[05:01] <zooko> Folks: I'm an upstream maintainer for Tahoe-LAFS -- the secure, distributed storage grid.
[05:02] <zooko> We're working on remediating a security vulnerability.
[05:02] <zooko> It is present in all versions of Tahoe-LAFS that have been shipped with Ubuntu.
[05:02] <zooko> http://packages.ubuntu.com/search?keywords=tahoe-lafs&searchon=names&suite=all&section=all
[05:03] <zooko> The question is: should we bother backporting the patch to older releases of Tahoe-LAFS and announcing new versions of those older releases?
[05:03] <zooko> As far as I know, all users of Tahoe-LAFS upstream releases have upgraded to the latest stable release series (v1.8).
[05:04] <zooko> Only if someone were using the version packaged with their Ubuntu distribution, and if it were Lucid or Maverick, would they still be using an older release series.
[05:04] <micahg> zooko: we just need a patch (preferably debdiff)  to update previous versions
[05:04] <zooko> So we've already confirmed that the patches apply cleanly and run unit tests.
[05:04] <zooko> Will Ubuntu apply the patch to older versions?
[05:04] <zooko> What version number will the resulting thing have?
[05:05] <zooko> We've confirmed that they apply cleanly to 1.7.1 and 1.6.1, that is.
[05:05] <zooko> In addition to 1.8.2 which is where we developed the patches.
[05:06] <micahg> zooko: https://wiki.ubuntu.com/SecurityTeam/UpdatePreparation, here's the guide for security updates, you'd just add a .1 to the current ubuntu version (i.e. 1.6.1-0ubuntu2.1 for lucid)
[05:06] <zooko> Thanks.
[05:08] <micahg> zooko: you should keep the bug in Ubuntu private until upstream makes theirs public
[05:08] <zooko> Yeah, I'm trying to figure out how to coordinate such stuff.
[05:08] <zooko> Seems like it is easy for Ubuntu -- just tick the "this is a security issue" box when opening a ticket in launchpad.
[05:08] <zooko> Do you happen to know how to do the equivalent for Debian?
[05:08] <micahg> zooko: private bug + debdiffs and we can coordinate release on about the same day
[05:09] <zooko> micahg: excellent .Thanks!
[05:09] <micahg> zooko: yeah, that's right
[05:12] <zooko> Thanks for your help.
[05:12] <micahg> zooko: for Debian: http://www.debian.org/security/faq#contact
[05:12] <zooko> Thanks!
[05:12] <micahg> zooko: thank you :), BTW, the Ubuntu security team hides out in #ubuntu-hardened if you need anything else
[07:09] <dholbach> good morning
[07:54] <ScottSanbar> dholbach: good morning
[07:54] <dholbach> hi ScottSanbar
[07:55] <ScottSanbar> Question:  I have just successfully created my first package project.  Would anyone be willing to look at it in Launchpad to give me feedback?  I can post a link, if so
[07:55] <ScottSanbar> warp10: Cap'n, we need more power!
[07:59] <ScottSanbar> dholbach: what are you up to?
[07:59] <dholbach> ScottSanbar, currently going through a number of fixes that might have to go into Oneiric
[08:01] <ScottSanbar> dholbach:  I am very happy.  After 2 days, I have implemented a complete build environment, got on launchpad, done all the Canonical prerequisite reading and signing and preparation, and have pushed my first complete package to launchpad and it built successfully using a recipe!  Hurray!
[08:03] <dholbach> excellent
[08:04] <ScottSanbar> dholbach:  I read that I should be hooked up with a personal mentor - I will go back and find out how.  Would you be willing to look at my package on launchpad if I uploaded the link?
[08:04] <dholbach> where did you read that?
[08:05] <ScottSanbar> dholbach:  in the beginners website documentation on Ubuntu community developers website
[08:05] <dholbach> do you still have the link to the page?
[08:05] <dholbach> the personal mentorship programme unfortunately is currently not up and running
[08:05] <dholbach> huats, ^
[08:06] <ScottSanbar> dholbach:  just a minute, I'll try to find it ...
[08:06] <dholbach> ScottSanbar, so while I guess that's bad news for you now, the good news is that you can ask all the questions you have in here
[08:06] <dholbach> we're a friendly bunch, so in most cases you quickly should have somebody to help you out
[08:07] <ScottSanbar> dholbach:  I have spent about 48 hours in the last 2.5 days on all htis, and was stuck quite a bit, but finally got it all worked out.  It is really cool!  I am incredibly impressed with the Ubuntu community all the way around, including the people on IRC, so far.  I am really excited!
