vsingh165anyone here know why I can't branch or checkout the lp:df-libreoffice branch?  it always seems to get stuck at 10639 kB00:19
=== slank is now known as slank_away
vsingh165when I bzr branch lp:df-libreoffice in terminal, I get "Write failed: broken pipe" errors00:24
=== chiluk_away is now known as chiluk
=== salem_ is now known as _salem
sladenvsingh165: report a bug01:12
=== sraue_ is now known as sraue
infinitydoko_: Why do crossbuild-essential-* depend on pkgbinarymangler?  That's pretty buildd-specific, and regular build-essential doesn't depend on it.06:56
infinitydoko_: (And, sure, you need pkgbinarymangler if your non-cross arches also use it, but conversely, if not, you need to not have it, so it should be something installed/enabled in the chroots by end users, not forced by dependencies, no?)06:58
=== tkamppeter_ is now known as tkamppeter
tkamppeterinfinity, did you see my answer about CUPS?07:29
infinitytkamppeter: Yeahp, thanks.  Noticed the upgrade removed the obsolete file here, and cron should shut up now, thanks.07:30
pittiGood morning07:33
=== doko_ is now known as doko
dokoinfinity, just did take that from wookey. didn't know if cjwatson's test build adds it explicitly08:05
dokochecking for pkg-config... /usr/bin/pkg-config08:05
dokochecking pkg-config is at least version 0.22... yes08:05
dokochecking for DBUS... no08:05
dokoconfigure: error: Package requirements (dbus-1 >= 1.2.16) were not met:08:05
dokoNo package 'dbus-1' found08:05
dokolooks like libnih still uses the wrong pkg-config binary08:05
infinity$crossbuild_core_depends = { armhf => ['build-essential', 'gcc-arm-linux-gnueabihf', 'g++-arm-linux-gnueabihf', 'pkg-config-arm-linux-gnueabihf', 'dpkg-cross']08:06
infinitydoko: ^-- What Colin and I use (and, I assume, his testbuilds)08:07
StevenK'gnueabihf' sounds like the noise you can make while sneezing.08:08
infinitydoko: The extra interesting thing there is that your crossbuild-essential has a cross-arch libc6-dev:crossarch dep, while we're just relying on gcc-arm-linux-gnueabihf to get it right, I guess?08:09
dokoinfinity, yes, you have to install the runtime target libs "twice", or else the shlibs files won't be found08:12
infinitydoko: That's... Special.08:13
infinitydoko: Anyhow, I have no opinion on the libc6-dev:armhf thing (and just caught up on the discussion in the Debian bug), but we should drop the pkgbinarymangler bit and leave that to the discretion of people building/managing their chroots.08:14
infinity(As in, mk-sbuild will do it for you by default with --distro=ubuntu, but it shouldn't be a hard dep, for people who prefer not to mangle)08:15
=== MrWGW- is now known as DrStrangelove
=== smb` is now known as smb
=== DrStrangelove is now known as MrWGW-
cody-somervilleseb128: Hey. I run into LP #930563 in case you need help debugging the issue.08:54
ubottuLaunchpad bug 930563 in libdbusmenu (Ubuntu) "NM Applet menu entries not responding" [Low,Confirmed] https://launchpad.net/bugs/93056308:54
=== Tonio_ is now known as Tonio_aw
seb128cody-somerville, hey, it would rather be something for larsu/charles/cyphermox08:55
cody-somervillecyphermox: I'm quite certain that LP #985028, LP #933300, and LP #930563 are the same.08:57
ubottuLaunchpad bug 985028 in network-manager-applet (Ubuntu) "nm-applet stops displaying VPN connections" [Medium,Confirmed] https://launchpad.net/bugs/98502808:57
ubottuLaunchpad bug 933300 in network-manager-applet (Ubuntu) "nm-applet needs restart after resume" [Medium,Confirmed] https://launchpad.net/bugs/93330008:57
ubottuLaunchpad bug 930563 in libdbusmenu (Ubuntu) "NM Applet menu entries not responding" [Low,Confirmed] https://launchpad.net/bugs/93056308:57
cody-somervillecyphermox: https://bugs.launchpad.net/ubuntu/+source/libdbusmenu/+bug/930563/comments/8 is the key I think.08:59
ubottuUbuntu bug 930563 in libdbusmenu (Ubuntu) "NM Applet menu entries not responding" [Low,Confirmed]08:59
=== Rushin_ is now known as zsoftich
didrocks@pilot in09:28
=== udevbot changed the topic of #ubuntu-devel to: Ubuntu 12.10 released | Archive: Open | Dev' of Ubuntu (not support or app devel) | build failures -> http://qa.ubuntuwire.com/ftbfs/ | #ubuntu for support and dicussion of hardy -> quantal | #ubuntu-app-devel for app development on Ubuntu http://wiki.ubuntu.com/UbuntuDevelopment | See #ubuntu-bugs for http://bit.ly/lv8soi | Patch Pilots: didrocks
=== yofel_ is now known as yofel
=== henrix_ is now known as henrix
=== smb` is now known as smb
cjwatsondoko: My chroots are made with mk-sbuild, which adds pkgbinarymangler by default, so I don't need crossbuild-essential-* to add it as well09:51
dokook, will remove it with the next upload09:52
