb | heh | 12:23 |
| Daviey | jtaylor: nah, Oneiric can be merged. | 12:23 |
| Laney | nigelb: !!! | 12:23 |
| Laney | nigelb: I need you! And here you are! | 12:24 |
| nigelb | Laney: what did I do? | 12:24 |
| Daviey | bah, sorry, it is a new upstream versin | 12:24 |
| Laney | you know cleansweep? | 12:24 |
| nigelb | yes | 12:24 |
| Laney | do you run scripts for that on an ongoing basis? | 12:24 |
| nigelb | I started it, but it fell off my list due to lack of time. | 12:24 |
| Laney | oh ok | 12:24 |
| nigelb | I wish there were more hours in a day. | 12:25 |
| nigelb | I started focusing on writing more code, mostly web related, so I had I had to refocus my priorities :( | 12:25 |
| nigelb | However, how can I help? | 12:25 |
| jdstrand | (that is the precise page to use) | 12:25 |
| Laney | I was going to ask you to extend the script to notice patches which look like debdiffs and to automatically subscribe the sponsors | 12:26 |
| jdstrand | (https://wiki.ubuntu.com/SecurityTeam/UpdateProcedures#Preparing_an_update that is) | 12:26 |
| nigelb | Laney: AHHHH. The patch tagging scripts? | 12:26 |
| Laney | i don't know :'( | 12:26 |
| nigelb | bdmurray runs scripts for those. | 12:26 |
| nigelb | Ah, yes. I saw the discussion earlier about debdiffs and Launchpad | 12:26 |
| Laney | anyway I got a list of all of the old stuff that we'll do something with | 12:27 |
| Laney | for new stuff we should just put it on the list automatically probably | 12:27 |
| Laney | seems cleansweepish | 12:27 |
| nigelb | I can talk to brian and get you a script :) | 12:27 |
| Laney | you don't need to get me anything, just get someone to run it :P | 12:27 |
| nigelb | haha | 12:28 |
| Laney | if patch_looks_like_a_debdiff { add_message_about_automatically_subscribing_sponsors(); subscribe_sponsors(); } | 12:28 |
| nigelb | Laney: Again, bdmurray is a neat target for that ;) | 12:28 |
| * Laney assumes highlights have been appropriately issued | 12:28 | |
| nigelb | Me too. Or else I'll grab him later when he gets online. | 12:29 |
| nigelb | Laney: will you be at UDS? | 12:30 |
| Laney | most likely | 12:30 |
| nigelb | Could you bring up the challenges stuff that we failed to plan appropriately this time? | 12:31 |
| nigelb | (I won't be there. In person at least) | 12:31 |
| Laney | i'll see what i can do | 12:31 |
| Laney | dholbach is better at Making Stuff Happen than me though | 12:31 |
| nigelb | We can all always assign the action items to him :P | 12:34 |
| jtaylor | there is no oneiric-security or? | 12:36 |
| jtaylor | for that just oneiric as pocket? | 12:37 |
| jdstrand | jtaylor: just oneiric | 12:37 |
| jtaylor | hm apparently someone is already working on it lp:~gandelman-a/ubuntu/oneiric/bcfg2/deb640028 | 12:49 |
| jtaylor | but via merging => 3720 lines (+592/-2370) 52 files modified | 12:50 |
| dholbach | Laney, hm? | 13:04 |
| nigelb | dholbach: Re: Challenges stuff. | 13:04 |
| jtaylor | so branches made for all supported versions, that software sure is awful for that it is intended to run as root ... | 13:35 |
| === Guest34932 is now known as Zic | ||
| bdmurray | Laney: hey there what do you have for me? | 14:28 |
| ScottK | jtaylor: Would you be able to have a look at Bug 818867? | 14:29 |
| ubottu | Launchpad bug 818867 in python-numpy (Ubuntu) "numpy.distutils provides inaccurate system information for ubuntu-11.10" [Undecided,Confirmed] https://launchpad.net/bugs/818867 | 14:29 |
| Laney | bdmurray: Just a proposal that requires a little bit of adjustment to your patch scanning script | 14:29 |
| Laney | bdmurray: if you detect the patch is a debdiff and the sponsors aren't subscribed (after some delay?), do it. | 14:29 |
| bdmurray | Laney: okay, sounds good | 14:29 |
| Laney | One issue is that you can't tell if the sponsors are /intentionally/ not subscribed | 14:30 |
| bdmurray | you could see if they were unsubscribed though using the activity log | 14:30 |
