[00:37] <StevenK> wgrant: Can you see https://qastaging.launchpad.net/~stevenk/+archive/private ?
[00:43] <wgrant> StevenK: I'm god
[00:43] <wgrant> StevenK: You probably want to try with an unprivileged account
[00:43] <StevenK> Yeah
[00:43] <StevenK> I'm doing so
[00:43] <wgrant> eg. me+testing
[00:43] <StevenK> I'm in the middle of using my other account
[00:44] <wgrant> Ah
[00:47] <StevenK> Response body:
[00:47] <StevenK> ---
[00:47] <StevenK> (<Archive at 0x116cf510>, 'getBuildRecords', 'launchpad.View')
[00:47] <StevenK> I think I can cope with that
[00:47] <StevenK> And external_dependencies is returned as redacted
[00:48] <StevenK> wgrant: I can add me+testing if you want to poke around
[00:49] <wgrant> StevenK: As long as +index renders with some packages it's probably OK
[00:49] <StevenK> Hmm
[00:49] <StevenK> How to inject some packages into it
[00:49] <wgrant> You can use syncSource to copy stuff on qas
[00:49] <wgrant> Although PCJs might work there too; I don't quite recall.
[00:49] <StevenK> I don't know if the PCJ runner is working
[00:50] <StevenK> s/working/set up to run/
[00:50] <wgrant> So use syncSource :
[00:50] <wgrant> )
[00:51] <StevenK> wgrant: My qas auth token is my test account which has no privs
[00:51] <cjwatson> I think PCJs are set up there
[00:52] <cjwatson> Vaguely recall from the last time I cared
[00:52] <cjwatson> You would find out soon enough
[00:52] <StevenK> Oh, that reminds
[00:52] <StevenK> *me
[00:52]  * StevenK gets a bunch of flags removed from qas
[00:57] <cjwatson> wgrant: Did you see my updates to https://code.launchpad.net/~cjwatson/launchpad/bpph-phase/+merge/144154 ?
[01:03] <StevenK> Hmph, now Archive:+index gives Not allowed here
[01:17] <wgrant> cjwatson: Oh, sorry, completely missed that email
[01:17] <wgrant> StevenK: Exactly what I was hoping for
[01:18] <StevenK> :-(
[01:48] <wgrant> StevenK: https://code.launchpad.net/~wgrant/launchpad/archive-defer-deletion/+merge/148988
[01:48] <wgrant> Change is that I now set dateremoved on anything that doesn't already have it set, rather than just setting it on formerly active pubs
[01:49] <wgrant> Otherwise stuff that was superseded/deleted but hadn't been p-d-r'd yet would stick around forever
[02:21] <StevenK> wgrant: _getBinaryPublishingBaseClauses has include_removed=True, and getPublishedSources has it as False, which is it?
[02:34] <wgrant> StevenK: Oops
[02:34] <wgrant> StevenK: I initially had it as exclude_removed=False, but inverted it but missed one default
[02:34] <wgrant> That would have failed a lot of tests
[02:34] <wgrant> Fortunately
[02:35] <wgrant> Fixed
[03:10] <wgrant> StevenK: Any other objections?
[03:13] <StevenK> wgrant: No, no other objections.
[03:14] <wgrant> Thanks
[04:02] <StevenK> Unauthorized: (<SourcePackagePublishingHistory at 0x111008d0>, 'id', 'launchpad.View')
[04:02] <StevenK> This displeases me
[04:03] <StevenK> That I had to move dependencies to SubscriberView also displeases me
[04:13] <StevenK> wgrant: So I need to change the SPPH adapter to say you have View if you hold SubscriberView on the archive?
[04:13] <wgrant> StevenK: I suppose so
[04:18] <wgrant> StevenK: https://code.launchpad.net/~wgrant/launchpad/ppa-permadeath/+merge/149462
[04:18] <StevenK> No fair stealing r16500
[04:21] <StevenK> renamable looks wrong
[04:22] <wgrant> Oh?
[04:22] <wgrant> The is_copy bit is slightly insane now that they can be published
[04:22] <wgrant> But I didn't really want to go near that, and there's no way to actually trigger the problematic rename today
[04:22] <StevenK> Sorry, the actual variable name, not the calculation for it
[04:23] <wgrant> Maybe it deserves an extra e
[04:23] <wgrant> http://en.wiktionary.org/wiki/renamable
[04:23] <wgrant> renameable is listed as an alternative form, but doesn't have a page
[04:23] <wgrant> I win
[04:24] <StevenK> I didn't say it was wrong, I said it *looks* wrong.