xnoxdoko: well when doing cross it does two builds: native and then cross. Do you have full log? (my cross-chroot is not very minimal, maybe I should reset it up)10:07
xnoxdoko: and did that build install both native&cross build-deps? (I didn't add :native build-deps since that is not supported just yet by sbuild)10:09
cjwatsonI'm surprised that it works to do one build in a subdirectory and another in the source tree itself10:09
cjwatsonI thought automake complained about that10:09
cjwatsonusually when I need to do one build in a subdirectory I convert all the builds to do that10:09
dokoxnox, http://people.canonical.com/~cjwatson/cross/armhf/raring/10:10
cjwatsondoko: that's the native build pass10:11
cjwatsondoko: so it's correct for it to use /usr/bin/pkg-config10:11
xnoxcjwatson: hm. I was dubious about how the configure cache is handled. I think native build cache leaks into cross =/ but didn't look deeper into it.10:12
cjwatsondoko: the problem is the known one that we don't yet have a way to declare the native build-dependency10:12
dokoahh, ok10:12
xnox(unless it's not leaking but using the preload)10:12
cjwatsonxnox: config.cache is in the build directory, so shouldn't leak; but the one preset by dpkg-cross might10:12
cjwatsonxnox: you could unset CONFIG_SITE for the native build pass, perhaps, although that seems like quite a big hammer10:13
dokowell, isn't CONFIG_SITE plain wrong for the native build?10:22
cjwatsonwhen it's been set by dpkg-cross, yes10:23
cjwatsonor rather to the dpkg-cross config10:23
cjwatsonI can imagine somebody using it for other purposes, although we don't10:23
cjwatsonbut that's probably not worth worrying about - sounds best to unset it10:23
* cjwatson applies http://paste.ubuntu.com/1512288/ to groff, for comparison10:25
dokohttps://wiki.ubuntu.com/CrossBuilding/BuilddChroot looks pretty complete now, besides perl and linux10:31
xnoxdoko: I just uploaded DEB_STAGE=stage1 build variant for libsemanage. So we should be mostly done now =)))))10:32
didrockspitti: mind rejecting https://code.launchpad.net/~jelmer/ubuntu/raring/etckeeper/merge-debian/+merge/141431?10:33
pittididrocks: done10:33
* cjwatson looks at kmod10:34
didrocksthanks pitti :)10:34
cjwatsonoh, sorry jelmer, I didn't notice that MP10:35
cjwatsonI kept the change of default to bzr in my merge10:35
cjwatsonso if you still want to revert that, then propose another MP with just that, I think10:35
=== Tonio_aw is now known as Tonio_
=== cking_ is now known as cking
dokobarry`, maybe ask the debian maintainer before starting packaging the pil fork. I already have it packaged11:14
bdrungLaney: re bug #954352, do you have the prepared package at hand? i haven't prepared anything yet. so it could take more time for me than for you.11:17
ubottubug 954352 in gtk+3.0 (Ubuntu Raring) "Enable wayland backend" [Wishlist,Triaged] https://launchpad.net/bugs/95435211:17
=== _salem is now known as salem_
Laneybdrung: yeah, let me get the debdiff11:27
Laneybdrung: http://paste.debian.net/22308711:29
didrocksdoko: hey, I'm wondering why https://launchpadlibrarian.net/127995793/buildlog_ubuntu-raring-i386.efilinux_1.0-3ubuntu1_FAILEDTOBUILD.txt.gz is only failing on i386 and amd64. I'm not really motivated to add -fno-stack-protector. Any help?11:31
didrocksand *not* on amd6411:31
bdrungLaney: shouldn't have the symbols version a trailing ~ (for backport reasons)?11:31
Laneyi didn't upload it yet :-)11:32
bdrungLaney: as you wrote, we need to get a MIR for libxkbcommon first11:34
cjwatsondidrocks: the other question is why you uploaded a merge from somebody who didn't touch it last and hadn't talked to the previous uploader, who might have had a merge in progress ...11:34
dokodidrocks, well, should be clear if build with -nostdlib11:35
Laneybdrung: I'm not massively interested in working on it, so feel free to check with #ubuntu-x11:35
LaneyI get the feeling that it's experimental so won't be allowed in11:35
didrockscjwatson: I was just doing my patch pilot sponsoring and waiting to help clean the queue. The merger from debian seemed straightforward enough to be handle and builds fine on my amd6411:35
cjwatsondidrocks: that doesn't answer my complaint, at all11:36
cjwatsonsponsoring is not an excuse for doing it wrong11:36
bdrungLaney: it's relatively new. there were no release, when the ubuntu package was created, but now there is a 0.2.0 tarball:  http://cgit.freedesktop.org/xorg/lib/libxkbcommon/log/11:36
didrocksok, I'll keep that in mind for the next sponsoring shift and only touch my area11:36
cjwatsonno, that isn't what I said11:36
didrocksdoko: let me have a look11:36
cjwatsonPeople being sponsored need to be educated how not to step on people's toes11:37
cjwatsonThat doesn't mean exaggerating to "only touch my area"11:37