| Laney | I mean in an "oops, this isn't ready yet" way | 14:31 |
| Laney | I assumed you'd use created_since or whatever to avoid looking at the same bug multiple times, but activity log works too | 14:31 |
| jtaylor | ScottK: I'll have a look | 14:32 |
| nigelb | Laney: The pings worked :D | 14:32 |
| bdmurray | yes, I use created_since | 14:32 |
| ScottK | jtaylor: Thanks. | 14:32 |
| Laney | that's ok then | 14:33 |
| Laney | I guess we'll see if it's a big problem in practice | 14:33 |
| bdmurray | Laney: so you have some debdiff detection code then? | 14:36 |
| Laney | bdmurray: not really, I couldn't think of much better than looking for changes to debian/changelog in the attached patch | 14:36 |
| ScottK | Laney: I had an idea for a QA script that we could probably do through LP now ... | 14:37 |
| bdmurray | Laney: okay that seems reasonable | 14:37 |
| Laney | seemed OK in my scanning of old bugs though | 14:37 |
| Laney | i.e. in the sample I looked at there weren't any false positives | 14:37 |
| Laney | ScottK: yeah? | 14:38 |
| ScottK | During the lucid cycle, cjwatson went through and found old merges (that, IIRC, had been pending review for a full cycle) and then we just sync'ed them on the theory that keeping up with Debian was probably better than leaving stuff unreviewed. | 14:38 |
| ScottK | It ought to be possible to detect such packages now and make a list for review/sync. | 14:38 |
| Laney | "pending review" as in? | 14:39 |
| cjwatson | I don't think we synced them all | 14:39 |
| Laney | Debian > Ubuntu and Ubuntu changes? | 14:39 |
| ScottK | There was a merge on MoM that no one had touched | 14:39 |
| cjwatson | there were definitely some in main that were just too scary to merege | 14:39 |
| cjwatson | *merge | 14:39 |
| ScottK | cjwatson: True. | 14:39 |
| Laney | you could do that with UDD or Launchpad | 14:39 |
| cjwatson | MoM exposes JSON output | 14:39 |
| ScottK | Since you and tumbleweed seem to be on a role for this kind of stuff, it seemed like something that it might be worth setting up as a regular QA check. | 14:40 |
| Laney | In general I like the idea of lists-of-things-to-do, indeed | 14:41 |
| Laney | but we could make MoM order by date? | 14:41 |
| ScottK | I don't know what MoM exposes in it's JSON. | 14:42 |
| Laney | I was thinking of just fixing it to display this notion of priority itself | 14:42 |
| Laney | care less about pinging the last uploader for merges not touched for a cycle or something | 14:43 |
| Laney | > 2 cycles, consider dropping the changes if they aren't serious | 14:44 |
| * Laney shrugs | 14:44 | |
| ScottK | Sounds about right. | 14:45 |
| nigelb | woah, how did that email get through to TB. | 14:47 |
| === al-maisan is now known as almaisan-away | ||
| soren | nigelb: Which one? | 14:51 |
| soren | nigelb: Oh. | 14:51 |
| soren | nigelb: That one. | 14:51 |
| tumbleweed | and it's certainly worth posting the list of merges which haven't happed in a cycle (but that probably should bave been done after DIF / right after FF) | 14:52 |
| nigelb | soren: heh,yeah. That one :) | 14:52 |
| cjwatson | nigelb: I approved it because it was the easiest way to reply to it | 14:52 |
| nigelb | AHH. | 14:52 |
| nigelb | That makes sense :) | 14:52 |
| nigelb | You need to get it hit your inbox before you can reply. | 14:52 |
| === almaisan-away is now known as al-maisan | ||
| === lan3y is now known as Laney | ||
| === Guest98499 is now known as Zic | ||
| === lynxman- is now known as lynxman | ||
| === dpm is now known as dpm_ | ||
| === hannesw_ is now known as hannesw | ||
| === kklimonda is now known as Guest27664 | ||
| === al-maisan is now known as almaisan-away | ||
| === bdmurray_ is now known as bdmurray | ||
| === shadeslayer_ is now known as shadeslayer | ||
| === Guest27664 is now known as kklimonda | ||
| === apachelogger_ is now known as apachelogger | ||