[04:27] <StevenK> wgrant: Bleh, IArchive.dependencies is on +indexx
[04:27] <StevenK> *+index
[04:27] <wgrant> StevenK: Sure, and it's not hugely sensitive.
[04:28] <StevenK> wgrant: It isn't?
[04:31] <wgrant> StevenK: I don't think so
[04:31] <wgrant> It's a list of PPAs
[04:36] <StevenK> wgrant: https://code.launchpad.net/~stevenk/launchpad/new-perm-for-archive-subscribers-fixed/+merge/149464
[04:37] <wgrant> StevenK: Have you tested this more thoroughly locally?
[04:37] <StevenK> Spoil all my fun
[04:37] <wgrant> StevenK: Why does checkUnauthenticated forward using check_permission (which uses global state)?
[04:38] <StevenK> wgrant: Since I don't really understand security adapters and copied from the LimitedView one
[04:39] <wgrant> I'd check to see if there's a reason it doesn't just use forwardCheckUnauthenticated or similar
[04:40] <StevenK> wgrant: I have approved your MP
[04:42] <wgrant> StevenK: Thanks
[04:43] <wgrant> StevenK: For cleanup, I think we should just reset the status to active if it's deleted but enabled, and set the rest to deleting
[04:43] <wgrant> And reenable the publish flag, I guess. So they get redeleted by the publisher, setting dateremoved and renaming them
[04:43] <StevenK> Right
[04:44] <StevenK> How many are we talking about?
[04:47] <wgrant>  status | enabled | publish | count
[04:47] <wgrant> --------+---------+---------+-------
[04:47] <wgrant>       2 | f       | f       |  7803
[04:47] <wgrant>       2 | f       | t       |     3
[04:47] <wgrant>       2 | t       | f       |   241
[04:47] <wgrant>       2 | t       | t       |   132
[04:47] <wgrant> So ~400 get actived, and 8000 back to deleting
[04:47] <StevenK> Right
[04:47] <StevenK> It might be okay to do that via SQL
[04:48] <StevenK> The numbers are a bit high for my liking
[04:48] <wgrant> Not really. There's likely to be crap on disk
[04:48] <StevenK> Right, so we need a garbo to clean this crap up?
[04:48] <wgrant> And the number of pubs that would need updating is large
[04:48] <wgrant> No
[04:48] <wgrant> Oh
[04:48] <wgrant> You mean set the archive status with SQL?
[04:48] <wgrant> Yes, that was the plan
[04:48] <StevenK> Right
[04:48] <wgrant> I thought you meant avoiding the publisher
[04:48] <StevenK> No no
[04:49] <StevenK> I'm not sure about updating 8000 Archive rows in 2.5 seconds
[04:49] <StevenK> With a temp table it's probably doable
[04:49] <wgrant> No need for a temp table
[04:49] <wgrant> Calculating the set takes about 15ms
[04:49] <StevenK> No triggers on archive?
[04:50] <wgrant> Apart from the fti update
[04:50] <wgrant> So nothing of consequence
[04:50] <StevenK> So, once we deploy we fix stuff up?
[04:50] <wgrant> Right
[04:51] <StevenK> Sounds like a plan
[04:51] <StevenK> I'm testing this stuff
[04:51] <wgrant> Great
[04:51] <wgrant> Hopefully it won't need a 5th emergency landing
[04:51] <StevenK> My stuff or yours?
[04:52] <StevenK> Bah, forgot to subscribe myself
[04:52] <wgrant> Yours
[04:52] <StevenK> Don't remind me
[04:52] <StevenK> Already feel like a moron
[04:52] <wgrant> The UPDATE takes ~3s on DF, so should be fine on prod
[04:53] <wgrant> And given the rows it's touching I don't really care if it holds a lock for slightly too long
[04:53] <wgrant> The update that touches active rows is around 300ms
[04:53] <wgrant> So all fine
[04:58] <StevenK> wgrant: There is no expander for sources on Archive:+index, right?
[04:59] <StevenK> There are not
[04:59] <StevenK> So it looks good
[04:59] <wgrant> Yeah
[04:59] <wgrant> That's on +packages
[04:59] <StevenK> Which is Forbidden
[04:59] <StevenK> http://pastebin.ubuntu.com/1687066/
[05:00] <wgrant> I'd hope so, given it needs View
[05:00] <wgrant> StevenK: Any other calls to check_permission in lp.security that want fixing
[05:00] <wgrant> ?
