kpennaltHello all03:43
kpennaltI'm having an issue with the alpha release of 12.04, and I was wondering if this is an appropriate place to ask for help?03:43
EvilResistancekpennalt:  #ubuntu+103:43
EvilResistancewould be better03:43
EvilResistancebut you should be able to ask here too03:44
kpennaltappreciate the advice - I'll try the other channel first03:44
=== almaisan-away is now known as al-maisan
=== Tonio__ is now known as Tonio_
cjwatsonnext time somebody who can use syncpackage has a sync request to do, would you mind doing it with requestsync instead just the once and letting me know?10:20
cjwatsonI'm working on converting the requestsync backend to syncpackage, and would appreciate a real test case10:21
tumbleweedcjwatson: if sponsors can syncpackage it themselves, will the archive admins still be handling requestsync bugs?10:22
cjwatsonHopefully not10:22
cjwatsonBut I'd like to keep that code around for a while to deal with any that come through sponsors who are less up-to-date10:22
tumbleweedyeah, I'm sure there'll be a few..10:23
Laneythere are some syncs in the queue currently10:23
tumbleweedwell, we haven't gone out of our way to annunce syncpackage...10:23
cjwatsonLaney: one, and it's one I need to check with Kubuntu people first10:24
cjwatsonunless you mean you just added some10:24
LaneyI see quite a few though10:24
Laneythe sponsor queue, not the AA one10:24
cjwatsonOK, I'll review/steal one off the sponsor queue then10:30
cjwatsonexcellent, https://bugs.launchpad.net/ubuntu/+source/git/+bug/913977 worked11:03
ubottuUbuntu bug 913977 in git (Ubuntu) "Sync git 1: (main) from Debian unstable (main)" [Undecided,Fix released]11:03
cjwatsoncommitted to ubuntu-archive-tools11:05
Laneycan any developer (with access) use mass-sync now?11:11
StevenKI'd hope not.11:13
LaneyI don't see how it's any worse than sponsoring syncs manually11:16
cjwatsonLaney: Yes, should be possible11:28
cjwatsonStevenK: What Laney said11:28
cjwatsonLaney: Although as tumbleweed says, the entire "feed sync requests to ubuntu-archive" system should basically be considered deprecated at this point11:28
Laneyright. I wasn't suggesting that (although we really ought to announce this), just that mass-sync might be convenient for more general use.11:29
cjwatsonStevenK: You aren't confusing mass-sync with auto-sync, are you?11:29
cjwatsonLaney: mass-sync's interface is a right mess.  It's probably easier to just use syncpackage directly.11:29
cjwatsonMost people aren't in the position of needing to use it in bulk after somebody else has reviewed bugs one by one.11:30
StevenKcjwatson: Oh, mass-sync is not sync-source -a?11:30
cjwatsonStevenK: That's auto-sync.11:30
StevenKcjwatson: Right, complaint withdrawn11:30
cjwatsonStevenK: Launchpad doesn't have any particular access control on Archive.copyPackages AFAICT, which is the backend for auto-sync; but I put a guard in the API script itself.11:30
StevenKWe ought to11:30
cjwatson(Obviously you can remove that if you know what you're doing, but I'm more worried about the people who don't.)11:31
cjwatsonI'd have called auto-sync mass-sync, but the name was already in use11:31
cjwatsonStevenK: Mm.  Archive owner?11:32
cjwatson(That's what auto-sync currently checks for.)11:33
StevenKcjwatson: But that doesn't work either11:34
cjwatsonWhy not?11:35
StevenKcjwatson: copyPackages is called by mortals11:35
StevenKAnd we'd like the security team to use it instead of whatever create delayed copies11:35
cjwatsonSurely the security team would use copyPackage, not copyPackages.11:36
cjwatsonThe latter being the mass interface that e.g. doesn't send notifications.11:36
StevenKOh, right11:36
cjwatsonNaming FTW11:36
StevenKDamnable interfaces that are almost identicaly named11:36
StevenKRight, archive owner for copyPackages sounds okayish11:36
cjwatsonFeels like copyPackage should be as it is now and copyPackages should be launchpad.Edit.11:37
cjwatson(Which is archive owner or admins.11:37
cjwatsonThat said I don't know how derived distributions are using copyPackages.11:38