| jtaylor | ScottK: forwarded a patch for the numpy issue, but its every ugly, don't know if there is a better way to do it: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=640940 | 16:53 |
| ubottu | Debian bug 640940 in python-numpy "python-numpy: numpy.distutils not multiarch aware" [Normal,Open] | 16:53 |
| ScottK | What did morph have to say about it after he noticed multi-arch was in Debian too? | 16:53 |
| ScottK | barry: You might want to look into ^^^. | 16:53 |
| jtaylor | didn't anwser anymore | 16:54 |
| jtaylor | btw enable worked around this issue in -2 | 16:54 |
| ScottK | OK. About par for the course. | 16:54 |
| jtaylor | sync requested, but for normal use cases its harmless due to indirect links | 16:54 |
| ScottK | We should fix it in the right place. | 16:54 |
| jtaylor | if morph doesn't react apply that ugly patch to ubuntu? | 16:57 |
| ScottK | I'd like barry's opinion. | 16:59 |
| jtaylor | barry mentioned some python bugs for this issue, but numpy has its own distutils | 16:59 |
| jtaylor | http://bugs.python.org/issue12418 | 17:00 |
| jtaylor | so it needs fixing there, and that requires a sane way to get the triplet (maybe provided by python itself) | 17:00 |
| === erhesrhsrtb54vyh is now known as Elbrus | ||
| ashams | Hello Guys, | 20:54 |
| ashams | I'm Fixing this bug and it's my first one: https://bugs.launchpad.net/ubuntu/+source/gnomebaker/+bug/818364 | 20:54 |
| ubottu | Ubuntu bug 818364 in gnomebaker (Ubuntu) "typo in description" [Wishlist,In progress] | 20:54 |
| ashams | Should I fix for Natty or Oneiric? | 20:54 |
| jtaylor | first oneiric, then older releases | 20:54 |
| ashams | jtaylor, Hi, thanks for answer | 20:55 |
| ashams | but there's no pkg for Oneiric | 20:55 |
| jtaylor | this is to avoid forgetting to solve it in the development release and the introducing a regression | 20:55 |
| jtaylor | hm then I guess fixing natty is fine | 20:55 |
| jtaylor | but then make sure you forward the fix upstream (should that still exist) | 20:56 |
| ashams | jtaylor, Would you check after me, if there's a pkg for oneiric, sorry I'm brand new: https://launchpad.net/ubuntu/+source/gnomebaker | 20:57 |
| jtaylor | ashams: it was removed a long time ago in debian, and also in ubuntu as far as I can tell | 21:01 |
| ashams | jtaylor, so no need to fix? | 21:02 |
| jtaylor | not really | 21:02 |
| jtaylor | especially a typo is not worth the effort | 21:02 |
| jtaylor | also it would have to be a stable release update which are usually not done for typos | 21:02 |
| jtaylor | see https://wiki.ubuntu.com/StableReleaseUpdates | 21:03 |
| jtaylor | ashams: see http://harvest.ubuntu.com/ for some other simple to fix bugs | 21:04 |
| ashams | jtaylor, Yeah, that's why I was asking, it's not worthy an SRU | 21:05 |
| ashams | but can't I upload it as a Oneric release | 21:05 |
| jtaylor | no the package was removed for a reason: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=590890 | 21:06 |
| ubottu | Debian bug 590890 in ftp.debian.org "RM: gnomebaker -- RoQA; obsolete, dead upstream, unmaintained, doesn't work with current kernels" [Normal,Open] | 21:06 |
| jtaylor | if you want to keep it you would have to take over the maintenance in debian + fix the bugs it was removed for | 21:06 |
| ashams | jtaylor, but it was working fine with Ubuntu till 2011-07-30 atleast, when the user reported the bug? | 21:08 |
| jtaylor | apparently it did not work in debian, and had no active maintainer | 21:10 |
| jtaylor | you can maintain it in ubuntu alone but apparently nobody wanted to do that either | 21:10 |
| jtaylor | removal of a package where there are better alternatives is preferable to a package rotting in the repository with no care | 21:11 |
| jtaylor | even if it does work for some | 21:11 |
| ashams | jtaylor, yeah, seems to | 21:12 |
| ashams | jtaylor, Thank you very much | 21:12 |
| ashams | :D | 21:12 |
| jtaylor | np | 21:12 |
Generated by irclog2html.py 2.7 by Marius Gedminas - find it at mg.pov.lt!