didrockscjwatson: well, in that case, it's easier to wait that the other people is doing his shift (if they do it…)11:37
bdrungLaney: i will ask in #ubuntu-x . can you attach your debdiff to the bug report?11:37
cjwatsondidrocks: sure, because those other people are off relaxing on the beach rather than doing other useful work, I'm sure11:38
cjwatson(I'm quite tired of the insinuations about sponsoring)11:38
didrocksfor things that seems easy people directly uploads them, like when people multiarched the unity stack, and didn't use the right branches, I didn't scream at "you are stepping on my toes"11:38
cjwatsondidrocks: We've had a notice on merges.ubuntu.com for eight years that people should check with the previous uploader before merging11:39
cjwatsonIt's not like it's news11:39
didrockscjwatson: oh, it's not about you, TBH, I even don't know who is doing their shift and who doesn't, I just see a lot of complain from dholbach that a lot are not doing11:39
cjwatsonYes, dholbach isn't fixing cross-builds either11:39
cjwatsonWe all do things11:39
didrocksI agree, that's why I didn't complain and try to help getting things clean11:39
didrocksfor things that seemed straightforward and builds fine, I didn't think about that would bother others, sorry for that11:40
cjwatson(Actually, Logan did say to me in private mail that he was going to do better about contacting the previous uploader in future - so that's OK until the next person :-) )11:40
cjwatsonWhat I want is for this to be a check in the sponsorship process; I agree that in this case it was fairly untroublesome, but in other cases it has caused me problems11:40
cjwatsonI don't know how to achieve this efficiently11:40
didrocksthe issue is that we have too many ways to get things in, but that's just IMHO11:41
cjwatson(For instance something that's deliberately not being merged for one reason or another)11:41
didrocksbut I agree with your remark11:41
cjwatsondidrocks: And very few efficient ways to say "no" in a way that sticks :-/11:41
cjwatsondidrocks: So sorry, I was too harsh on you, I need coffee :-)11:42
didrockscjwatson: no worry, I can understand the feeling, I hope I didn't sponsor anything you didn't want in :)11:42
Laneybdrung: done11:42
cjwatsonI guess what I'd really like is a more reliable way to notify interested people about things pending sponsorship11:43
cjwatsonRight now, if somebody proposes a merge to a package I touched recently, I only find out if they explicitly ask for my review, or if I watch the whole sponsorship queue11:43
bdrungcjwatson: good ideas are welcome. maybe we could add some information the the sponsoring queue?11:43
infinitycjwatson: Yeah, if I could more easily subscribe to these things, I wouldn't care about losing TIL on all my merges (which happens all the time)11:43
cjwatsonbdrung: The problem with approaches that involve more information on the sponsoring queue is that you still have to watch the queue to see them11:44
cjwatsonbdrung: I think I want LP's default who-gets-asked-for-review to be smarter11:44
infinityIt really irks me to lose TIL on merges (which reminds me, I need to steal dpkg back from you), cause then they go off my radar.11:44
cjwatsoninfinity: And for some reason we advertise merges as a good thing for people to do when they're learning11:45
cjwatsonI've *never* understood that11:45
infinityProbably because many of them (like the eflinux one above) are really trivial.  But the knock-on effects of "stealing" trivial merges from other people are pretty irritating.11:46
cjwatsonMerges tend to be either trivial or REALLY REALLY HARD11:46
cjwatsonAnd if you aren't experienced you can't tell which in advance11:46
cjwatsondidrocks: So, I can solve the losing-TIL problem for efilinux by fixing up that build failure for you, if you like ;-)11:47
didrockscjwatson: indeed, that's a way to do it. I don't like cleaning what broke under me, but if there is a benefit for you, sure, please do :)11:48
didrocksI don't like *not* cleaning11:48
didrocks2 *not* missing in less than 30 minutes, need coffee as well :)11:49
cjwatsondoko: Shouldn't -ffreestanding inhibit use of the stack-protector?  I'm sure it used to11:50
cjwatsonOh, wait, the problem might be in gnu-efi11:50
cjwatsonHah, and slangasek dropped the -fno-stack-protector bit there saying that it was no longer needed11:51
didrocks@pilot out11:55
=== udevbot changed the topic of #ubuntu-devel to: Ubuntu 12.10 released | Archive: Open | Dev' of Ubuntu (not support or app devel) | build failures -> http://qa.ubuntuwire.com/ftbfs/ | #ubuntu for support and dicussion of hardy -> quantal | #ubuntu-app-devel for app development on Ubuntu http://wiki.ubuntu.com/UbuntuDevelopment | See #ubuntu-bugs for http://bit.ly/lv8soi | Patch Pilots:
=== MacSlow is now known as MacSlow|lunch
cjwatsondidrocks: OK, fix on its way now, although it won't involve reuploading efilinux12:00
cjwatsonThem's the breaks12:00
didrockscjwatson: just a rebuild once gnu-efi rebuilt from what I saw. Well, if someone contacts me for this package, I'll redirect it to you12:01
cjwatsonYeah, no worries12:02
cjwatsonxnox: I've sorted out the gluegen2/armhf horribleness, I think12:02
=== francisco is now known as Guest79688
cjwatsonSo we should be able to crawl up that stack shortly and get opencv promoted12:03
=== cpg is now known as cpg|away
pittididrocks: nice progress on the sponsoring queue!13:00
didrockspitti: thanks :)13:01
pittihm, ubuntu-drivers-common just started failing, bcmwl doesn't compile any more13:02
pittiand testing locally confirms it13:02
pittitseliot: ^ seems the "support 3.8" broke 3.7?13:03
pittiFehler: »struct cfg80211_ibss_params« hat kein Element namens »chandef«13:03
pittitseliot: filed as bug 1097729; should we revert the change for now, or do you think it could be made to work with both kernels/13:07
ubottubug 1097729 in bcmwl (Ubuntu Raring) " stops building on current raring" [High,Triaged] https://launchpad.net/bugs/109772913:07
wookeywhere do I go to ask questions when apt is apparently doing daft things?13:11
wookeyCurrently in a raring chroot if I try to install libgcc1:arm64 apt wants to remove all of essential. I don;t understand why...13:12
wookeyis there an apt irc channel or debugging info somewhere?13:13
cjwatsonwookey: #debian-apt on OFTC13:16
cjwatsonwookey: Also -oDebug::pkgProblemResolver=true13:16
=== mterry_ is now known as mterry
infinitywookey: Is that the same version of libgcc1 that you have on your other arch (or is it otherwise causing a version skew that would break the world)?13:28
infinitywookey: That's the only obvious thing I can think of.13:28
=== MacSlow|lunch is now known as MacSlow
wookeyaha. 4.7.2-17ubuntu2 vs 1:4.7.2-17ubuntu2. I bet that's bloody it!13:37
=== barry` is now known as barry
wookeythe annoying hting is that the error message you get from apt about this is 'libc6:arm64 depends on debconf:arm64' which is just wrong, and thoroughly misdirectful13:39
wookeyI guess multiarch is going to produce more of this sort of mysteriousness13:39
cjwatsonthat's particularly curious since debconf is M-A: foreign13:40
wookeyI was thoroughly nonplussed13:40
barrydoko: where is it?  i looked didn't find it.  it's a different source package13:41
wookeyI'm not sure what to do with this sort of problem. take it to the deity list?13:42
cjwatsonperhaps, yeah13:42
infinitywookey: Which problem?  The unhelpful error message, or you asking apt to do something you shouldn't?13:42
wookeyanalysis with libdose can be helpful but that said everything was OK.13:42
wookeyapt giving unhelpful meessages when I ask it to do womthing it shouldn't :-)13:42
cjwatsonthe problem with analysing with some other tool is that half the time you find yourself analysing why they differ13:43
cjwatsonhello, yak-shaving13:43
tseliotpitti: let me check. I'm pretty sure there's a check which applies only to 3.813:43
wookeycjwatson: indeed. but I don't know how to get more detailed info out of apt about why it thinks what it things. I recall there is some, but I failed to find info on it yesterday13:43
cjwatsongenerally you get more detailed info by adding more of the packages it complains about to your apt-get install line until it gives you a real error13:44
cjwatsonand as I say -oDebug::pkgProblemResolver=true can be helpful although it takes practice to read13:44
wookeysearching for apt debug on google gets you some astronomical windows tool apt.exe13:44
cjwatsonbetween them those two strategies are usually enough13:44
pittitseliot: a mere "sudo apt-get install bcmwl-kernel-source" on current raring reproduces it13:45
wookeyright. I knew the 1st but not the second.13:45
tseliotpitti: true, I can reproduce it here. I'll fix it13:47
pittitseliot: thank you!13:48
Chipzzwookey: while U agree that apt's error messages could sometimes be improved upon, I'm not sure how simple that would be13:48
wookeyChipzz: Yes. That may well be the b3est that it can do, but I'd like to be assured of that by someone :-)13:49
Chipzzthe solver probably is quite complex13:49
cjwatsonwookey: BTW have you seen https://wiki.ubuntu.com/CrossBuilding/BuildChroot?13:49
wookeyReally I thinbk we just need some easy-to-find docs on how to debug13:49
wookeyno such page?13:50
cjwatsonwookey: Sorry, https://wiki.ubuntu.com/CrossBuilding/BuilddChroot13:50
bdrungmdeslaur: see bug #108405413:51
ubottubug 1084054 in vlc (Ubuntu Precise) "Denial of service via crafted PNG file" [Undecided,Confirmed] https://launchpad.net/bugs/108405413:51