StevenKPossibly. Sadly, my head is full of CSS garbage so I can't really comment.11:38
LaneyI was still thinking about extending syncpackage to support syncing multiple sources at once. That would have to use copyPackage then, although I imagine the batches used would be small enough not to be a problem.11:38
Laneymaybe a -y flag would be better11:39
cjwatsonLaney: This is one reason the naming is misleading.  Even if syncpackage supports syncing multiple sources, it should use Archive.copyPackage one at a time, because you still want the notifications.11:42
Laneycjwatson: Sure. The consideration would have been the impact on LP vs. the utility of the notification email.11:44
cjwatsonI doubt LP will particularly notice the impact of multiple copyPackage calls vs. one big copyPackages call.11:45
Laneyright, particularly at the sizes individual developers will be using it at.11:45
cjwatsonUnless it's actually a full auto-sync, which I still maintain belongs in a separate tool even if it shares more code with syncpackage than it currently does.11:46
LaneyOne of the main benefits is being able to open up this task to non-canonical AAs, which you still get.11:53
LaneySeems like a sane change to me.11:54
cjwatsonLaney: Right.12:08
cjwatsonLaney: Also security.  The processes involved in supporting sync-source.py mean, as a side-effect, that archive admins can currently almost certainly forge uploads from any developer if they try hard enough.12:09
cjwatson(I mean Canonical-employed AAs.)12:09
cjwatsonhttps://code.launchpad.net/~cjwatson/launchpad/remove-sync-source/+merge/88190 up now to kill it with fire12:10
=== al-maisan is now known as almaisan-away
dupondjewhere could I find a list of packages that are included on cd ?12:12
=== 94SAAEC2F is now known as Zhenech_
cjwatsonbroder: So, what do we need to do to have backports no longer going through archive admins?12:27
cjwatsonbroder: backportpackage looks mostly OK, but (a) I think it should probably use debuild -nc if you're going to be using it for actual uploads, (b) does it need to handle correct versioning of successive backports of the same package?, (c) do you (plural) reliably have privileges to upload the result?, (d) there's still a warning in backportpackage(1) about uploading to Ubuntu although I guess ~ubuntu-backporters can ...12:30
cjwatson... disregard that12:30
cjwatson(I know there's the queue admin issue as well, but I don't mean that bit of the process for the moment)12:30
tumbleweedcjwatson: -nc has already been committed to the repo12:54
dupondjedpkg-architecture -qDEB_HOST_MULTIARCH doesn't work in pbuilder ?12:56
cjwatsontumbleweed: oh good12:57
Laneycjwatson: I'm not sure if anybody found out what the actual effective ACL of -backports is.13:03
LaneyI understand it to be ~motu, but that could be folklore13:03
LaneyScottK: any clue?13:03
ScottKI'm reasonably certain that's more than folklore, but I've been core-dev so long, I've no actual knowledge.13:04
ScottKUpload a backport from a Main package and see.  I can always reject it.13:04
* cjwatson digs through LP code13:06
cjwatsonIt seems unlikely.  The do-you-have-permission-to-upload type methods don't generally take pockets.13:06
LaneyI think it was ScottK that told me this initially, so that might explain why he believes it to be the caseā€¦13:07
ScottKIt probably was me.13:07
Laneyall backports uploads go to unapproved, yes?13:08
ScottKI thought we tested it, but I could be wrong.  Not sure who the other part of we was either.13:08
ScottKThey do.13:08
Laneyright. uploading.13:08
ScottKTo what series?13:08
micahgScottK: backports?  that was me :)13:08
ScottKAh.  Right.  I remember now.13:08
cjwatsonThe checks are (1) can *anyone* upload to this pocket (i.e. not RELEASE for stable release, or whatever); (2) ACL for sourcepackagename; (3) ACL for packageset/distroseries; (4) ACL for component13:09
LaneySigner is not permitted to upload to the component 'main'.13:11
Laneyso I wouldn't be a fully effective backporter.13:11
cjwatsonRight.  So I propose:13:12
cjwatson (1) Somebody should file a Launchpad bug to let us have per-pocket ACLs, if there isn't such a bug already.13:12
