[01:04] <teward> does launchpad show ppa usage/download statistics anywhere?
[01:08] <teward> actually, may be better to ask: is there a reason this would time-out?  https://api.launchpad.net/1.0/~nginx/+archive/ubuntu/stable/+binarypub/40721078?ws.op=getDailyDownloadTotals&start_date=2013-10-23   (Error ID OOPS-debf0694dfb4065abd2d84ccc9668f58)
[01:08] <teward> (generated by a ppastats tool)
[01:09] <wgrant> teward: That's a very long period. You'll get better results if you don't ask for almost two years of data at a time.
[01:10] <teward> wgrant: FYI: I didn't generate the link?
[01:10] <teward> nor do I have the capability to customize
[01:10] <wgrant> teward: You'll want to tweak the code that you're using.
[01:10] <wgrant> Why not?
[01:10] <teward> http://wpitchoune.net/blog/ppastats/
[01:10] <teward> ^  that tool
[01:10] <wgrant> Why can't you customise it?
[01:11] <teward> I could customize it, but i'm not sure whether the release team *wants* that amount of data or not
[01:11] <teward> only reason i'm using it is because the release team asked for ppa stats
[01:11] <teward> not sure if giving them a smaller dataset would be frowned on by them
[01:11] <wgrant> You can give them the entire dataset.
[01:11] <teward> (see https://lists.ubuntu.com/archives/ubuntu-release/2015-July/003310.html)
[01:11] <wgrant> You just can't request absolutely everything in one hit.
[01:11] <teward> wgrant: then what do you suggest I do to the program and API reqs?
[01:11] <teward> because I haven't dissected the tool's code
[01:12] <wgrant> dear lord
[01:12] <wgrant> it is an LP API client written in C
[01:13]  * teward yawns
[01:13] <teward> wgrant: i'm tired, cut me some slack?
[01:13] <teward> blame the holidays >.>
[01:13] <wgrant> Oh, I'm just looking at the code, expecting it to be a 50-line Python script.
[01:13] <teward> heheh
[01:13] <wgrant> Instead it's thousands of lines of C...
[01:14] <teward> wgrant: i think what the release team wants is nice graphics
[01:14] <teward> this thing produces graphs apparently
[01:19] <wgrant> teward: Anyway, as a general rule, if requesting two years of data times out, request less data at once.
[01:19] <teward> wgrant: and without C coding knowledge (I have limited) I can't customize the tool.
[01:19] <wgrant> That's not something I can help with.
[01:19] <teward> indeed.
[01:20] <wgrant> If it were Python, the code would be perhaps one-twentieth the size, and would be easy to adjust.
[01:20] <teward> mhm
[01:20] <teward> Python++
[01:20] <teward> C --
[01:21] <wgrant> Retrying it several times may work, but it may not.
[01:21] <teward> it's tried 35 times so far *shrugs*
[01:46] <lifeless> wait what
[01:46] <lifeless> someone wrote non-kernel code to talk to an API in C?!
[01:47] <wgrant> Yes, I thought I was drearming.
[01:47] <wgrant> That 4000 LOC could probably be less than 200 lines of Python.
[01:50] <blr> well, there's something charmingly perverse about that I guess.
[01:50] <lifeless> no
[01:50] <lifeless> there really isn't
[01:50] <wgrant> No.
[01:50] <wgrant> Nothing charming at all.
[01:50] <wgrant> Perverse, sure :)
[01:51] <blr> come on, it's a little amusing.
[01:51] <wgrant> True.
[01:51] <lifeless> if you find more buffer overflows in the world amusing
[15:34] <lfaraone> wgrant: lifeless: I guess you folks haven't heard of https://github.com/okws/okws :P
[17:00] <zyga> hey, any launchpadlib hackers around?
[17:01] <zyga> https://bugs.launchpad.net/launchpadlib/+bug/1471894
[17:13] <cjwatson> zyga: doesn't crash here
[17:13] <cjwatson> python3-launchpadlib	1.10.3-1
[17:14] <cjwatson> Ah, but I probably don't have an expired token
[17:14] <cjwatson> Yeah, should be trivial to fix, bonus points if your patch comes with a test
[17:15] <zyga> cjwatson: I have the code patched, patching existing tests not to crash with the patch in place
[17:24] <zyga> cjwatson: my current approach is to use b'...' constants instead of plain strings there
[17:25] <zyga> cjwatson: do you think that's the right way to do it?
