=== doko_ is now known as doko
=== Guest68049 is now known as rcj
=== rcj is now known as Guest36844
cyphermoxhi, could someone please review upstart-watchdog in the NEW queue?14:55
xnoxcyphermox: the sheer name scares me! =)14:57
cyphermoxxnox: hehehe :)14:58
cyphermoxas it should14:58
ogra_we need to have something consuming all that dogfood we invest ;)15:00
ogra_hmm, could anyone let mit out of proposed so i can re-generate the meta package properly ?15:04
=== charles_ is now known as charles
ogra_since the new packages are not in the archive atm i cant get the ubuntu-touch-meta update script have them recognize yet15:05
xnoxogra_: invoke editor ;-)15:09
cjwatsonLetting mir out of -proposed isn't a manual thing, as you well know!15:12
cjwatsonRegenerate the metapackage first, by hand if necessary.15:13
cjwatsonThe update script isn't the be-all and end-all ...15:13
cjwatsonI'm not going to override proposed-migration just to avoid manual work regenerating the metapackage.15:13
ogra_hmm, k15:17
ypwongarges, I think you have reviewed bug 1329262, may I know what is blocking it to be released to -updates?15:25
ubot2bug 1329262 in Ubuntu Kylin trusty "plymouth message --text doesn't work with ubuntukylin-theme" [Critical,Triaged] https://launchpad.net/bugs/132926215:25
argesypwong: hi. let me look15:25
argesypwong: so 1.0.1 in trusty-proposed is what fixes that bug? It seems like the changelog message didn't include that bug (which is why it was missed)15:26
argesypwong: if you can confirm thats what fixed the bug I can release that into -updates.15:27
ypwongarges, I can see the bug # in https://launchpad.net/ubuntu/+source/ubuntukylin-theme/1.0.115:31
argesypwong: hmm. Ok : ) well maybe the pending SRU page didn't pick it up for some reason. I see that everything is verified, so I'll release it.15:32
ypwongarges, thank you :)\15:32
argesypwong: ok done. thanks for bringing this to my attention15:33
ypwongyou're welcome15:35
mdeslaurinfinity: could you please denew xchat-gnome-indicator?17:23
mdeslaurinfinity: and promote it to main and demote xchat-indicator to universe?17:23
mdeslaurogra_: heh, xchat is in universe, no sense in having the indicator in main :P17:27
infinitymdeslaur: Err, why should it be in main?17:28
infinityIf xchat is in universe...17:28
mdeslaurinfinity: xchat-gnome-indicator needs to be in main because xchat-gnome is in main17:28
mdeslaurthe xchat-indicator package used to build two binary packages: xchat-gnome-indicator and xchat-indicator17:28
infinityOh, derp.  Kay.  Do dependencies or seeds reflect this?17:28
mdeslaurbut I split it because one now needs to be gtk317:28
ogra_infinity, we support the castrated version now17:28
infinityI'll look in a second.17:29
infinityUpdating my local seeds.17:29
mdeslaurogra_: what's castrated about it?17:29
ogra_only half the features17:29
mdeslaursuch as? /me is truly curious17:30
infinityxchat is an abomination anyway. :P17:30
infinityPeople need to learn how to use terminals.17:30
davmor2mdeslaur: no people list on the right, some commands don't work, some plugins don't work the list goes on but I can't remember them all17:46
mdeslauroh, the people list on the right has been back for a few years17:46
mdeslaurit's just off by default, you need to click the option17:46
mdeslaurI wouldn't be able to use it without the people list :)17:47
davmor2mdeslaur: xchat is the base for which xchat-gnome modifies why have the modification when you can have the real deal ;)17:50
infinitydavmor2: Because the real deal is hideous.17:51
infinity(I assume xchat-gnome is slightly less ugly?)17:51
infinityOtherwise, I really wouldn't see the point.17:51
davmor2infinity: not really17:51
davmor2infinity: it's mostly just simplified17:52
infinitySo, still ugly as sin and doesn't match the design/UI guildelines of any DE since the dawn of time? :/17:52
mdeslaurThere was a reason I switched at some point, but I honestly can't remember what it was17:52