ScottKLaney: Most backports aren't uploaded by hand.  It's relatively rare.13:12
cjwatson (2) We look into changing mass-sync.py to use backportpackage (i.e. called by archive admins).13:12
* ScottK looks at Laney for (1).13:12
cjwatsonScottK: Right, but I was asking whether we could have backporters use backportpackage and upload directly rather than going through ubuntu-archive.13:13
ScottKI see.13:13
ScottKI missed the first part of the conversation.13:13
cjwatsonI want to kill the backdoor interface currently used by backport-source13:13
cjwatsonIt was piggybacking on top of sync-source, and that's in the process of dying13:13
cjwatsonUnfortunately (2) would mean that archive admins would have to sign backports, which is less than ideal13:14
cjwatson(1) isn't trivial; the ArchivePermission model would need to be extended13:15
cjwatsonBut seems like the right answer, ultimately13:15
LaneyWould per-pocket ACLs be required for -security moving to copyPackage too?13:17
Laneyrequired in as far as there could be security team members without core-dev13:18
micahgLaney: there are 3 at present13:19
Laneymicahg: how do you handle copies from the security PPA? Have an archive admin do them (using syncSource?)?13:20
micahgLaney: no, we can copy into -security ATM as long as the API doesn't time out13:20
Laneyso long as you have upload access to the package?13:21
StevenKThey have a script that calls an LP API method that has a hardcoded -security check.13:21
StevenKWhich is disgusting.13:21
Laneyoh, yikes13:21
micahgLaney: no, ubuntu-security owns the security pocket AFAIK13:21
LaneyStevenK: so that method checks the person is in ~ubuntu-security?13:21
StevenKI don't recall, and I'm juggling eggs.13:21
Laneymicahg: could you check your script to see which API method it pokes?13:23
StevenKWhile I wait for 'make' -- we, as in LP devs, want to kill that method.13:24
StevenKShortly followed by destroying delayed copies.13:25
l3onhey guys I worked on merging zabbix 1.8.913:25
l3onthere is a new version 1.8.10 that fixes a CVE, should we adopt it ?13:26
brodercjwatson, Laney, ScottK: changing to per-pocket upload ACLs would contradict the TB's decision about pre-release backports13:29
broder(on a train at the moment; wifi is spotty; may come and go)13:29
=== almaisan-away is now known as al-maisan
=== dholbach_ is now known as dholbach
laney_since when did a univeristy need internet access anyway?13:40
tumbleweedsounds like your sysadmins are learning from ours13:41
brodercjwatson: i'm not sure what you meant by "(b) does it need to handle correct versioning of successive backports of the same package?"13:48
cjwatsonbroder: contradict TB> hm, you'll have to remind me how?13:54
cjwatsonbroder: backport-source currently has a thing where if you try to backport the same thing twice you'll get ~oneiric1, ~oneiric2, etc., presumably for rebuilds13:55
cjwatsonbackportpackage only does ~oneiric113:55
brodercjwatson: https://lists.ubuntu.com/archives/technical-board/2011-November/001137.html13:56
broderTB's decision was that the upload ACL for backports should match the rest of the archive13:57
=== jasox_ is now known as jasox
dupondjedpkg-architecture -qDEB_HOST_MULTIARCH doesn't work in pbuilder ?13:57
brodercjwatson: i haven't run into successive backports like that in practice, but it sholudn't be too hard to modify backportpackage to handle it13:58
cjwatsonbroder: "as opposed to <thing we determined just now is untrue>" ;-)13:58
cjwatsonI think I'd like to revisit that given that it was based on a false premise13:59
cjwatsonand I find the notion of something that a team must approve but cannot directly perform to be a bit bizarre13:59
cjwatsonI can imagine that we might have wanted to fix the situation where MOTU could upload any package to -backports, but we've just determined by both code inspection and experiment that that isn't the case14:00
brodersure :)14:00
broderso i guess in that case the goal would be for ubuntu-backporters to be able to upload anything? that certainly seems acceptable to me14:00
