[07:09] good morning [07:16] good morning [07:34] dholbach: good morning [07:35] hi ronin___ [07:46] * rextsai need help to review the patch for sru - https://launchpad.net/bugs/842115 [07:47] Launchpad bug 842115 in libchewing (Ubuntu) "ibus-engine-chewing crashed with SIGSEGV" [Medium,Confirmed] === almaisan-away is now known as al-maisan === al-maisan is now known as almaisan-away [11:18] how does security support for universe work? [11:21] e.g. the bcfg2 security vurnability fixed in debian, there is no bug in ubuntu, will that be handled by some team? [11:25] not really === almaisan-away is now known as al-maisan [12:09] so how does one proceed in fixing this? [12:09] I think there's a ubuntu-security-sponsors team [12:10] but ask in #ubuntu-hardened how it works [12:13] jtaylor: security raised that with me yesterday, there isn't currently a Ubuntu bug opened (last i checkd) [12:14] jtaylor: so, if you want to raise a ubuntu bug, propose a fix via debdiff or bzr (set the pocket to $release-security).. i imagine it'll get uploaded today [12:14] (sponsored by the security team as Laney said.) [12:17] jtaylor: If you do that, you'll win the love of all BTW. [12:18] You forgot about the $beer bit. [12:18] I can do that, but what is a pocket? [12:19] jtaylor: in debian/changelog, where you'd normally put lucid etc.. put lucid-security [12:19] top line. [12:20] jtaylor: This could be helpful - https://wiki.ubuntu.com/SecurityTeam/UpdateProcedures [12:21] the package has a version in -updates in natty, should one base the fix on that or in the release version? [12:21] jtaylor: BTW, Oneiric will also need a fresh merge. [12:21] ah that is in the link, base on release [12:22] probably a bit late for a merge [12:22] the link says -updates [12:22] erm, you probably want to base on -updates... depending on the nature of what is in -updates [12:22] i'd be pretty suprised if you didn't want to base on -updates [12:22] "always base it on the latest approved version of the source package for the release in the archive" [12:23] reading is hard ._. [12:23] heh [12:23] jtaylor: nah, Oneiric can be merged. [12:23] nigelb: !!! [12:24] nigelb: I need you! And here you are! [12:24] Laney: what did I do? [12:24] bah, sorry, it is a new upstream versin [12:24] you know cleansweep? [12:24] yes [12:24] do you run scripts for that on an ongoing basis? [12:24] I started it, but it fell off my list due to lack of time. [12:24] oh ok [12:25] I wish there were more hours in a day. [12:25] I started focusing on writing more code, mostly web related, so I had I had to refocus my priorities :( [12:25] However, how can I help? [12:25] (that is the precise page to use) [12:26] I was going to ask you to extend the script to notice patches which look like debdiffs and to automatically subscribe the sponsors [12:26] (https://wiki.ubuntu.com/SecurityTeam/UpdateProcedures#Preparing_an_update that is) [12:26] Laney: AHHHH. The patch tagging scripts? [12:26] i don't know :'( [12:26] bdmurray runs scripts for those. [12:26] Ah, yes. I saw the discussion earlier about debdiffs and Launchpad [12:27] anyway I got a list of all of the old stuff that we'll do something with [12:27] for new stuff we should just put it on the list automatically probably [12:27] seems cleansweepish [12:27] I can talk to brian and get you a script :) [12:27] you don't need to get me anything, just get someone to run it :P [12:28] haha [12:28] if patch_looks_like_a_debdiff { add_message_about_automatically_subscribing_sponsors(); subscribe_sponsors(); } [12:28] Laney: Again, bdmurray is a neat target for that ;) [12:28] * Laney assumes highlights have been appropriately issued [12:29] Me too. Or else I'll grab him later when he gets online. [12:30] Laney: will you be at UDS? [12:30] most likely [12:31] Could you bring up the challenges stuff that we failed to plan appropriately this time? [12:31] (I won't be there. In person at least) [12:31] i'll