infinityOne has to try really hard to make something look worse than CDE, I commend them for succeeding, at least.17:53
* mdeslaur wonders if having used CDE makes him privileged, or just old.17:54
infinitymdeslaur: Both.17:54
infinitymdeslaur: Well, or neither, I suppose, since it became freely available long after it was relevant, so some young kids saw it for funsies.17:54
infinitymdeslaur: But when I used it, it was cutting edge, and only shipped on hideously expensive workstations, as I assume is the case for you.17:55
cyphermoxon Sun workstations for me at least :/17:55
infinityHP workstations for me.17:55
infinityHP workstations that cost more than my parents' house.17:55
infinity120k for a tiny little grey box with the density of a star.17:56
mdeslauron Sun workstations, with the backspace key that prints ^? instead of doing anything useful17:56
infinityI still don't know what alloy HP was using for those heatsinks, but I'm partially convinced it was of alien origin.17:56
cyphermoxinfinity: if you could review upstart-watchdog next, since you're reviewing ugly stuff, I'd be very grateful ;)17:56
cyphermoxmdeslaur: yeah, I had forgotten about that17:56
cyphermoxI kept one sun keyboard from the office for nostalgia17:57
* infinity still has a VT220 for nostalgia.17:58
infinityEvery once in a while, I dust it off, go "wow, was the monitor really that tiny, it seemed so huge!" and then resolve to never plug it in again.17:59
infinityupstart-watchdog - watchdog jobs to reboot when system or session jobs fail18:02
infinitycyphermox: ^-- Automatic Windows administration?18:02
cyphermoxahah, something like that :)18:03
infinitycyphermox: The description alone doesn't make me want to review this. :P18:03
infinitycyphermox: So, I have two questions.  (A) why do we need this and, (B) why do we care, if we're transitioning away from upstart?18:04
infinitycyphermox: And (C) if this is a useful feature, why isn't it being proposed for upstart istself instead of a helper package?18:04
cyphermoxit's for the phone, if upstart jobs get into a respawn loop, most are critical and the phone just won't be useful without them running18:05
cyphermoxas for B)18:05
cyphermoxit's temporary indeed, until we can use systemd, etc.18:05
infinitycyphermox: If a job is in a respawn loop, what makes us think rebooting will magically fix it?  Won't we then just end up in a reboot loop?18:05
cyphermoxand C) I don't know if you'd really necessarily want that on desktop, on the phone we have a bit more control and sight to make sure these respawning loops don't happen as often18:06
cyphermoxinfinity: it's a concern, yes. but on the phone it was decided it would be just fine in that case, if you do end up in a reboot loop, to call customer support to get help18:06
infinitycyphermox: In theory, yes, though it actually makes the job of support a lot harder, since diagnosing an endlessly rebooting device is Really Hard.18:07
cyphermoxon the phone, you can get into recovery at least18:07
infinitycyphermox: "My phone app keeps crashing" is easier to debug on the fly than "my entire phone reboots every time it gets to the desktop".18:08
cyphermoxphone apps aren't usually upstart jobs18:08
infinityPerhaps a moot point, though, since I don't see a whole lot of remote debugging being a thing on the phone.18:08
cyphermoxwe're looking at indicators, ofono and such right now18:08
infinityAnd phones in such a state (in a commercial context anyway) will just lead to returns or reflashes, not debugging.18:08
cyphermoxyes, reflashing18:08
cyphermoxor returns, indeed18:09
cyphermoxrsalveti: want to chime in ^ ?18:09
infinitycyphermox: Not going to pressure anyone to provide this for a 1.0 shipping image or anything, but if we're going to go down the "we can't figure out how to recover cleanly, so just reboot" road, you probably also want to count the reboots and trap on boot "if count-in-last-hour >= 3" or something, and put up a "your phone might be buggered, please contact support or visit this web page for recovery options" dialog.18:10