[17:25] <cjwatson> Yes
[17:25] <zyga> cjwatson: (and patching tests to actually test with b'...' strings
[17:25] <cjwatson> That sounds fine
[17:25] <zyga> cjwatson: which is ok for python2 (no op) and gives us nice bytes in python3
[17:25] <zyga> cjwatson: nice, thanks
[17:25] <cjwatson> Just check that if you temporarily shelve the code patch, the tests start failing in python3
[17:26] <cjwatson> i.e. that the test changes constitute an effective test for this bug
[17:28] <zyga> cjwatson: sure
[17:39] <zyga> cjwatson: offtopic, I sent out a hello-world patch for tarmac but I didn't get any replies for it
[17:40] <zyga> cjwatson: I'm pretty booked lately but I will return to tarmac/git later this week
[17:40] <zyga> cjwatson: it would be good to have a person that can commit and can have a conversation with me
[17:41] <cjwatson> OK, I understand that, but it's not something I'm in a position to do much about
[17:41] <cjwatson> dobey: ^- can you help zyga?
[17:41] <zyga> cjwatson: sure, just something that flew past my mind while talking to you :)
[17:41] <zyga> cjwatson: iff there's nobody interested I could just be added to developer group
[17:41] <cjwatson> zyga: are you blocked on anything in LP for tarmac at the moment?  (I know there are one or two things that are suboptimal)
[17:42] <zyga> cjwatson: no
[17:42] <zyga> cjwatson: I think it's okay now
[17:42] <cjwatson> https://bugs.launchpad.net/launchpad/+bug/1462449 is quite complicated, surprisingly
[17:42] <zyga> cjwatson: those are not real blockers
[17:42] <cjwatson> I think that was your only recent unclosed bug
[17:42] <cjwatson> right, good
[17:42] <zyga> cjwatson: the most useful bits are already in
[17:42] <zyga> cjwatson: (thanks a lot for that!)
[17:43] <cjwatson> np
[17:43] <zyga> cjwatson: btw, if we're talking about git, I had inconsistent results lately
[17:43] <dobey> sent tarmac patch where?
[17:43] <zyga> cjwatson: sometimes I think I'm hitting a server that doesn't know my ssh key
[17:43] <zyga> dobey: merge request on lp:tarmac
[17:43] <zyga> dobey: it's not a real support for git, just a trivial rename to start the conversation with someone live
[17:43] <dobey> hmm
[17:43] <zyga> cjwatson: as repeated git push fix that
[17:44] <zyga> cjwatson: maybe related to ps4 outage
[17:44] <zyga> cjwatson: not sure, just letting you know
[17:44] <cjwatson> zyga: all the ps4 stuff should be out of DNS by now - check what DNS for git.launchpad.net gives you
[17:44] <zyga> git.launchpad.net has address 162.213.33.96
[17:44] <zyga> git.launchpad.net has address 162.213.33.95
[17:44] <cjwatson> right, those are ps4.5
[17:45] <dobey> zyga: i'll take a look, but i suspect tarmac probably won't be able to support git, in its current design
[17:45] <zyga> dobey: yeah, I'm willing to do all the work to change that
[17:45] <zyga> dobey: I wanted to talk to someone about a plan how to approach that
[17:45] <zyga> dobey: and if that's something that would be merged
[17:45] <dobey> zyga: does git have something remotely anything like bzrlib?
[17:45] <cjwatson> tarmac really doesn't look all that far off supporting git
[17:45] <zyga> dobey: doing that in dry run mode and getting a nack later would be pretty costly for me:/
[17:46] <cjwatson> dobey: there's pygit2, but honestly shelling out to plain git should perform fine
[17:46] <zyga> cjwatson: no result is impossible with an appropriate patch ;>
[17:46] <zyga> cjwatson: rm -rf; git add; profit ;-)
[17:46] <zyga> cjwatson: yeah, shelling out works great
[17:46] <cjwatson> git has nowhere near the startup time cost of bzr
[17:46] <zyga> dobey: git has many implementations
[17:46] <dobey> well, it doesn't have to start python and load all the plug-ins at init, sure
[17:47] <zyga> dobey: there's libgit2? from github folks (C)
[17:47] <cjwatson> pygit2 is based on libgit2
[17:47] <zyga> dobey: but I think it's not useful to work at that level
[17:47] <cjwatson> but it also isn't in Ubuntu
[17:47] <zyga> dobey: as git CLI is just fast and everything is there
[17:47] <cjwatson> dobey: I've taken specific care to make the LP webservice interface reasonably compatible for bzr/git MPs, with reference to what tarmac is using
[17:47] <zyga> dobey: it's certainly not the bottleneck in the prototype I wrote
[17:47] <dobey> zyga: it's not about how fast the CLI is or isn't really. shelling out makes for not-so-nice code
[17:48] <dobey> cjwatson: sure, and launchpadlib should handle that part just fine; it's the local  stuff i'm really worried about in that respect
[17:48] <zyga> dobey: I also think that but only to some degree, the prototype that shells out supports git and bzr and is 300 lines long
[17:48] <cjwatson> it would perhaps be better to use pygit2, but honestly, it doesn't seem reasonable to block on that
[17:48] <zyga> cjwatson: https://bugs.launchpad.net/launchpadlib/+bug/1471894/comments/1
[17:49] <zyga> cjwatson: does that look reasonable?