[08:08] <dholbach> sweeeeet :)
[08:08] <ScottSanbar> dholbach:  what is your background and current expertise?
[08:08] <dholbach> welcome to the party :)
[08:09] <dholbach> I just try not to get into people's way too much ;-)
[08:09] <ScottSanbar> that sounds like a good goal for me, also!
[08:10] <ScottSanbar> This package stuff and the autoconf/automake, etc. way of automating the build environment is too cool!
[08:17] <ScottSanbar> dholbach:  I cannot find the page that said I would be paired with a mentor - I am pretty sure I read it, though
[08:17] <dholbach> ok, thanks for the heads-up anyway :)
[08:18] <ScottSanbar> dholbach:  You are welcome.  I am currently on the beginner's development site, and it states that some projects have tutors.  If you want, I can give you that link now.
[08:19] <dholbach> sure
[08:22] <ScottSanbar> https://wiki.ubuntu.com/BeginnersTeam/FocusGroups/Development
[08:23] <dholbach> ah yes
[08:23] <ScottSanbar> do they really have tutors?
[08:24] <dholbach> I'm not enough involved with the Beginners Team
[08:25] <dholbach> I was thinking of https://wiki.ubuntu.com/MOTU/Mentoring which currently is not up and running
[08:27] <ScottSanbar> Thanks for the link.  Maybe it will go active sometime.
[08:27] <huats> ScottSanbar, as many times (and sadly this time) dholbach is right
[08:27] <huats> the mentoring is currently down
[08:28] <huats> so the best think is to ask questions directly here
[08:28] <dholbach> huats, maybe we should make that clearer on the mentoring page?
[08:28] <huats> in the mean time we will try to revive it
[08:28] <huats> dholbach, it might be a good idea indeed
[08:28] <ScottSanbar> huats:  OK, I will ask! :-)
[08:33] <ScottSanbar> Question:  I followed the tutorial fo a Hello app to the letter on the gnu website for automake, and it had a README file and a line in the Makefile.am in the root directory where the configure.ac is for processing the README file, but it made the Makefile fail to run.  I took out that line and everything worked.  I can give details if you guys want to help
[08:35] <ScottSanbar> the tie-in to MOTU is that I was preparing my build environment to make my package for Ubuntu
[08:50] <tumbleweed> bdrung: do you still think that your sponsor_patch changes are small enough to squeeze into oneiric? (it looks like we'll need another upload...)
[09:10] <and`> ScottSanbar: sure!
[09:11] <ScottSanbar> and`: OK, just a minute - thanks :-)
[09:17] <ScottSanbar> and`: here is the link to the example I followed (from the gnu website on automake):  http://sources.redhat.com/automake/automake.html#Examples
[09:18] <and`> ScottSanbar: yup, what do you need exactly?
[09:18] <ScottSanbar> and`:  there is a link to a hello world example there: http://sources.redhat.com/automake/automake.html#Hello-World
[09:19] <ScottSanbar> and`:  you can see where there are two lines in the Makefile.am in the root directory where configure.ac is:  SUBDIRS = src           dist_doc_DATA = README
[09:21] <and`> ScottSanbar: yes, but why are you trying to re-create the source yourself? you can easily grab hello's orig file on http://packages.debian.org/sid/hello, or simply run apt-get source hello to get everything you need :)
[09:21] <and`> ScottSanbar: if you are working on makefiles, well, that's a different matter :)
[09:22] <ScottSanbar> and`:  I already did that, now I am doing it from scratch on my own to learn the guts of what it is all about.
[09:24] <ScottSanbar> and`:  I succeeded, have a working .deb, and have uploaded it via bazaar to LaunchPad and have successfully built it automatically for oneiric and natty with a recipe into my PPA.  but I want to learn how to include the README, TODO, and all that as well.  I like to learn from the ground up so I can understand everything I can possibly understand, that way I do better in the long run.
[09:24] <Daviey> Hmm, sponsor-patch replaces ack-sync... but it's not clear how.. any pointers?
[09:27] <and`> ScottSanbar: nice way of learning :) anyway those files (README / TODO) are most of the times manually written since they specify a few details about the software you are going to build.
[09:28] <and`> while the TODO file will include developer's next features or things to add to that software. But again, write them by hand if you are going to work on your own software.