cyphermoxinfinity: the premise is that these job failures shouldn't happen in the first place, and at least trying to recover automatically by rebooting in case, say, ofono died, is more likely to lead to a phone that works again18:11
cyphermoxinfinity: we discussed that approach18:11
cyphermoxdecided people already were expected to call support if their phone was stuck rebooting all the time18:11
infinityIt's a nice theory.  People need to be hand-held a bit, I find.18:12
cyphermoxie. that it was obvious enough when you keep seeing the boot animation18:12
cyphermoxI don't necessarily disagree18:12
infinityI have a lot of non-technical friends who, when systems get in such a state, just decide that's the New World Order, until a computery friend comes along, looks at how they use their phone, laptop, etc, and goes "DUDE, WTF."18:12
cyphermoxI'm just following what we discussed in our sprint planning18:12
cyphermoxhaha, yeah18:12
infinity"Yes, mom, it's perfectly normal for the new Android to reboot 7 times after a phone call, you made the right decision to not return it to the store for service, CAN YOU HEAR MY SARCASM?"18:15
* rsalveti waves18:15
rsalvetiinfinity: yeah, we decided initially to just make it to reboot18:17
rsalvetilater one we need to talk with design to see if we want a different approach18:17
rsalvetilike getting into recovery or something18:17
infinityRecovery is scary too.  But something that catches a reboot loop and offers direction would be pleasant.18:17
rsalvetireboot, hope for the best, and let the user to call support if the phone is rebooting non-stop18:18
cyphermoxinfinity: or, the fact that the phone beeps constantly, and changes the wallpaper by itself when it's charging after 5 minutes... only if you set your language to French (Canada) in Android 5.0? :D18:18
rsalvetiinfinity: right, hard to find out the right one there, you don't want the phone to appear as working somehow for the user18:18
rsalvetiso that's why recovery is used by android18:18
cyphermoxrsalveti: nothing makes it impossible to do that though18:18
infinitycyphermox: That's a feature.18:19
cyphermoxrsalveti: I can just add some logic to the pacakge for a next release to get to recovery18:19
cyphermoxinfinity: figured you would say that18:19
infinitycyphermox: PS: Stop being French Canadian.18:19
rsalveticyphermox: right, better to discuss that though, as we decided to not do that initially18:19
cyphermoxat least now I don't need to try to say "1$s" in place of "Ok Google" :)18:19
cyphermoxrsalveti: yes18:19
rsalvetias we need to show up something on recovery18:19
infinitycyphermox: Hahahhaa.  Seriously?18:19
rsalvetiwhich then makes us talking with design, and that will take forever18:20
cyphermoxrsalveti: I'm just saying, we can come up with an updated way to handle this18:20
cyphermoxat least for now there is something18:20
cyphermoxinfinity: yes, seriously. I did try it, doesn't work ;)18:20
infinitycyphermox: Pronounced "one dollar ess", or perhaps "one string"?18:22
* mdeslaur is glad infinity is back from vacation18:22
cyphermoxhmm, would need more testing.18:22
infinityAnyhow, the package looks like it should do what it claims it does.18:22
infinityI'm pretty not okay with the approach, but I'll handwave for now and hope people come up with something less evil.18:23
cyphermoxhandwave duly recorded18:23
* ogra_ notices an urge to join one of the phone teams in infinity's voice 18:24
* infinity panics.18:24
cyphermoxrsalveti: let's move this conversation to #ubuntu-touch and think about it some more18:24
* mdeslaur watches upstart-watchdog restart infinity18:24
xnoxmdeslaur: infinity: i'm half and half. Half using x-chat, and the other half using hexchat (fork of original xchat to keep it "maintained")20:14