[17:49] <cjwatson> zyga: I think so, but would rather have an MP :)
[17:49] <zyga> dobey: the problem with many apis is that we are all used to cli and sometimes it's not easy to understand which apis a given cli command maps to exactly, I think that applies to bzr and git equally well
[17:49] <zyga> cjwatson: sure, that's step two :)
[17:51] <cjwatson> python-pygit2 is actually in wily, so it would be possible to write against that
[17:51] <cjwatson> I just worry that it's an extra barrier for people looking to upgrade existing tarmac instances to support git MPs
[17:51] <zyga> cjwatson: I agree
[17:51] <zyga> cjwatson: I target LTS codebases typically
[17:51] <cjwatson> and I'd like that to be as low-friction as possible to make it easier for people to convert over
[17:51] <zyga> cjwatson: that's very good for adoption
[17:52] <dobey> tarmac isn't in the archive
[17:52] <dobey> so whether one of its dependencies is in the archive or not shouldn't really be a blocker, i don't think
[17:52] <cjwatson> we're using pygit2 in the LP git backend implementation, but we can also deal with getting our own dependencies excruciatingly right
[17:52] <cjwatson> I'm less sure about a bazillion little tarmac deployments
[17:53] <cjwatson> especially because libgit2/pygit2's API compatibility, well
[17:53] <dobey> i'm sure tarmac hasn't got so many users that it would be problematic :)
[17:54] <cjwatson> zyga: well, if dobey feels this is required, then pygit2 isn't that hard to use.  we have reasonable experience with it in the LP dev team now
[17:55] <cjwatson> and there is a backport in ppa:launchpad/ubuntu/ppa
[17:55] <zyga> dobey: I think that this is actually a bad way to approach this, I think tarmac is just x10 larger than it has to be, has pointless deps and is tied to bzrlib+python2
[17:55] <dobey> mostly i'd like to know what "the plan" would be, to get git support in, even if it actually did nothing at the moment in the case of git
[17:55] <zyga> dobey: but I'm very much open to discussion, I just come with opinions and, hopefully, arguments
[17:55] <dobey> what is a bad way to approach what?
[17:56] <zyga> dobey: using python-* for each VCS
[17:56] <zyga> dobey: as this requires working bindings and blocks python3 transition
[17:56] <zyga> dobey: shelling out is far easier if somewhat less technically pure in some way
[17:56] <cjwatson> (pygit2 has python3 support FYI)
[17:56] <zyga> cjwatson: and bzr?
[17:56] <zyga> cjwatson: run one installation with python2 for bzr, with python3 for git?
[17:56] <cjwatson> sure, I know that, but we're talking about git
[17:56] <zyga> cjwatson: that's a bit bad
[17:57] <dobey> it only blocks py3 for bzr support, and bzrlib is never going to support py3 afaik
[17:57] <zyga> cjwatson: sure but do we remove bzr to add git?
[17:57] <zyga> cjwatson: or require different runtime to use git?