[05:01] <StevenK> wgrant: Only LimitedViewDeferredToView
[05:01] <StevenK> And it has a comment
[05:02] <StevenK>         # The forward adapter approach is not reliable because the object
[05:02] <StevenK>         # might not define a permission checker for launchpad.View.
[05:02] <StevenK>         # eg. IHasMilestones is implicitly public to anonymous users,
[05:02] <StevenK>         #     there is no nearest adapter to call checkUnauthenticated.
[05:03] <wgrant> If there's no adapter then how is it implicitly public?
[05:03] <StevenK> zope.Public I guess
[05:03] <wgrant> Sure, but then the adapter won't be checked
[05:04] <wgrant> So it doesn't matter if it delegates to nothing
[05:04] <wgrant> StevenK: When was that comment added?
[05:05] <StevenK> 14646.4.1 14646.4.6 and 14646.4.2
[05:05] <StevenK> r14669 on devel
[05:07] <wgrant> StevenK: I'd try replacing that and seeing what ec2 thigns
[05:07] <wgrant> thinks
[05:07] <wgrant> you can certainly use forwardCheckUnauthenticated in yours
[05:09] <StevenK> forwardCheckUnauthenticated is not a method on AuthorizationBase
[05:11] <StevenK> wgrant: So I guess I can't, if the method doesn't exist? :-)
[05:13] <wgrant> StevenK: It's probably mostly used for edit permissions
[05:13] <wgrant> Where checkUnauthenticated is always false
[05:13] <wgrant> I sense an obvious solution
[05:14] <StevenK> wgrant: Grep over the tree for forwardCheckUnauthenticated
[05:14] <wgrant> I know it doesn't exist today
[05:14] <wgrant> But there was also no way to rename a PPA three hours ago
[05:14] <wgrant> :)
[05:15] <StevenK> Ah, Edit don't use checkUnauthenticated
[05:16] <wgrant> Right
[05:16] <wgrant> Since anonymous users don't have edit/admin/etc. perms
[05:16] <wgrant> Which is the primary use of delegation
[05:19] <StevenK> wgrant: http://pastebin.ubuntu.com/1687202/
[05:20] <wgrant> StevenK: Right
[05:20] <StevenK> Tempted to refactor slightly
[05:20] <wgrant> Probably a good idea
[05:21] <StevenK> Since both forward methods are roughly identical
[05:24] <StevenK> wgrant: http://pastebin.ubuntu.com/1687235/
[05:26] <wgrant> StevenK: I'd say _getNext, but yeah
[05:27] <StevenK> Sure, but it does a bunch of asserts and checks
[05:27] <wgrant> But it doesn't actually do the forwarding
[05:27] <wgrant> The current method name says it does
[05:29] <StevenK> So the docstring lies too?
[05:29] <wgrant> The forwarding bit is the call to checkAuthenticated
[05:32] <StevenK> wgrant: Tossing it at ec2
[05:33] <StevenK> I may forgive you at some point for stealing r16500 :-P
[05:34] <wgrant> Unlikely
[05:41] <lifeless> surely 16384 was more important
[05:41] <wgrant> That's why I always get both 1000 and 1024 on new projects
[05:41] <StevenK> bzr log doesn't tell me the commit id
[05:42] <StevenK> Just that PQM commited it, which is unhelpful
[05:42] <StevenK> But I think it's Curtis
[05:42] <wgrant> Why do you want the ID?
[05:42] <lifeless> StevenK: -n0 ? --show-revids ?
[05:42] <StevenK> wgrant: Because I don't keep the commit history in my head, like you do :-P
[05:43] <wgrant> If you want to know who it was, then -n0 is what you want, as lifeless says
[05:43] <wgrant> Though --show-ids would probably also work, as you could see the RHS parent
[05:44] <StevenK> parent: curtis.hovey@canonical.com-20121220230354-8t4pd8cx4jkztgga
[05:44] <StevenK> Right
[06:03] <StevenK> wgrant: I thought we destroyed the blueprint dropdown for being horrible?
[06:09] <wgrant> StevenK: I thought it was removed from +supersede, but it may just have had the timeout fixed
[06:10] <StevenK> I can recall a critical about ubuntu blueprints and a dropdown
[06:42] <stub> Can we use a cookie as a quick hack to fix the longpoll blocking issue?
[06:43] <stub> Just a counter - if it is higher than a threshold, do no long poll. If it is lower, increment it, do longpoll, decrement it when result in
[23:56] <StevenK> wgrant: https://code.launchpad.net/~stevenk/launchpad/new-perm-for-archive-subscribers-fixed/+merge/149464 is ready for a review