mdeslaurxnox: why are you still using xchat? hexchat is pretty much the same, no?20:14
xnoxcyphermox: all phone apps are upstart jobs at the moment (user session upstart, not system one, but still ;-) )20:16
cyphermoxxnox: but I don't think apps in the standard sense really so much use respawn anyway20:17
cyphermoxindicators I agree with. some random browser app or game, not so much20:17
xnoxmdeslaur: there is no hexchat-indicator yet.20:19
xnoxmdeslaur: i'm meant to port it or find a port.20:19
xnoxcyphermox: indicators are running as upstart jobs.... in a user session upstart, not system one.20:20
mdeslaurxnox: hrm, what if you just symlink the xchat-indicator plugin into the hexchat plugin directory?20:20
cyphermoxxnox: yes, I know :)20:20
xnoxcyphermox: so upstart-watchdog reboots from unpriviledged user? and security team let it through? it's not like mdeslaur is right here, reading this.20:20
xnoxmdeslaur: looking at the code they renamed s/^X/HEX/ all symbols so I daubt it, but maybe it works....20:21
mdeslaurxnox: oh, darn, that sucks20:21
* xnox fetches to read it.20:21
mdeslaurI didn't know they did that for the plugin api20:21
xnoxmdeslaur: i'll double check to confirm.20:22
mdeslaurit's possible20:22
xnoxcyphermox: actually reading the whole black magic it seems ok. However do check that you don't have intentional things: emitting RESULT="failed" PROCESS="respawn" and rather be left alone instead of rebooting.20:24
xnoxcyphermox: e.g. for example upstart-plymouth-bridge i believe just does that - respawning until giving up, if there is no plymouth daemon running. And that's "normal".20:24
=== Guest36844 is now known as rcj
=== rcj is now known as Guest84698
=== Guest84698 is now known as rcj_ghost
DalekSecmdeslaur: https://code.launchpad.net/hexchat-indicator20:28
xnoxmdeslaur: may i work on merging xchat-gnome-indicator & xchat-indicator to be (a) single source code base (b) be able to build for both simultaniously (c) possibly add hexchat-indicator?20:30
mdeslaurxnox: well, no, I just split it20:31
mdeslaurxnox: so that gtk2 can go away to universe20:31
mdeslaurxnox: you can add it to the xchat-indicator package though20:31
xnoxmdeslaur: haha. qt5 & qt4 are not ported from gtk2 to gtk3 yet.20:31
* xnox double checks20:32
mdeslaurwhat, for theming?20:32
mdeslaurwhy is qt using gtk?20:32
xnox$ reverse-depends libgtk2.0-0 | grep qt20:33
xnox* appmenu-qt520:33
xnox* gtk2-engines-qtcurve20:33
xnox* libqt5gui520:33
xnox* libqt5gui5-gles [amd64 i386]20:33
xnoxfunny how gles is compiled with gtk support for themeing.20:33
xnoxmaking gles not be compiled against gtk2 and not sure how appmenu is in there20:33
xnoxbut if gles is compiled without gtk theming it could make gtk2 be dropped from phone images atleast.20:34
mdeslaurwell, anyway, having the same codebase for gtk2 and gtk3 in the indicator and building twice was painful20:34
mdeslaurbut I think adding hexchat support to the xchat-indicator package would make sense20:34
xnoxmdeslaur: yeah, true. i'm not sure what to base hexchat on then.20:34
mdeslaurand is likely to be trivial20:35
xnoxit's gtk, so i'll keep it there.20:35
xnoxmdeslaur: reading the net-diff between xchat-gnome-indicator and xchat-indicator - i'm pretty sure the same patches are valid for gtk2...20:36
mdeslaurnope, I tried20:36
mdeslaurwait a sec, I'll tell you which ones20:36
mdeslaurgdk_x11_window_get_xid for one20:38
* ScottK notes the channel and wonders if maybe we've wondered a tad off topic.20:39
* mdeslaur moves to #ubuntu-devel20:39
xnox mdeslaur moves... the conversation or ScottK ?! =)))))))) *giggle*20:40
ScottKPondering the imminent demise of keys < 2048 in Debian, should we do something similar?21:20
xnoxScottK: we ain't even got a web of trust among all devs really... =)21:32
ScottKNo, we all trust in Launchpad.21:32