[17:57] <cjwatson> no, please stop being disingenuous
[17:57] <dobey> it's not bad
[17:57] <dobey> no, we don't remove bzr support
[17:57] <cjwatson> my point is simply that the python3 point is not relevant for pygit2
[17:57] <dobey> i think the python3 point is irrelevant anyway
[17:57] <dobey> it's a non-argument
[17:57] <zyga> dobey: why? so you want tarmac to be python2 forever/
[17:58] <dobey> zyga: i don't care if it's python2 or 3; it's quite easy to support both until such a time bzr is not used by anyone any more who uses tarmac
[17:58]  * zyga pushes the fix to launchpadlib
[17:59] <dobey> i'm not going to strip tarmac down to be a shell script written in python, just to get rid of py2 support
[17:59] <zyga> dobey: so what kind of approach would you like to see
[18:00] <zyga> dobey: initially I did try to de-couple tarmac from bzrlib (to run on python3) and shell-out to bits for each vcs, but if you don't want to see that then another option must be available
[18:00] <dobey> zyga: i don't know exactly, but if there is to be support for multiple VCS types, then there obviously needs to be some sort of abstraction layer somewhere
[18:01] <cjwatson> tarmac.branch seems like about the right point for the abstraction layer
[18:01] <cjwatson> virtually all the operations there, with the exception of bug/branch links, have analogues in git
[18:01] <zyga> cjwatson: yes, I agree, to some extent, there's also some config changes that need to happen, tarmac ties entires there to branches directly and a new scheme would be needed for git
[18:01] <dobey> zyga: we can't shell out to bzr for all features in tarmac, so shelling is simply not an option for bzr at least
[18:01] <dobey> i have no idea whether all those features will even be supportable with git at all though
[18:02] <zyga> dobey: what features are those?
[18:02] <cjwatson> dobey: the only one I could find that's not (at least at present) is bug/branch links
[18:02] <cjwatson> tarmac.branch.Branch.fixed_bugs
[18:02] <zyga> dobey: from the top of my head I can think of the checkout-lock-held semantics
[18:02] <dobey> cjwatson: we also add custom metadata
[18:02] <cjwatson> dobey: hm, where's that?
[18:03] <cjwatson> oh, revprops['reviews']?
[18:03] <dobey> cjwatson: i'd have to go search the code, but we add revision propes for the reviewers, yeah
[18:03] <dobey> yeah that's it
[18:03] <zyga> dobey: what's the use of that?
[18:03] <cjwatson> The usual git idiom is to stuff that into the commit message :)
[18:03] <zyga> cjwatson: https://code.launchpad.net/~zyga/launchpadlib/fix-1471894/+merge/263950
[18:03] <cjwatson> Which is kind of anathema to people used to bzrlib style, but meh
[18:03] <dobey> yeah, CI train does as well
[18:04] <dobey> and it makes commit messages quite ugly :(
[18:04] <cjwatson> Perhaps it would be OK to disable that for git, pending discussion?
[18:05] <zyga> cjwatson: well, since there's no way to put that (structured) in git then I think it's hard to make that an option, same as bug associations
[18:05] <cjwatson> It doesn't have to be structured, since git people don't expect it to be structure
[18:05] <dobey> well, there's a plug-in in tarmac which adds the info to the commit message too i think
[18:05] <cjwatson> d
[18:05] <zyga> dobey: what do you think about the checkout mode of operation
[18:06] <dobey> maybe it would be ok to drop that feature (we don't have a bzr plug-in to be able to pull it out on cli anyway)
[18:06] <zyga> dobey: which cannot be replicated with git
[18:07] <cjwatson> you could just have the commit implementation be commit + push
[18:07] <zyga> cjwatson: yes, I have that, it's just that the semantics is a little bit different due to the lock logic
[18:07] <dobey> zyga: i'm not sure what that means exactly. i think the best start would be abstracting out the bzr branch bits another level (as you've already started), and rewriting all the tests to not use the bzrlib testing stuff, but instead do abstract mocking or such
[18:08] <cjwatson> dobey: he means the bit where tarmac requires a checkout / bound branch so that it doesn't have to worry about lock failures, pushing, etc.
[18:08] <cjwatson> zyga: yeah, maybe ok as long as tarmac will retry the merge the next time it runs?
[18:08] <dobey> cjwatson: yeah i got that now. i was confused beause "checkout" in git is something else entirely :)
[18:09] <cjwatson> you just have to make sure to clean up on a push failure
[18:09] <zyga> cjwatson: mmm, yeah, it's just another failure that can happen
[18:09] <zyga> cjwatson: good point
[18:09] <cjwatson> which is easy if you do all the work in a temp branch
[18:10] <dobey> i'd also started some work to add signature verification to tarmac, but i haven't had any time to work on tarmac in quite a while :-/
[18:10] <zyga> dobey: signature verification?
[18:10] <dobey> i don't know how signatures work in git
[18:10] <zyga> dobey: signed commits?