barrydidrocks: any chance you could take a look at https://code.launchpad.net/~barry/oneconf/py2py3/+merge/141001 ?13:51
didrocksbarry: not today, but it's on my list :)13:52
wookeywe need to agree on our DEB_STAGE/BUILD_PROFILE bootstrap/stage1 terminology before we do too much more of this...13:52
mdeslaurbdrung: sarnold is on community this week, he should be picking it up. thanks!13:52
barrydidrocks: okay, thanks!13:52
bdrungmdeslaur: i saw your comments on bug #1095434 and bug #109619313:54
ubottubug 1084054 in vlc (Ubuntu Precise) "duplicate for #1095434 Denial of service via crafted PNG file" [Undecided,Confirmed] https://launchpad.net/bugs/108405413:54
ubottubug 1084054 in vlc (Ubuntu Precise) "duplicate for #1096193 Denial of service via crafted PNG file" [Undecided,Confirmed] https://launchpad.net/bugs/108405413:54
bdrungsarnold: time to sponsor vlc?13:54
micahgdidrocks: thanks for working on the sponsorship queue, could you please try to remember to check the .changes file for the appropriate changelog entries when sponsoring merges (I know UDD makes this more difficult than grab-merge)14:08
wookeyOK. fixing the epoch on libgcc1 means it gives a much more sensible message:  libgcc1:arm64 : Conflicts: libgcc1 but 1:4.7.2-17ubuntu2 is to be installed14:11
wookeyaha. yes. I've failed to push my equivs patch to enable Multi-Arch: foo upstream14:13
wookeyyee-ha. only taken 3 days to get that package installed :-) Now I should be able to do sbuild raring arm64 cross-builds14:17
tumbleweeddidrocks: looks like you forget to use -v a few times when sponsoring merges today. And I'm noticing too late to make any difference...14:21
micahgtumbleweed: and I mentioned it 13 minutes ago :)14:25
micahgerr...13 minutes previous to you14:25
tumbleweedah, I lastlogged for -v, you didn't match :)14:25
micahgyeah, I figured people keep asking what it is (which I guess is a problem in and of itself, but, meh)14:26
micahgand syncpackage seems to not be doing it properly either ATM...14:26
micahgah, maybe that's for the first sync into the series14:27
tumbleweedsyncpackage is only responsible for the changes it shows you and closes bugs with14:27
micahgit does that part properly ;)14:27
micahgit's the LP side that seems broke14:28
micahgI"ll have to make sure a bug is logged later14:28
zulmterry:  ping14:39
mterryzul, heyo14:41
mterryzul, I'm mostly back up and running, I can take a look at the mirs again14:42
zulmterry: cool they should be ok now14:42
stokachuchrisccoulson: Was there a email or any documentation relating to acroread not being built after Precise?14:45
cjwatsonThe partner maintainers asked for packages in partner not to be automatically carried over to the next release14:46
cjwatsonSo if it hasn't been published in later series then that's because none of the partner maintainers saw fit / remembered to reupload it14:46
stokachushould i ping one of them about it?14:46
cjwatsonI gather this was something to do with contracts not necessarily covering all series14:46
stokachuthanks :)14:46
=== kentb-out is now known as kentb
mterryzul, your testrepository upload ftbfs15:06
zulmterry:  ubuntu3?15:07
mterryzul, yeah15:07
zulmterry: i just uploaded ubuntu415:07
didrockstumbleweed: micahg: sorry not enough sleep and yeah, I noticed it once I sent my report :/15:10
mterryzul, ah cool15:11
=== slank_away is now known as slank
zulmterry:  when i run it locally it runs fine15:37
mterryzul, this was in a pbuilder15:38
mterryzul, maybe a missing depend?15:38
zulmterry: ubuntu4?15:38
mterryzul, yeah15:38
zuldont think so15:38
mterryzul, it finishes the build.  And I didn't test it actually running15:39
mterryzul, this is just output from the build15:39
mterryzul, looks like it tried to run some tests, failed, but didn't fail the build15:39
zulmterry: it runs just fine when its used in the nova build15:39
dokocjwatson, infinity, pitti: udev b-d's on usbutils. should this be m-a foreign?15:39
pittidoko: usbutils M-A: foreign sounds right to me15:40
cjwatsonYeah, agreed15:41
psusicjwatson: I'm going to apply to become a debian maintainer and was wondering if you would mind signing my gpg key? A70FB70515:43
cjwatsonpsusi: We'd need to exchange key material in person15:44
cjwatsonI would hope that nobody here would sign a key on the strength of an IRC conversation :-)15:44
psusireally?  years of irc conversations, being registered with lp, used to sign many emails, my ppa, all not enough? ;)15:45
cjwatsonSorry, pretty standard practice15:46
psusiwish I had remembered that last time uds was here15:46
cjwatsonI'm happy to sign a key at the next conference when we meet15:46
psusiheh, when will UDS be back in Orlando? ;)15:47
cjwatsonWell, it's been twice now so presumably the odds aren't awful15:48