cjwatsonIf they're the sole approver for -backports in practice, then that seems sensible14:01
cjwatsonbut if you like, I'll run that by the TB list14:01
broderi guess i haven't really dealt directly with enough TB decisions to have a sense of when that's appropriate - whatever you think is reasonable is fine with me14:03
Laneycjwatson: #91477914:33
Laneybug #91447914:33
ubottuLaunchpad bug 914479 in dh-make-perl (Ubuntu Oneiric) "dh-make-perl cache is broken in oneiric" [Undecided,New] https://launchpad.net/bugs/91447914:33
Laneybug #91477914:33
ubottuLaunchpad bug 914779 in Launchpad itself "Pocket maintainers cannot always upload to their pocket" [Undecided,New] https://launchpad.net/bugs/91477914:33
cjwatsonScottK: do you have an opinion on bug 84891615:27
ubottuLaunchpad bug 848916 in webkitkde (Ubuntu) "Sync webkitkde 1.1.0git80efcf77-1 (universe) from Debian experimental (main)" [Wishlist,Confirmed] https://launchpad.net/bugs/84891615:27
cjwatsonI've been deferring it until I got a chance to talk with somebody who knew about Kubuntu to ack it ...15:27
ScottKcjwatson: It's got no external rdepends or reverse build depends and the reason not to sync has gone away (Debian badly versioned an svn snapshot at one point).15:30
ScottKNo objection from me (seems like a good idea)15:30
cjwatsonOK, great - thanks15:30
ScottKYou're welcome.15:30
cjwatsonThinking about it, I think I initially deferred that bug because I first saw it when oneiric was frozen and it seemed like a "no way" then15:34
ScottKThere was a time when syncing it would have been really bad because it would have replaced a release with a pre-release svn snapshot.15:37
ScottKNice that's over.15:37
roaksoaxhi/win 315:42
=== andreas__ is now known as ahasenack
l3onHi all... hey guys, there some my merging bugs still pending... is there a motivation why they do not get attention by sponsors, or it's just the queue ?16:04
micahgl3on: just the queue16:07
micahgl3on: patch pilots will be back next week as well16:08
l3onah ok :) thanks micahg, so I can continue about merging :P16:08
micahgl3on: please, also, did you get an answer to your zabbix query?16:08
l3onmicahg, nu, I have written again in -devel about some mins ago... still waiting16:09
micahgl3on: so, to answer your question, you can just wait until 1.8.10 is uploaded to Debian if you believe it'll happen soon16:09
l3onmicahg, Ok, in fact I emailed maintainer, wait for a reply...16:10
l3onI also have the 1.8.9 debdiff, it introduces a patch to fix FTBFS with ld --as-needed, should I request an upload in Ubuntu ?16:11
micahgl3on: if you believe 1.8.10 to be coming soon, maybe upstream the ld --as-needed fix to Debian16:11
l3onok, I'll do it16:12
Laneycjwatson: Backporters who are also core-devs could also do (1). I think that's everyone active except me.16:18
cjwatsonLaney: well, yeah, it winds up much the same thing.  Still, the fact that backporters isn't a subset of core-devs indicates that the model needs fixing, IMO16:20
LaneyRight, but it's better than requiring archive admins to be more involved16:22
micahgalso, the number of main backport requests should be on the lower side as they'd be more likely to break things16:23
broderhmm. i'm actually kind of curious about that16:24
* broder runs to hte udd-mobile16:24
cjwatsonLaney: Isn't that equivalent to (2) anyway?16:29
cjwatsonLaney: I suppose you might subscribe ubuntu-archive to the backports you approve, or something16:29
cjwatsonSeems a bit roundabout though :-)16:29
cjwatsonShould backportpackage gain an option to close bugs, like syncpackage has?16:31
Laneyindeed, just that I wouldn't block it on the permissions bug being fixed though16:31
cjwatson(It could do that by putting the bugs in the changelog, which might be more sensible than API closures)16:31
cjwatsonLaney: oh, right, I don't want to block this on that either way16:31
broderYeah, since we're already adding a changelog entry for backports, I think I'd just as soon do this with changelog closers than separately16:31
cjwatsonHaving mass-sync.py run backportpackage isn't particularly worse than what we have now, and we can incrementally improve from there16:32