[18:10] <dobey> zyga: yes, gpg signed commits
[18:10] <zyga> dobey: ah, I think in git you more like gpg sign tags instead
[18:10] <zyga> dobey: though I haven't used that much myself
[18:10] <cjwatson> you can sign commits too, it's a topic of debate
[18:11] <cjwatson> I tend to just sign tags
[18:11] <cjwatson> zyga: thanks for the lplib branch, I'm EOD now but will remind myself where my test environment is in the morning
[18:11] <zyga> cjwatson: thanks!
[18:12] <zyga> cjwatson: I'll publish it in my ppa so my colleague can hack on that in a few hours when he wakes up
[18:12] <zyga> cjwatson: when you upload a new version to ubuntu I'll backport that as well
[18:35] <zyga> cjwatson: (one more) https://code.launchpad.net/~zyga/launchpadlib/fix-1471927/+merge/263953
[20:02] <StevenC99> hi;  FYI an email from launchpad.net is seen in leaked NSA slides
[20:02] <StevenC99> large 43.6MB PDF unfortunately https://s3.amazonaws.com/s3.documentcloud.org/documents/2116130/intro-to-xks-appids-and-fingerprints.pdf
[20:03] <StevenC99> on page 24 of 60, a "Launchpad OpenPGP Key Confirmation" email
[20:03] <StevenC99> I wonder, were those emails sent to Ubuntu developers? or regular users too?
[20:05] <teward> StevenC99: i'm not going to look deeper into the document given the top line says TOP SECRET
[20:05] <teward> and i'm instead going to question where the hell you got the document from
[20:06] <StevenC99> sorry, should have perhaps linked to the news article instead
[20:06] <StevenC99> https://firstlook.org/theintercept/2015/07/02/look-under-hood-xkeyscore/
[20:06] <dobey> teward: obviously it's declassified or something
[20:06] <teward> dobey: 'leaked nsa slides'
[20:06] <teward> i'm questioning that given the 'leaked nsa slides' part
[20:06] <dobey> StevenC99: the e-mail is the same type of e-mail sent to anyone to confirm adding a gpg key to launchpad, yes
[20:06] <teward> (and when a new PGP key is added to Launchpad, LP emails the owner of the LP account an encrypted message they have to decrypt with their own private key corresponding to the PGP public key it was encrypted to, in order to provide the verification link to add it to the account)
[20:07] <teward> it's the same type of email, yes.
[20:07] <dobey> StevenC99: having it used as an example of a pgp-encrypted messages doesn't mean much
[20:07] <teward> ^ that
[20:07] <StevenC99> thanks;  so this could be any Ubuntu user, not necessarily a developer
[20:08] <dobey> you should be more worried about all the e-mails you get from various services, in clear text, that have personal information and passwords in them
[20:08] <StevenC99> this was 2008;  we didn't know better at the time
[20:08] <dobey> unless you can read under the redacted e-mail
[20:08] <dobey> eh, some of us knew better :)
[20:09] <StevenC99> i think this email was rather intercepted at the recipient's end, when they read it via plain HTTP webmail (mail/webmail/outblaze)
[20:09] <StevenC99> or who knows, maybe they did use HTTPS but it was broken somehow
[20:10] <StevenC99> if launchpad.net do happen to have email logs from Wed, 31 Dec 2008 10:04:16 -0000, they could maybe identify and notify this person
[20:10] <dobey> huh?
[20:11] <StevenC99> if launchpad.net has logs of who they send mail to at that specific time, they could figure out whose email this was
[20:11] <StevenC99> sent*
[20:11] <dobey> no i mean the interception part
[20:11] <StevenC99> oh okay, well... launchpad.net emailed somebody
[20:11] <StevenC99> that person then used some HTTP webmail client to read it
[20:11] <dobey> the nsa has been sucking up data off the wire for decades
[20:11] <StevenC99> and that's when I think NSA intercepted the email
[20:12] <dobey> i doubt it. it was probably intercepted when it went across the SMTP
[20:14] <StevenC99> i think it's a nice, chilling example though
[20:17] <StevenC99> come to think of it, there's a scerenshot of what looks like a webmail interface at the top
[20:17] <StevenC99> so surely, the person whose email is shown here, was the author of the NSA slide
[20:18] <StevenC99> well, not surely, but possible
[20:19] <dobey> i think you are making way too many assumptions about it :)
[20:21] <StevenC99> it would be cool to find out.  launchpad.net email logs seem like the only way
[20:21] <StevenC99> unfortunately the first line of base64 is obscured, so i can't extract the GPG keyid from it
[20:34] <lifeless> lfaraone: C++ concerns me much less