xnoxlook up on db.debian.org for DDs near you & meet in person.15:48
LaneyI got a keysigning request ages ago and forgot to set up a meeting15:49
psusixnox: doesn't seem to show where they live...15:51
xnoxthere is also a keysigning page on debian wiki15:52
xnoxthat has locations.15:52
hrwpsusi: conferences are one of best ways to get key signed.15:56
hrwat last Linaro Connect I hunted down Linaro kernel hackers for example15:57
psusiyea.. damnit, I should have done that.. seems signatures just aren't needed in the Ubuntu community though so I guess I was a bit lazy15:59
hrwpsusi: fosdem in 3 weeks?15:59
hrwprobably too soon15:59
psusiyea, I can't fly half way around the world ;)16:05
psusiahh, damn.. next uds is in copenhagen16:06
Laneywhat makes you think that?16:06
cjwatsonuh, wasn't that the last one?16:06
Laneythe /previous/ one was16:06
roadmrpsusi: hmm I don't think so, that was in November and I doubt it would repeat16:06
roadmrpsusi: probably an outdated page16:07
pittipsusi: I heard rumours about Oakland16:07
psusiohh, you're right.. guess the page hasn't been update16:07
pittipsusi: FWIW, you could have spent five years as "psusi" and your name could still be Eduard Frankenstein -- IRC personality vs. official authority document :)16:09
psusiwhen you sign the key in person do you authenticate my birth certificate? ;)16:09
pitti(and it is totally okay to call yourself anything you like in the interwebs, that's not uncommon)16:10
pittipsusi: well, passport, ID card, something like that16:10
pittiat least you need to meet someone in person, preferrably more than once16:10
psusiohh... so this is... what's it now... that high level of trust type signature they talk about in the manual, not just normal?16:11
pittiit is certainly conceivable to generate a GPG key with an identification of "https://launchpad.net/~psusi"16:12
pittibut ordinarily you create GPG keys with your real name/email16:12
pittiI don't need to sign your key to trust that lp.net/~psusi can control /~psusi/+gpgkeys16:12
pittibut if I want to ensure that those key bits are controlled by a person called "Phillip Susi", I need to see an official ID with your photo and your name16:13
cjwatsonI *have* signed the odd person's key in the past based on an IRC conversation, but only people I know very well so that I can e.g. have some way to satisfy myself that they're the same person that I know offline16:14
cjwatsonAnd sometimes I do say that if somebody is impersonating so-and-so then they've been doing a good enough job of it for long enough that they deserve to win16:15
pittiif I have met someone personally once, I would be comfortable having her/him read out the fingerprint over the phone, and tell me how/when we met if I can't recognize the voice reliably16:15
psusisure.. but sending an encrypted email and verifying I can read it verifies the pairing of email address and key... and the fact that I've been signing email with that key for years is pretty good indication that someone didn't just make it up and hack my email.. about the only possibility is that I've been lieing about my real name all these years, and well... that just seems a little paranoid16:15
cjwatsonBut I have to know them personally for that; I don't have a good enough social brain to convince myself that a person I'm talking to on IRC now is the same person I've been talking to before16:15
cjwatsonBasically, diverging from the standard safe procedure means that I have to think really hard about whether this might be a social-engineering attack16:16
pittipsusi: there are quite a number of community members who prefer working under a pseudonym16:16
cjwatsonAnd that's difficut16:16
pittipsusi: i. e. you can trust the work of someone with a pseudonym without having to trust his real name16:16
cjwatsonUbuntu is quite plausibly a high-value target of attack; I don't think it's paranoid to be careful16:16
psusiright, so would it even matter if I had been using a false name this whole time?16:16
cjwatsonas is Debian16:17
pittitseliot: thanks!16:17
cjwatsonI don't think it would matter if you'd been using a false name, but I'm not willing to give up the "exchange key material in person" step16:17
pittipsusi: not in terms of how other people regard your work16:17
cjwatsonOther people might feel it matters16:17
pittipsusi: I would sign a key ID saying "https://launchpad.net/~psusi is an Ubuntu community member", if that would make any sense; but I couldn't sign an ID saying "Philip Susi", as I cannot verify that16:18
tseliotpitti: thanks for reporting16:19
Davieypitti: So, you have seen my online identify of Dave Walker (Daviey) for a number of years now.. Would you consider that enough to sign my key, remotely.. without seeing supporting ID?16:19
