[00:03] <SpamapS> So, before I run off experimenting with things.. say I want to use the django-openid-auth thing just for openid, but then I want to check for membership in a private team by doing LP calls on login. Has somebody already done this?
[00:10] <mwhudson> SpamapS: pretty sure that's doable
[00:10] <mwhudson> SpamapS: you'll need to get your RP specifically whitelisted to be able to ask about private teams
[02:35] <rick_h_> StevenK: you know what's up with build-not?
[02:43] <StevenK> rick_h_: Huh?
[02:50] <rick_h_> StevenK: buildbot is in a strange place with the exception stuff?
[02:50] <rick_h_> ah looks like someone did another force
[02:51] <rick_h_> I hadn't seen buildbot blow up in that way so was curious if you had any idea what's up.
[02:51] <rick_h_> both my ec2 lands bounced due to pqm buildbot fail
[02:51] <StevenK> rick_h_: subunit stream corruption
[02:55] <StevenK> rick_h_: And yes, I forced
[02:55] <rick_h_> ok cool, thanks
[09:05] <adeuring> good morning
[09:08] <czajkowski> adeuring: ello
[09:08] <adeuring> hi czajkowski!
[09:09] <czajkowski> adeuring: is it cold in your neck of the woods today ?
[09:10] <adeuring> czajkowski: depends on how you define cold ;) 5C and fotunatley no rain
[09:14] <czajkowski> well no rain is good!
[09:15] <czajkowski> it's 3C here and cold!
[09:18] <stub> come on over, the weather is lovely
[09:19] <czajkowski> stub: are you in AU or Nz?
[09:20] <stub> Thailand
[09:20] <czajkowski> oh even further
[09:20] <stub> no, closer
[09:20] <czajkowski> stub: ah yes but ye have the weird rain weather over there
[09:20] <czajkowski> I want to avoid places with rain and snow. clearly moving to UK from ireland I didn't think this one through :)
[09:21] <stub> monsoon storms are awesome
[09:22] <czajkowski> http://www.irishpressreleases.ie/content/flooded%20house.6885.jpg  is what happens to irelan when it floods!
[09:22] <czajkowski> or http://news.bbcimg.co.uk/media/images/61218000/jpg/_61218905_jex_1449008_de27-1.jpg
[09:22] <stub> When Thailand floods, we cause worldwide harddrive shortages :)
[09:23] <czajkowski> lol
[09:23] <stub> Anyone here on maintenance?
[09:23] <czajkowski> it's ok we still ge tour cider and guinness exported, we have our priorities! :)
[09:24] <czajkowski> stub: StevenK if you can catch him
[09:24] <czajkowski> stub: and we're down to one person for next week
[09:24] <czajkowski> in USA timezone
[09:24] <stub> who is that?
[09:25] <czajkowski> stub: sinzui
[14:00] <deryck> Morning
[14:01] <rick_h_> morn
[14:17] <sinzui> stub, I saw your remarks on bug 1050191. I agree with your suggestions. I will make this my next issue to work on
[14:17] <_mup_> Bug #1050191: allocate-revision-karma.py is too slow to complete <branches> <karma> <lp-code> <oops> <Launchpad itself:Triaged> < https://launchpad.net/bugs/1050191 >
[14:18] <stub> sinzui: ok. The code changes are trivial if I'm right. Test fallout likely worse.
[14:18] <sinzui> indeed
[14:19] <stub> moving to garbo would be nice, but that is more than maintenance
[14:20] <sinzui> stub, I was thinking the same. So you agree that this process looks like a garbo candidate. I will consider it.
[14:21] <stub> it is perfectly suited to be a garbo job. migrating tests will again be the issue :)
[15:04] <deryck> adeuring, here's the MP I need reviewed, https://code.launchpad.net/~deryck/launchpad/remove-product-info-typo-garbo/+merge/137210
[15:04] <adeuring> deryck: already looking at it :)
[15:04] <deryck> adeuring, ah thanks :)
[15:08] <adeuring> deryck: r=me, one nitpick
[15:08] <deryck> adeuring, thanks
[15:08] <deryck> adeuring, good catch, thanks
[15:26] <sinzui> rick_h_, https://bugs.launchpad.net/launchpad/+bug/1079678 is still a private-project issue because Lp has to prevent the object from being created...other wise Lp's db has a integrity issue. Question cannot be deleted.