[09:28] <and`> or just C&P them if you are learning the right way of setting up makefiles.
[09:29] <ScottSanbar> and`:  the problem is with dist_doc_DATA = README - when that is in, I get the following failure when I autoconf, ./configure then make: http://paste.ubuntu.com/687491/
[09:30] <ScottSanbar> and`: What do you mean by C&P?
[09:30] <and`> Copy & Paste
[09:32] <and`> please paste your makefiles.
[09:32] <ScottSanbar> and`:  OK, just a minute - you want the Makefile.am's or the (unbelievably huge) Makefiles?
[09:33] <and`> just makefile.am, did you add the relevant docdir's bits?
[09:33] <jamespage> wibblymat: hey - have you managed to get a sponsor for lucene3 yet?
[09:33] <ScottSanbar> not sure what you mean by docdir's bits - just a minute
[09:37] <ScottSanbar> and`: http://paste.ubuntu.com/687498/
[09:38] <ScottSanbar> and`: http://paste.ubuntu.com/687498/
[09:39] <dholbach> jamespage, what needs sponsoring there?
[09:40] <jamespage> dholbach: wibblymat has been trying to get a sponsor to get it into Debian - just wondered whether he had any success yet
[09:40] <Laney> I got the impression it wasn't at sponsoring readiness yet
[09:40] <dholbach> ah ok
[09:40] <Laney> p.s. good morning
[09:40] <jamespage> morning Laney
[09:41] <ScottSanbar> and': made a mistake.  Here is the proper paste:  http://paste.ubuntu.com/687500/
[09:44] <and`> ScottSanbar: put README outside src
[09:44] <and`> it should be on the top level
[09:45] <ScottSanbar> and`: Magic! :-)
[09:46] <and`> :)
[09:48] <ScottSanbar> and`: you want to see my first package in LaunchPad?  Maybe you can all the things I did wrong ... :-)
[09:49] <and`> ScottSanbar: sure, I am leaving in a few minutes though :)
[09:51] <ScottSanbar> http://bazaar.launchpad.net/~scott-sanbar/hello/1.0/files
[09:52] <ScottSanbar> and`: You sure are a nice guy.  Thanks for all the help!!!! :-)
[09:54] <and`> ScottSanbar: you're welcome!! :) first thing I saw: .ex files needs to be removed :)
[09:54] <and`> those are examples files, if you don't need them, you can safely purge them out
[09:55] <ScottSanbar> I want to look into them and learn about them, so I left them in, but thanks for the pointer.
[09:56] <and`> ScottSanbar: mmm..having an hello dir into debian/ is pretty bad :)
[09:56] <and`> you should make sure to work on a clean tree
[09:56] <and`> that's autogenerated when you build the package with dpkg-buildpackage. Learn about the pbuilder / sbuild tool :)
[09:58] <ScottSanbar> what is unclean about my tree?
[09:59] <and`> http://bazaar.launchpad.net/~scott-sanbar/hello/1.0/files/head:/debian/hello/
[10:02] <ScottSanbar> how did that get there?
[10:04] <and`> I guess you built the package with dpkg-buildpackage, that will create the $PACKAGE dir into debian/
[10:04] <and`> use a pbuilder :)
[10:05] <ScottSanbar> pbuilder is the very next step in my journey in the tutorial on packages on the ubuntu beginner website ... :-)
[10:06] <and`> :)
[10:06] <ScottSanbar> I am just following the recipe on the tutorial (although the source and make environment is my own stuff based on the gnu automake examples)
[10:06] <ScottSanbar> I already have a schroot and all that ready when I need it - that all worked fine, although it was very involved.  Pretty cool stuff!
[10:08] <ScottSanbar> learning the make environment to me is very important, because I like to understand at a low level how things work so they are not magical, but understood, so I can debug and develop better
[10:09] <ScottSanbar> how do I use bzr to view the full tree visually, if possible, or at least expose what I have better?
[10:11] <and`> what do you mean?
[10:12] <ScottSanbar> I am used to using gui applications that show visually the tree structure of a VCS.  The command line utilities I used that worked with those VCSs also showed you textually very visually how hte branches and commits were interrelated.
[10:15] <ScottSanbar> and`:  I just found bzr explorer - just the ticket! :-)
[10:15] <and`> ScottSanbar: ^^, yeah, that's the tool you linked me before :)
[10:15] <and`> I am leaving, have a great day!