pittiDaviey: I know you in person and would trust myself to recognize your voice; so if I were to sign a key for you, I'd be content with calling your phone number and you reading me your fingerprint16:20
=== pitti is now known as sabdfl
cjwatsonLikewise.  But if I *only* knew you online then I wouldn't sign a key base on that16:20
sabdflcjwatson, Daviey: I'm doubling your salary16:21
sabdflthat's the problem with IRC identities :)16:21
=== sabdfl is now known as pitti
* xnox doesn't sign people's keys with documents I don't recognise. e.g. us driving license is meaningless to me. I've signed on us driving license only once, but that person was already in my web of trust.16:21
Davieyhah.  Works for me.16:21
psusiDaviey: depends on the type of signature... gpg defines different levels and one of them is to signify that yes, you are attesting that the persons' name is correct... but there are others that just mean you are sure that someone else is not impersonating the person you know16:21
maxbUnfortunately those levels of signature aren't nearly well defined or publicised enough16:22
DavieyWell, people use them very differently16:22
cjwatsonpsusi: the uses of the web of trust in Debian generally consider any signature to be sufficient, 16:22
cjwatsonin any case, this is all very long-established stuff; you're swimming upstream by trying to persuade people to make exceptions for you, and it might well be easier to just arrange a meeting in person16:23
psusiI guess what I'm saying is that the bar of "verified identity with gov't documents" is the highest level of trust, and seems a tad much for getting recognized as a dm16:24
psusiI fired off an email to the one dd listed as living in FL, see what happens16:24
xnoxpsusi: levels of trust != attestation. You attest for everyone, levels of trust are set locally. E.g. i might attest somebody, but mark in my keyring to not trust that persons attestations cause said person publically tried to get a key signed without checking ID.16:24
macoi dont think i'd need my mom's drivers license to believe she's my mom16:24
cjwatsona DM very likely has root on lots of people's machines16:24
cjwatsonit's worth fairly carefully establishing that they are who you think they are16:25
macowell any more than i already have trouble believing we're related ;)16:25
cjwatsonif nothing else so that you have some chance of having some recoure16:25
Davieywell, a key parties you tend to look and validate a whole chunk of people.  If i validate someone called "John Smith", i'm not going to remember the contact details to support recourse.  I just know that it is *A* John Smith.16:26
psusithat's the thing... trusting someone, and verifying their identity are different things entirely... how does verifying my legal name help with the trust part?  it doesn't seem to...16:27
pittipsusi: that's right, these are totally different concepts16:27
maxbIt does seem a bit incongruous that a decision on whether to give uploader privileges is pretty much wholly based on behaviour of an online persona, yet there's no agreed on way to set up cryptographic trust based on that. But that's the situation that seems to have evolved.16:27
cjwatsonif you thought you trusted somebody and then they screwed you over (actionably), then if you can't verify they were who they said they were you have absolutely no recourse16:28
pittimaxb: actually, that's pretty much how LP's upload privileges work16:28
psusiif you trust the guy who has been going by the name Phillip Susi and using the email address psusi@ubuntu.com and submitting patches for a while enough to give him a ppu status, what difference does it make whether that's the name that's on his birth certificate?16:28
cjwatsonif you've verified a binding with real-world identity then you at least have *some* chance16:28
Daviey2 people on my team go by different names to what their legal name was.  When i turned up to a hotel and asked if they had checked in, i was told nobody with those names were staying at the hotel.  I then got worried i was at the wrong hotel :)16:28
cjwatsonit's not likely to be sufficient, but it seems necessary16:29
pittipsusi: we hand out developer/upload privileges based on that "online identity" indeed16:29
pittiI'm not actually sure whether we require someone's GPG key to be in the WoT still; we did in the past16:29
pittidoes anybody know?16:30
macowe do have one developer who went by an alias because he was under 18 and his parents wouldn't let his birth-certificate-name be used online. the key he has under the alias was signed by several ubuntu an debian folks16:30
macopitti: debian does, dont think ubuntu does16:30
pittimaco: that's what I thought, too16:30