xnoxScottK: but yeah, running a script to get all key ids and get some stats on key sizes would be useful to at least assess the situation and whether it's better or worse than debian etc.21:33
* xnox hopes we do not have recursive team memberships....21:56
stgraberxnox: we've got 304 keys currently with upload rights21:57
stgraber(that's recursive ~ubuntu-dev + the PPU people)21:57
stgraberI just need to create a GPG keyring now and load them all in there, then check for < 2048rsa21:58
xnoxstgraber: you are faster with launchpad api than I am =) my script is still running....21:59
stgraberxnox: downloading the keys from keyserver.ubuntu.com now22:00
stgraberxnox: it's basically just a loop over lp.people['ubuntu-dev'].participants, for each grabbing all the keys from people.gpg_keys, then doing the same for all the people with PPU upload rights (I've got a report with the list of usernames), stuffing all that into a set22:01
stgrabergot a third of the keyring downloaded :)22:02
infinitystgraber: You'll find people like me who still have their old key in LP.  I intend to remove it after keyring-maint finally swaps my new key into the Debian keyring.22:03
xnoxstgraber: ah, i've missed participants. i was doing recursive iteration over getMembersByStatus and calling oneself over if it's a team - http://paste.ubuntu.com/9256636/22:03
ScottKSo far, AFAIK, we don't even have a policy of retiring the older keys, so we've got to start somewhere.22:04
infinityScottK: Well, once we know the current situation, we can talk policy.22:05
infinityScottK: Having the [ACCEPT] email warn about short signing keys would be a good first step.  Then we could eventually move to just REJECTing uploads signed by short keys, even if they're valid and attached to the user.22:05
ScottKThat'd be a start.22:06
infinityWhich also means people don't need to remove their old keys, we just stop trusting them.22:06
stgraberthere you go: http://paste.ubuntu.com/9256745/22:09
xnoxstgraber: what about subkeys? launchpad accepts uploads singed by signing subkeys22:09
xnoxi think we are better than debian in terms of % of <2k keys.22:11
stgraberxnox: give me a patch against http://paste.ubuntu.com/9256773/ and I'll happily run it :)22:11
infinitystgraber: So, if we ignore 2048 as borderline, looks like we're about 50/50 good/bad.22:12
stgraberinfinity: yup22:12
infinitystgraber: Except I bet that also counts both keys for people who have two?22:12
stgraberit does22:12
stgraberand it should22:12
stgrabersince both are valid for uploads to the archive22:12
infinitystgraber: Well, no.  It shouldn't, from the POV of "how far do we have to go to fix it".22:13
infinitystgraber: Cause if we stopped trusting 1024 today, people like Colin and I could still upload fine, even thought we have 1024 keys in your analysis.22:13
infinitystgraber: So, I want to know how many *users* couldn't upload in that case, not how many *keys*.22:13
stgraberyeah, I'd have to make an actual script for that rather than just type stuff in lp-shell :)22:16
infinitySince we have no actual web of trust (for better or worse), we are in a position where we could move quickly if we did decide on a policy, at least.22:17
infinityCause an individual can generate and upload a key in a matter of minutes, it needs no other action.22:17
xnoxstgraber: can you send me the keyring itself please?22:17
stgraberxnox: sure, one sec22:18
xnoxstgraber: tah.22:18
stgraberxnox: https://dl.stgraber.org/ubuntu-keyring.asc22:19
xnoxstgraber: tah.22:20
infinityOh, keyring-maint *did* replace my key in Debian, I just foolishly thought I'd get an email about it when they did.22:21
infinityI guess that email would have come in the form of a reject from DAK on my next upload. :P22:21
ScottKNo need to provide the information before you need it.22:22
ScottKThis way you won't forget.22:22
xnoxrough stats of public & subkey algos and sizes http://paste.ubuntu.com/9256897/22:25