cjwatson(Except for archive admins who aren't core devs, but realistically, I don't think they're processing backports anyway)16:32
ScottKcjwatson: bugs in changelog won't clost backports bugs.16:33
cjwatsonOh really?  Bugger16:33
ScottKThat'd be another LP change.16:33
Laneyas in you could do 2 right now, and remove the AAs already16:33
cjwatsonI guess that sort of makes sense16:33
Laneyapart from the queue bit I suppose16:33
micahgbroder: I wonder how many of those are ScottK backporting clamav :)16:34
brodermicahg: 71 :)16:34
cjwatsonLaney: Right - but we need something equivalent to mass-sync.py until nobody's processes involve subscribing ubuntu-archive to sync/backport bugs any more, anyway16:34
Laneyonly backporters should be doing that16:35
brodercjwatson: Switching to backportpackage for AAs does have the problem that you now have 2 AA actions to process a backport16:35
broderSince it would land in UNAPPROVED16:35
cjwatsonTrue, but they often enough land in NEW anyway16:35
cjwatsonMy motivation is not so much reducing AA workload as weaning us off shell access16:36
cjwatsonI'm willing to accept some small inconveniences as part of that (not large ones, though)16:37
broderMore random backports stats, for people who are as easily entertained as me: http://pastebin.ubuntu.com/800738/16:38
=== al-maisan is now known as almaisan-away
micahgweird, from intrepid-maverick, main backports outnumbered universe16:41
micahgoh, except for lucid16:41
ScottKclamav moved to main in Intrepid. ...16:42
l3onmicahg, patch forwarded to upstream and debian :)16:43
micahgl3on: thanks16:43
micahgScottK: ah, that explains it :)16:43
ScottKI suspect it explains some fraction of it.16:43
micahgwell, it won't explain karmic16:44
jtaylorhm python and python2.7 provide argparse18:30
jtaylorit should only be provided by one of them or?18:30
=== Quintasan_ is now known as Quintasan
jtaylorhm yes as you know can't build the rdepends anymore :(18:37
Resistanceso... my sync request for ZNC was approved... broder, if i wanted to have natty and oneiric backports updated for the new release, would i just submit a new backport request bug, and add both natty-backports and oneiric-backports to the bug?19:43
Resistancestating that the backport request is to address a vulnerability in the version that already exists and contains a fix?19:43
broderyeah, that sounds right19:44
Resistancei'll get to that as soon as i clean my ext4 partition19:44
Resistancegot to get the livecd image onto this USB stick here19:45
Resistancebroder: should i flag the backport as a security vulnerability thereby making it a higher priority, or is that not necessary?19:53
* Resistance is writing the backport request now19:53
broderi don't know that that accomplishes anything19:54
Resistancebecause on the sync request i flagged it for the Sec team to review (because ZNC 0.202-2 fixes a DoS vulnerability)19:54
broderis it other people's experience that youtube-dl is busted in anything older than oneiric?19:58
* tumbleweed only uses it on sid and precise, so no idea19:59
brodermy inclination is to just upload srus of the version in oneiric to the older releases20:00
tumbleweedsounds reasonable20:00
Resistancebroder:  whats the bug number for that bug which blocks backported build-deps from being used to build packages for backports (in the archive)?  Its on my Linux machine (currently broken due to unclean ext4 partition), not on this machine i have in front of me20:01
tumbleweedhave you tried searching lp? :)20:02
Resistancetumbleweed: with no success, i'll try again though20:02
tumbleweedsearch bugs.launchpad.net/launchpad20:02
broderResistance: i don't know - i'd have to go find it20:02
Resistancefound it20:02
dupondjedpkg-architecture -qDEB_HOST_MULTIARCH doesn't work in pbuilder ?20:07
dupondjea build that uses it in debian/rules seems to fail, while it build fine on launchpad ...20:07
Resistancebroder: Bug #914996 is the new backport request, for when you get around to it.20:08