[15:26] <_mup_> Bug #1079678: You're able to create new questions on Launchpad even when questions is not avilable to a project <distributions> <lp-answers> <projects> <ui> <Launchpad itself:Triaged> < https://launchpad.net/bugs/1079678 >
[15:27] <sinzui> I think someone also needs to verify that questions cannot be retargeted to a proprietary project
[16:26] <rick_h_> sinzui: ah, that makes sense.
[16:27] <rick_h_> sinzui: hmm, I thought that was checked though. I remember some work around the sprint stuff before UDS around that
[16:31] <rick_h_> hmm, never mind, mixing up blueprints and questinos
[16:33] <rick_h_> sinzui: so ok. I'll add a card/ticket around validating the question so that it can't be targetted around a non-public project
[16:34] <deryck> rick_h_: so I agree with sinzui on that issue.  but retargeting is separate from people URL hacking, which can be done on any kind of project....
[16:34] <rick_h_> deryck: right, so I'm filing a second bug that we'll address
[16:34] <rick_h_> and then we can decide if the right fix for the url hack is to catch it at the view when the form is loaded, or as a validation error like this retargetting issue later
[16:34] <deryck> rick_h_, sinzui -- and I still stand by my thinking that the first issue is nothing special because of privacy.  it's just a bug, and not dangerous for privacy.
[16:35] <sinzui> rick_h_, maybe the solution is to ensure the vocab for question targets only contains Public information type projects. That would allow the existing validation processes to co unchanged
[16:35] <deryck> i.e. yes, it creates bad data, but it doesn't risk a leak, so we don't care.  it also creates bad data for public projects.
[16:36] <rick_h_> sinzui: yea, I've not delt with the questions to know the best implementation for it, but would assume it would be a simple fix in the model perhaps.
[16:36] <sinzui> deryck, It was agreed that questions don't make sense and they DO contain confidential information that we do not have infrastructure to clean
[16:37] <sinzui> deryck, That is why we ask commercial enquiries to use an email address instead of Lp answers. We could not delete the confidential information in the question
[16:37] <deryck> sinzui: I agree they don't make sense.  but I don't see how this bug relates to private projects.  what confidential info are you thinking?
[16:38] <deryck> sinzui: I'm sorry man, I'm lost.  How does using an email address and being able to url hack to file a question relate?
[16:38] <sinzui> deryck, more than 100 hardening/transition bugs blocked Lp from implementing safe sharing. This is the same case, Once users discover that Lp is not trustable, you lost and cost someone and NDA
[16:38] <rick_h_> I suppose there's the use case where someone submits a question on a non-public project via the url hack and it contains sensitive data
[16:39] <rick_h_> if things ever do go public, and questions are turned on
[16:39] <rick_h_> it'd be exposed
[16:39] <sinzui> yes, that was what the issue was about
[16:39] <rick_h_> sinzui: ok, from the comments it was more czajkowski wanted to make sure users didn't get ignored
[16:40] <rick_h_> sinzui: so it wasn't 100% clear at first
[16:40] <sinzui> Canonical has partners with NDA information spewing from their keyboards into projects that are working in secret
[16:40] <rick_h_> however, if we fix the model so that you can't create/target to a non-public project the potential leak issue goes away
[16:40] <deryck> but do those people have permission on private projects AND know how to url hack to file a question?
[16:41] <rick_h_> so I think the *right* bug for us to fix and work on is #1079678 and #1079678 is a more general bad UX bug
[16:41] <_mup_> Bug #1079678: You're able to create new questions on Launchpad even when questions is not avilable to a project <distributions> <lp-answers> <projects> <ui> <Launchpad itself:Triaged> < https://launchpad.net/bugs/1079678 >
[16:41] <_mup_> Bug #1079678: You're able to create new questions on Launchpad even when questions is not avilable to a project <distributions> <lp-answers> <projects> <ui> <Launchpad itself:Triaged> < https://launchpad.net/bugs/1079678 >
[16:41] <sinzui> Laura's issue one example of a root cause of bad data getting into a project
[16:43] <deryck> I absolutely do not agree this warrants our precious time left until Monday, but I'm not going to fight about it.  I just don't see any real risk.
[16:46] <czajkowski> re that bug I logged it not for a privacy issue, but more for the point people create answers on projects and they are not looked at. perhaps the people creating private projects and blueprints arent possibly going to be creating answers on lp
[16:48] <deryck> That's my point, czajkowski.  It is absolutely a bug.  And it should be fixed.  I don't think it's risky or even related to privacy, and don't think we should agree to fix it before we release private projects from beta.