see what i can do [12:31] dholbach is better at Making Stuff Happen than me though [12:34] We can all always assign the action items to him :P [12:36] there is no oneiric-security or? [12:37] for that just oneiric as pocket? [12:37] jtaylor: just oneiric [12:49] hm apparently someone is already working on it lp:~gandelman-a/ubuntu/oneiric/bcfg2/deb640028 [12:50] but via merging => 3720 lines (+592/-2370) 52 files modified [13:04] Laney, hm? [13:04] dholbach: Re: Challenges stuff. [13:35] so branches made for all supported versions, that software sure is awful for that it is intended to run as root ... === Guest34932 is now known as Zic [14:28] Laney: hey there what do you have for me? [14:29] jtaylor: Would you be able to have a look at Bug 818867? [14:29] Launchpad bug 818867 in python-numpy (Ubuntu) "numpy.distutils provides inaccurate system information for ubuntu-11.10" [Undecided,Confirmed] https://launchpad.net/bugs/818867 [14:29] bdmurray: Just a proposal that requires a little bit of adjustment to your patch scanning script [14:29] bdmurray: if you detect the patch is a debdiff and the sponsors aren't subscribed (after some delay?), do it. [14:29] Laney: okay, sounds good [14:30] One issue is that you can't tell if the sponsors are /intentionally/ not subscribed [14:30] you could see if they were unsubscribed though using the activity log [14:31] I mean in an "oops, this isn't ready yet" way [14:31] I assumed you'd use created_since or whatever to avoid looking at the same bug multiple times, but activity log works too [14:32] ScottK: I'll have a look [14:32] Laney: The pings worked :D [14:32] yes, I use created_since [14:32] jtaylor: Thanks. [14:33] that's ok then [14:33] I guess we'll see if it's a big problem in practice [14:36] Laney: so you have some debdiff detection code then? [14:36] bdmurray: not really, I couldn't think of much better than looking for changes to debian/changelog in the attached patch [14:37] Laney: I had an idea for a QA script that we could probably do through LP now ... [14:37] Laney: okay that seems reasonable [14:37] seemed OK in my scanning of old bugs though [14:37] i.e. in the sample I looked at there weren't any false positives [14:38] ScottK: yeah? [14:38] During the lucid cycle, cjwatson went through and found old merges (that, IIRC, had been pending review for a full cycle) and then we just sync'ed them on the theory that keeping up with Debian was probably better than leaving stuff unreviewed. [14:38] It ought to be possible to detect such packages now and make a list for review/sync. [14:39] "pending review" as in? [14:39] I don't think we synced them all [14:39] Debian > Ubuntu and Ubuntu changes? [14:39] There was a merge on MoM that no one had touched [14:39] there were definitely some in main that were just too scary to merege [14:39] *merge [14:39] cjwatson: True. [14:39] you could do that with UDD or Launchpad [14:39] MoM exposes JSON output [14:40] Since you and tumbleweed seem to be on a role for this kind of stuff, it seemed like something that it might be worth setting up as a regular QA check. [14:41] In general I like the idea of lists-of-things-to-do, indeed [14:41] but we could make MoM order by date? [14:42] I don't know what MoM exposes in it's JSON. [14:42] I was thinking of just fixing it to display this notion of priority itself [14:43] care less about pinging the last uploader for merges not touched for a cycle or something [14:44] > 2 cycles, consider dropping the changes if they aren't serious [14:44] * Laney shrugs [14:45] Sounds about right. [14:47] woah, how did that email get through to TB. === al-maisan is now known as almaisan-away [14:51] nigelb: Which one? [14:51] nigelb: Oh. [14:51] nigelb: That one. [14:52] and it's certainly worth posting the list of merges which haven't happed in a cycle (but that probably should bave been done after DIF / right after FF) [14:52] soren: heh,yeah. That one :) [14:52] nigelb: I approved it because it was the easiest way to reply to it [14:52] AHH. [14:52] That makes sense :) [14:52] You need to get it hit your inbox before you can reply. === almaisan-away is now known as al-maisan === lan3y is now known as Laney === Guest98499 is now known as Zic === lynxman- is now known as lynxman === dpm is now known as dpm_ === hannesw_ is now known as hannesw === kklimonda is now known as Guest27664 === al-maisan is now known as almaisan-away === bdmurray_ is now known as bdmurray === shadeslayer_ is now known as shadeslayer === Guest27664 is now known as kklimonda === apachelogger_ is now known as apachelogger [16:53] ScottK: forwarded a patch for the numpy issue, but its every ugly, don't know if there is a better way to do it: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=640940 [16:53] Debian bug 640940 in python-numpy "python-numpy: numpy.distutils not multiarch aware" [Normal,Open] [16:53] What did morph have to say about it after he noticed multi-arch was in Debian too? [16:53] barry: You might want to look into ^^^. [16:54] didn't anwser anymore [16:54] btw enable worked around this issue in -2 [16:54] OK. About par for the course. [16:54] sync requested, but for normal use cases its harmless due to indirect links [16:54] We should fix it in the right place. [16:57] if morph doesn't react apply that ugly patch to ubuntu? [16:59] I'd like barry's opinion. [16:59] barry mentioned some python bugs for this issue, but numpy has its own distutils [17:00] http://bugs.python.org/issue12418 [17:00] so it needs fixing there, and that requires a sane way to get the triplet (maybe provided by python itself) === erhesrhsrtb54vyh is now known as Elbrus [20:54] Hello Guys, [20:54] I'm Fixing this bug and it's my first one: https://bugs.launchpad.net/ubuntu/+source/gnomebaker/+bug/818364 [20:54] Ubuntu bug 818364 in gnomebaker (Ubuntu) "typo in description" [Wishlist,In progress] [20:54] Should I fix for Natty or Oneiric? [20:54] first oneiric, then older releases [20:55] jtaylor, Hi, thanks for answer [20:55] but there's no pkg for Oneiric [20:55] this is to avoid forgetting to solve it in the development release and the introducing a regression [20:55] hm then I guess fixing natty is fine [20:56] but then make sure you forward the fix upstream (should that still exist) [20:57] jtaylor, Would you check after me, if there's a pkg for oneiric, sorry I'm brand new: https://launchpad.net/ubuntu/+source/gnomebaker [21:01] ashams: it was removed a long time ago in debian, and also in ubuntu as far as I can tell [21:02] jtaylor, so no need to fix? [21:02] not really [21:02] especially a typo is not worth the effort [21:02] also it would have to be a stable release update which are usually not done for typos [21:03] see https://wiki.ubuntu.com/StableReleaseUpdates [21:04] ashams: see http://harvest.ubuntu.com/ for some other simple to fix bugs [21:05] jtaylor, Yeah, that's why I was asking, it's not worthy an SRU [21:05] but can't I upload it as a Oneric release [21:06] no the package was removed for a reason: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=590890 [21:06] Debian bug 590890 in ftp.debian.org "RM: gnomebaker -- RoQA; obsolete, dead upstream, unmaintained, doesn't work with current kernels" [Normal,Open] [21:06] if you want to keep it you would have to take over the maintenance in debian + fix the bugs it was removed for [21:08] jtaylor, but it was working fine with Ubuntu till 2011-07-30 atleast, when the user reported the bug? [21:10] apparently it did not work in debian, and had no active maintainer [21:10] you can maintain it in ubuntu alone but apparently nobody wanted to do that either [21:11] removal of a package where there are better alternatives is preferable to a package rotting in the repository with no care [21:11] even if it does work for some [21:12] jtaylor, yeah, seems to [21:12] jtaylor, Thank you very much [21:12] :D [21:12] np