[10:15] <ScottSanbar> and`: OK, thanks
[10:15] <and`> np! cheers
[10:55] <bdrung> tumbleweed: yes (but crediting the requester isn't supported yet due to the lp bug)
[10:55] <bdrung> Daviey: ack-sync bugnumber -> sponsor-patch -s bugnumber
[10:59] <Daviey> bdrung: Odd, I tried it without -   -s, --sponsor         sponsoring; equals -b -u ubuntu
[10:59] <Daviey> and it told me there was no patch on the bug report
[11:00] <Daviey> Well duh.. it's a sync bug :)
[11:00] <bdrung> Daviey: you have to use the daily build.
[11:00] <bdrung> it's not yet released
[11:01] <bdrung> it will be part of 0.132
[11:01] <Daviey> bdrung: I was using bzr.
[11:02] <bdrung> Daviey: which revision?
[11:03] <Daviey> trunk
[11:03] <bdrung> Daviey: please test https://code.launchpad.net/~udt-developers/+archive/daily
[11:03] <Daviey> 1176
[11:04] <Daviey> too late now :/
[11:04] <bdrung> Daviey: you can use a older revision to get ack-sync back
[11:05] <Daviey> bdrung: I did this, but i think the syncpackage interface had changed.
[11:05] <Daviey> It reported the package wasn't in sid.. which i could see it clearly was.
[11:06] <tumbleweed> sounds like you went too far back :)
[11:06] <bdrung> Daviey: next time please leave the sync request open and file a bug.
[11:06] <tumbleweed> that's r1149
[11:06] <bdrung> Daviey: i tested the new code with one sync request and everything worked
[11:07] <tumbleweed> Daviey: or possibly it was using the lpapicache from your system, not the bzr checkout
[11:11] <Daviey> tumbleweed: i went back to te revno before you deleted it :)
[11:11] <Daviey> err bdrung
[11:12] <tumbleweed> Daviey: ok, that should have been checking debian publishing correctly
[11:52] <ScottSanbar> :q
[11:52] <Pici> :q!
[15:37] <azeem> mok0 still active?
[15:37] <azeem> eh
[15:37] <azeem> +is
[15:59] <ScottK> Not very.
[15:59] <ScottK> He's here now and then.
[17:27] <Guus_> Anyone in here that would like to help us with packaging #openteacher? https://bugs.launchpad.net/ubuntu/+bug/682852
[17:44] <cdunlap> I would love to help but I have never done any packaging before.  I am willing to try and help you, if you like
[17:45] <Guus_> cdunlap: sounds great, our problem is that debian has many guidlines so packaging is kinda hard but if you want to try that would be awesome
[17:46] <cdunlap> Guus:  If you could point me to the guidelines, I can do a quick review and see if I would be wasting your time or not.  I don't want to do anything that might hurt your cause.
[17:47] <cjwatson> www.debian.org/doc/debian-policy/
[17:47] <cjwatson> also parts of http://www.debian.org/doc/developers-reference/
[17:47] <cjwatson> the policy manual has the main requirements that apply to packages though
[17:48] <cjwatson> however if you have a sensible build system then dh should do most of the debian/rules work for you
[17:53] <cdunlap> Thank You.  I will take a look at this and let you know if I think I can help or not.
[18:46] <cdunlap> Guss/CJWatson:  quick question, and forgive my ignorance in advance...  I have done small bug fixes (like grammar changes) to learn how to do some of this work.
[18:46] <cdunlap> Will that be helpful in this instance or not?
[18:47] <cdunlap> I know that I do some packaging to build a package to test the change but that is a command line or two.
[18:52] <geser> cdunlap: it helps when you try to fix bugs/apply patches to existing packages. IMHO it's easier to start that way and learn slowly how Debian packaging works than to start packaging a fresh application as you have to learn much in short time (though it's not impossible)
[18:54] <cdunlap> geser:  thank you and that seems to be right in line with what I have read when I did some reading about getting involved.  I will keep reading through the documentation that cjwatson provided.
[21:25] <NCommander> Rhonda: ping? you about?
[23:06] <Rhonda> NCommander: hmm?
[23:15] <NCommander> Rhonda: I was told your the person to talk to w.r.t. to packages.u.c; I'd like to get the Ubuntu ports architectures up there
[23:16] <NCommander> (there is also a bug that if a package is not updated from oneiric but is simply copied across that it sometimes fails to appear on p.u.c :-/)