infinitywgrant: Are the ACCEPT message from soyuz a straight CC to -changes and the uploader, or are they individually crafted?22:25
stgraberalmost done writing a clever script22:25
infinitywgrant: If we decide to start deprecating short keys, I'd like to tack a warning on the ACCEPT sent to the user, but no need to publically shame them on -changes22:25
xnoxthis doesn't check if the subkey is encrypt only... e.g. like elg*22:26
stgraberit's gonna be very slow though but very accurate (iterates through the archive privileges for all the archives)22:26
wgrantinfinity: I believe they're separate, but we should really just email people directly.22:26
wgrantNot much point having a warning about it.22:26
xnoxstgraber: infinity: so we have like 11 rsa keys <2k, the rest of small keys are DSA22:27
infinitywgrant: Well, an email to devel-announce obviously, with the policy.  And individual nag mails.  But I like the idea of warning "we accepted, but..."22:27
infinitywgrant: Maybe there's little point.22:27
xnoximho killing DSA keys should be easy / first target.22:27
ScottKKill them all.22:27
xnoxinfinity: no need to hack soyuz.... mail announce ubuntu-devel-announce. Do another followup, rerun/check how effective that was. Mass individual email (launchpad email if present, key's emails otherwise)22:29
xnoxand then purge.22:29
infinityScottK: I think this should probably be a joint TB/AA decision.  Want to start a cross-posted discussion and we'll draft something to send to -announce when we all agree?22:29
xnoxinfinity: it's not like we lock people out like debian, one can simply generate new key, login and add it.22:29
infinityxnox: No purging required, we can just reject if signed by a key type we don't like, even if the key is known to us.22:29
xnoxinfinity: bigger question is - what about everyone? for PPA access/uploads?22:29
xnoxinfinity: right, ok.22:30
* stgraber sshes to snakefruit so he can abuse LP much faster than from home22:30
xnoxinfinity: yeah force removing keys from profiles sounds bad.22:30
infinityAnd that's a fair point, TB/AA can't really make policy decisions for PPAs, but lp-dev can.22:30
infinitywgrant: ^22:30
wgrant"can't really" -> "can't at all" :)22:31
wgrantI'd need to collect more data there.22:32
infinityPretty sure we can have different acceptance criteria in the short term, if we want to move quickly for the distro but feel it's too disruptive for PPAs.22:32
wgrantAnd we also need to devise a solution for PPA signing keys themselves.22:32
wgrantRemember that copies are a thing, though.22:32
infinityThe PPA signing key thing definitely needs to be solved, yes.22:32
xnoxwgrant: what's the algo/size for ppa singing keys? have they been rotated - ever?22:32
stgraberxnox: 1024R for old PPAs22:32
wgrantThere's no way to rotate them, which is the problem.22:33
wgrantUbuntu does it with a package that hacks apt's keyrings.22:33
xnoxyeah maybe we should practice what we are going to preach =)22:33
infinitywgrant: Copies imply (however incorrectly) that you've validated the thing you're copying and you're now using your direct LP creds to do the copy to the target, the original signer is irrelevant.22:33
stgraberand indeed copies are a good point, I don't suppose LP keeps a reference to the key which was used for the initial upload so we can reject the sync?22:33
wgrantstgraber: It does.22:33
wgrantBut some things (eg. recipes) aren't signed, so it's not quite trivial.22:33
xnox.... which brings us to ssh key sizes as well.22:34
xnoxand the ssh-blacklist =)))))22:34
stgraberlet's try to fix one thing at once :)22:35
xnoxstgraber: nah, we want to break everything at the same time.22:36
infinityHow do SSH keysizes matter at all?22:36
stgraberturns out iterating through getAllPermissions and then grabbing all members of the team (if it's a team), not a very fast operation :)22:36
stgraberinfinity: commit to bzr branches which use recipes22:37