stgraberpitti: I can't remember the DMB ever checking that before granting upload rights to Ubuntu, but maybe it's some part of the procedure that got forgotten over time16:33
pittistgraber: I think it makes sense that way16:33
ogra_we used to have an awful process that involved an attoney and a fax machine in the beginning16:33
pittistgraber: we started with WoT before Launchpad16:34
psusithat reminds me, there was someone working for canonical that lived around here and wanted to meet, and darnit I forgot who16:34
cjwatsongah, fantasy on the brain, I keep reading that as "Wheel of Time"16:35
psusilol, me too ;)16:35
ogra_better than Wheel of Fortune at least ...16:35
ogra_(in the light of granting upload rights)16:35
* Laney glares16:40
psusiis there a list of canonical employees with where they live?16:43
xnoxogra_: ppu/motu/core-dev should be in the web of trust (the set of debian & ubuntu devs)16:43
xnoxpsusi: you want a Debian Developer if you want to become a Debian Maintainer.16:44
xnoxand employment information is private & sensitive information pretty much everywhere in the world.16:44
psusiyea, I know... I'm just bothered now because I had a convo with a canonical developer a while back and he lived nearby and wanted to meet for a beer some time, and I can't recall who it was now and we never did16:44
argestseliot: hi i noticed an ftbfs for nvidia-graphics-drivers. looks like a missing common in the control file. should I create a patch or is somebody else looking at this already?16:57
tseliotarges: which revision?17:00
argestseliot: looks like nvidia-graphics-drivers-31017:00
tseliotarges: I can see the log now. Weird, let me check17:00
=== deryck is now known as deryck[lunch]
rbasakIs there an example of dep3 as applied to dpatch somewhere?17:22
xnoxrbasak: dpatch uses it's op DP: description fields and predates dep3 by a long time.17:26
cjwatsonYeah, I usually just stick them in DP: and don't worry too much about it17:27
xnoxconvert to quilt & use dep3, or stay with dpatch + write a bit of text in the description.17:27
cjwatsondpatch is deprecated anyway so the problem should go away over time17:27
rbasakOK so it's vague and if I just make it human readable it'll be sufficient?17:28
rbasakI guess I'll just prepend dep3 stuff with ## DP: then17:28
=== a3Dman_ is now known as a3Dman
cjwatsonrbasak: I normally find prepending DEP-3 headers with DP: is too awkward - I just do free-form text17:31
cjwatsonBut whatever17:31
=== Tonio_ is now known as Tonio_aw
=== deryck[lunch] is now known as deryck
=== Ursinha is now known as Ursinha-afk
=== slank is now known as slank_away
=== cody-somerville_ is now known as cody-somerville
=== parasight_ is now known as parasight
kenvandine@pilot in18:54
=== udevbot changed the topic of #ubuntu-devel to: Ubuntu 12.10 released | Archive: Open | Dev' of Ubuntu (not support or app devel) | build failures -> http://qa.ubuntuwire.com/ftbfs/ | #ubuntu for support and dicussion of hardy -> quantal | #ubuntu-app-devel for app development on Ubuntu http://wiki.ubuntu.com/UbuntuDevelopment | See #ubuntu-bugs for http://bit.ly/lv8soi | Patch Pilots: kenvandine
=== henrix is now known as henrix_
=== slank_away is now known as slank
=== burlak- is now known as burlak
=== salem_ is now known as _salem
kenvandine@pilot out22:29
=== udevbot changed the topic of #ubuntu-devel to: Ubuntu 12.10 released | Archive: Open | Dev' of Ubuntu (not support or app devel) | build failures -> http://qa.ubuntuwire.com/ftbfs/ | #ubuntu for support and dicussion of hardy -> quantal | #ubuntu-app-devel for app development on Ubuntu http://wiki.ubuntu.com/UbuntuDevelopment | See #ubuntu-bugs for http://bit.ly/lv8soi | Patch Pilots:
=== cpg|away is now known as cpg
bdrungsarnold: re bug #1084054 - vlc has a preliminary MRE. the SRU still needs to get build through -security23:16
ubottubug 1084054 in vlc (Ubuntu Precise) "Denial of service via crafted PNG file" [Undecided,Confirmed] https://launchpad.net/bugs/108405423:16
sarnoldbdrung: hrm, that does sound familiar but now I can't find the documentation that would explain it further23:21
bdrungsarnold: -proposed will build with -updates, which is not allowed for packages going to -security23:23
sarnoldbdrung: oh, I overlooked the "preliminary MRE" the first read-through, do you have a link handy?23:29
sarnold(I didn't see it on https://wiki.ubuntu.com/StableReleaseUpdates/MicroReleaseExceptions )23:29
bdrungthat's how i got 2.0.3 in. let me digt out the TB meeting23:29
bdrungsarnold: http://ubottu.com/meetingology/logs/ubuntu-meeting/2012/ubuntu-meeting.2012-07-23-21.14.html23:32
sarnoldbdrung: thanks23:33
xnoxpitti: your @debian.org email doesn't work =(23:54

Generated by irclog2html.py 2.7 by Marius Gedminas - find it at mg.pov.lt!