ubottuLaunchpad bug 914996 in Oneiric Backports "Please backport ZNC 0.202-2 from Precise to Natty" [Undecided,New] https://launchpad.net/bugs/91499620:08
Resistancealso tagged it for Oneiric backports too20:08
tumbleweeddupondje: I see no reason why it wouldn't work20:08
dupondjetumbleweed: well its strange20:14
dupondjetry building espeakup20:14
dupondjeI get: gcc-4.6.real: error: /usr/lib/libespeak.a: No such file or directory20:14
jtaylorespeakup needs fixing for the last espeak update20:14
jtaylorI have a branch on lp20:14
jtaylorI'm waiting for the change in debian before I apply it20:14
dupondjejtaylor: the current version in ubuntu doesn't build neither20:15
jtaylorI know20:15
jtaylorit builds on debian as espeak is not yet updated there20:16
jtaylorI'm waiting until its done there and going to sync20:16
dupondjeok :)20:16
jtaylorthe fix is simple20:16
jtaylorthe same as the libjack multiarch fix20:16
brodertumbleweed: ugh. actually, i feel slightly questionable about this because youtube-dl does more than just youtube these days20:16
broderand the other sites aren't broken20:16
dupondjejtaylor: there is no bug for it on debian ?20:17
jtaylorits not broken in debian20:18
dupondjewell not YET I guess ?20:18
dupondjeso its usefull to get it patched before it breaks :)20:18
jtayloryou can't20:18
jtaylornot cleanly at least20:19
dupondjehehe ok :)20:19
dupondjebtw another thing20:19
dupondjewhat to do with requestsync when the changelog on debian is fucked (aka 404)20:19
jtaylorwrite it per hand :)20:19
ScottK(copy/paste not write)20:19
dupondjei'm lazy :)20:19
ScottKThe lazy way is try again a few days later.20:20
jtaylorI had such an issue once, it never when away20:20
jtaylordebian changelogs are weird since a while20:20
tumbleweeddupondje: that shouldn't happen any more20:22
tumbleweedgrab a more recent ubuntu-dev-tools20:22
dupondjejust doesn't include last changelog ...20:23
tumbleweedit now gets the changelogs from launchpad20:23
tumbleweedbroder: youtube is still its primary reason for existance20:24
tumbleweedhrm, I see debian doesn't have it in *stable, but it is currently in testing20:25
broderfair enough. i'm inclined to agree, but wanted to see if someone else thought that way as well20:25
tumbleweedI seem to recall it being in volatile in the past20:25
tumbleweedbroder: I do feel for things like this that once we've started doing it, we need to keep it up20:27
tumbleweedotherwise there's no trust from the users that youtube-dl in stable releases will work. (I'm sure I keep a git checkout somewhere for when it's broken in debian)20:28
l3ondo you know if it's possible change status to bug via lp-python api ?20:32
l3ontumbleweed, I got a bug, and I can add attachment.. but now?20:32
l3onI saw api, after a quick look I can see the way20:33
l3onI'm playing with this: https://bugs.staging.launchpad.net/ubuntu/+source/forked-daapd/+bug/89666820:33
ubottuUbuntu bug 896668 in forked-daapd (Ubuntu) "Please merge forked-daapd 0.19gcd-2 (universe) from Debian unstable " [Undecided,Fix released]20:33
tumbleweedso, what's the problem?20:34
l3onI would like 'confirm' that bug and add subscription :)20:35
l3onand remove assignment as well20:36
tumbleweedstatus is an attribute of the bug_task, not the bug20:36
tumbleweedyou should be able to work it out from the documentation: https://launchpad.net/+apidoc/1.0.html20:36
l3onok, thanks :)20:38
lfaraoneI have a universe package (pianobar) which is badly broken due to external changes. Can I  upload a new upstream version, packaged in Precise, which fixes this bug (among other things?)21:24
lfaraoneFixing the bug in a cherrypick has proven difficult.21:24
broderI would upload the fix and be explicit about what you're doing in the bug description, and let ubuntu-sru make that call when they review it21:27
ScottKlfaraone: We're a month before feature freeze, so a new version is no problem.23:25
lfaraoneScottK: Sorry, I meant to oneiric.23:26
ScottKIf it's very badly broken that's sometimes acceptable, so as broder said.23:26
ScottKMake sure it's in precise first.23:26

Generated by irclog2html.py 2.7 by Marius Gedminas - find it at mg.pov.lt!