infinityPeople doing sftp uploads are still GPG-signing their packages, so I don't actually care if their SSH login is insecure.22:37
infinitystgraber: Oh, recipes.  Kay, that's back to the PPA thing, though.22:37
infinityLet's stick with distro policy first.22:37
xnoxlaunchpad's ssl cert chain is all 2k RSA, so that's good.22:37
wgrantAnd it should be SHA-256 all the way nowadays.22:38
stgrabersame for SSO, so yeah, SSL seems fine22:38
wgrantI whined enough.22:38
infinityWell, this is good, though.  SSL being fine is a prereq for trusting the key replacement process. :P22:39
xnoxwgrant: all but the top level CA - it has sha256 fingerprint, but the selfsig is SHA1 it seems.22:39
infinityI still wish we had a Debian-style WoT requirement for our signing keys, but whatever.22:39
infinityThat ship sailed long ago.22:39
xnoxwgrant: all other certs in the chain are sha256.22:39
stgraberwow, that script is really incredibly slow... looks like I'll need to add some logic if I don't want it to take an hour and end up upsetting wgrant22:40
infinityScottK: Anyhow.  Thanks for bringing it up.  I thought about it earlier this year, but didn't want to bring it up while I was a hypocrite still uploading to both Debian and Ubuntu with a 1024D key from 2002.22:42
wgrantxnox: The root cert's self-sig doesn't matter, since it's only trusted by the fingerprint stored in the browser's CA DB.22:43
xnoxwgrant: i see.22:43
stgraberyay, the script seems to work so far:22:50
stgraberstgraber@snakefruit:~$ ./ubuntu-gpg-stats.py22:50
stgraberUbuntu has a total of 207 uploaders.22:50
stgraberUbuntu has a total of 314 GPG keys with upload privileges tied to them.22:50
cjwatsonxnox: The ssh blacklist is dead, along with the code to deal with it; if you want me to resurrect it and carry on maintaining it you'd better have an exceptionally compelling argument :-)22:52
cjwatsonBecause maintaining that openssh patch sucked.22:52
=== rcj_ghost is now known as rcj
xnoxcjwatson: i know. I like the openssl-blacklist approach where it's stand-alone set of datapoints.22:53
xnoxcjwatson: i've blogged - it appears a few of the openssh/openssl bad keys leaked into openpgp web of trust, thanks to monkeysphere conversion. I'm planning to find and revoke those.22:54
xnoxcjwatson: but i presume launchpad did database clean-up removed dupes?!22:54
xnoxcjwatson: well probably nothing to answer publically here.22:55
cjwatsonPretty sure that was cleaned up centrally at the time, though, well, it was six years ago and memory is fuzzy.22:56
cjwatsonI remember us looking at a query to find duplicates though.22:56
wgrantI remember something being done about that, yes.22:56
wgrantNot that I was an insider at the time.22:56
cjwatsonHaha it looks like I ran the query indeed22:58
cjwatson18:44 <@elmo> (Do I want to know how you guys are backdooring LP? :-P)22:58
cjwatson18:44 <@cjwatson> the dump on mawson22:58
cjwatson18:44 <@cjwatson> it's not entirely up to date, but22:58
cjwatson18:45 <@cjwatson> I didn't *really* want to explain to somebody what I wanted to do on production22:58
xnox*really* yeah *really* =)22:59
cjwatsonThough I think my SQL at the time sucked even more than it does now and I just pulled the list of all fingerprints and postprocessed or something stupid like that.  Anyway, don't really want to go spelunking the logs of #argh at this remove :-)23:00
cjwatson(Yes, that was the internal channel name)23:01
cjwatson2008-05-13.log:16:21 <@elmo> LP keys deleted23:02
cjwatsonGuess that covered that23:02
ScottKMail sent.23:08
stgraberxnox, infinity: http://paste.ubuntu.com/9257987/ will get you one keyring per user and a global "ubuntu-archive" keyring. Shouldn't be too difficult to then look for people with multiple keys and see if one of those match the future criteria.23:47
xnoxstgraber: cool.23:57

Generated by irclog2html.py 2.7 by Marius Gedminas - find it at mg.pov.lt!