[16:51] <czajkowski> deryck: that I don't know :) would there be a case if people didn't know it was turned off and if they were automatcally used to asking questions they could then.  I guess flacoste would have final say on it.  I just see it happening from time to time on projects on here
[16:51] <czajkowski> which was why I logged it
[16:54] <deryck> czajkowski: proprietary and embargoed projects are not the kind to file questions against anyway.  they're secret.  and I can see why anyone would accidentally do it because there's no use case for asking a question.
[16:54] <deryck> but talking to rick_h_ in another channel, his fix for the retargeting issue will fix this as a by product, so no point arguing it anymore.
[16:55] <deryck> rick_h_: what is the bug number of the new bug you filed?
[16:55] <rick_h_> #1079678
[16:55] <_mup_> Bug #1079678: You're able to create new questions on Launchpad even when questions is not avilable to a project <distributions> <lp-answers> <projects> <ui> <Launchpad itself:Triaged> < https://launchpad.net/bugs/1079678 >
[16:56] <rick_h_> sorry, wrong one
[16:56] <rick_h_> #1079678
[16:56] <_mup_> Bug #1079678: You're able to create new questions on Launchpad even when questions is not avilable to a project <distributions> <lp-answers> <projects> <ui> <Launchpad itself:Triaged> < https://launchpad.net/bugs/1079678 >
[16:56] <rick_h_> ugh, /me fail
[16:56] <deryck> heh
[16:57] <rick_h_> #1085102
[16:57] <_mup_> Bug #1085102: A non-public project can currently be the target of a question. <lp-answers> <private-projects> <Launchpad itself:Triaged> < https://launchpad.net/bugs/1085102 >
[16:57] <rick_h_> there we go
[16:57] <rick_h_> card updated on the board as well.
[16:58] <deryck> rick_h_: thanks.  I reply in the original bug.
[20:02] <sinzui> bac, do you have time to review https://code.launchpad.net/~sinzui/launchpad/system-bug-comments-api/+merge/137308
[20:02] <bac> sinzui: i do
[20:06] <bac> sinzui: done
[20:07] <sinzui> thank you bac
[20:07] <bac> de nada
[20:21] <abentley> bac: Could you please review https://code.launchpad.net/~abentley/launchpad/no-private-translations/+merge/137316 ?
[20:21] <bac> abentley: on it
[20:41] <bac> abentley: in the error messages you alternately refer to "private projects" and "proprietary projects".  should you pick the one most common description -- or are you really trying to convey something different?
[20:44] <abentley> bac: Okay.  (We don't really have a good umbrella term for Proprietary and Embargoed products, because "private" means something else in the context of branches and bugs.)
[20:45] <abentley> bac: So that's my own dissatisfaction with either term showing up in the code.
[20:45] <bac> abentley: gotcha
[20:45] <bac> hi statik!
[20:46] <statik> o/ bac
[20:50] <lifeless> statik: o/
[20:50] <lifeless> and o/ everyone here ;)
[21:40] <jcsackett> deryck: you around? can i request a review of https://code.launchpad.net/~jcsackett/launchpad/blueprint-private-traversal/+merge/137330
[21:40] <jcsackett> (or abentley or rick_h_) ^
[21:40] <deryck> jcsackett: I can get it.
[21:40] <jcsackett> awesome. thanks deryck.
[21:41] <deryck> jcsackett: np
[21:48] <deryck> jcsackett: am I reading the diff right, was there really a pdb in this code that your code removes?
[21:49]  * jcsackett looks
[21:49] <jcsackett> deryck: it's pipe madness. let me resubmit with the right target.
[21:50] <deryck> jcsackett: ok, that's why I asked.  I didn't mind a missing pdb mind you. :)  But just wanted to make sure the diff was correct.
[21:50] <jcsackett> deryck: if you want the fully proper diff: https://code.launchpad.net/~jcsackett/launchpad/blueprint-private-traversal/+merge/137333
[21:50] <jcsackett> thought i had fully destroyed that pipe. clearly not. :-P
[21:51] <deryck> jcsackett: heh, np.  thanks.
[22:03] <deryck> jcsackett: looks great to me. r=me
[22:03] <jcsackett> deryck: thanks!
[22:03] <deryck> np