[03:49] <pitti> Good morning
[04:04] <sladen> pitti: Morgen
[06:17] <pitti> happyaron: hey, how are you?
[06:18] <pitti> happyaron: are you planning on merging NM with Debian? updating to 1.4 should get us rid of our biggest patches, and then we should review the Ubuntu patches to see which we can get rid of in the long term
[06:18] <pitti> happyaron: I'll forward the "config from /run" ones to upstream today
[06:25] <cpaelzer> good morning
[06:59] <xnox> gatwick is stuck cleaning
[07:16] <happyaron> pitti: yes of course I want to merge with Debian
[07:17] <happyaron> ty for forwarding it!
[07:17] <pitti> happyaron: great, thanks
[07:17] <pitti> happyaron: looking forward to losing the giant ofono patches :)
[07:41] <happyaron> pitti: yup, :)
[08:48] <tjaalton> does errors.ubuntu.com force logging in before seeing the trace?
[08:49] <tjaalton> trying it out on a blank browser profile would suggest so
[08:49] <tjaalton> makes it useless for upstreams
[08:50] <pitti> tjaalton: we collect/upload these on a wide scale mostly automatically, they might contain private information
[08:50] <tjaalton> ok, well pastebin isn't far away.. so nevermind
[09:54] <tjaalton> hmm, wonder if there could be a way to not send crashes to errors.u.c if ppa's are being used, or mainline kernels
[10:35] <pavlushka> cpaelzer: ping
[10:37] <pitti> a
[10:51] <cpaelzer> pavlushka: üong
[10:51] <cpaelzer> pavlushka: ü is too close to p when coming back from lunch - should have been pong :-/
[10:52] <pavlushka> cpaelzer: I have added the details needed to LP bug 1629038, please take a look.
[10:53] <pavlushka> cpaelzer: ok I should have pinged you in #ubuntu-bugs, next time :)
[10:54] <cpaelzer> pavlushka: fine for me - I have the tab open and will take a look before EOD
[10:54] <cpaelzer> pavlushka: how long would you be around in case I have further questions?
[10:56] <pavlushka> cpaelzer: can't assure about power/Internet-link (if it goes down), otherwise I will be available :)
[11:17] <pitti> happyaron: btw, the two debian/patches/Read-* patches won't apply to 1.4; I have them ported to 1.4 on the upstream patch already, so please don't waste time on those
[13:57] <happyaron> pitti: wow great!
[14:01] <BlackJohnny> hi
[14:02] <BlackJohnny> i have a problem with ubuntu skd after upgrading to 16.10 ... if anyone can help with the following pls let me know
[14:03] <BlackJohnny> it seems that this command fails usdk-target autosetup -y
[14:03] <BlackJohnny> with the error rror: open /etc/default/lxd-bridge: no such file or directory
[14:03] <BlackJohnny> this command is executed when I try to start the IDE
[14:04] <BlackJohnny> probably some initial configuration scripts
[15:22] <smoser> are we able to upload to zesty yet ?
[15:34] <infinity> smoser: No.
[16:30] <nacc> rbasak: is LP: #1632907 a known mysql issue?
[16:32]  * rbasak looks
[16:33] <nacc> rbasak: thanks
[16:33] <rbasak> nacc: I think that's a system misconfiguration. The postinst failed because update-rc.d failed, because insserv failed complaining about "insserv: script mysql: service mysql already provided!".
[16:33] <rbasak> I've certainly never seen that, anyway. Need steps to reproduce to consider it not a misconfiguration, IMHO.
[16:34] <nacc> rbasak: ack, thanks
[16:35] <nacc> sarnold: is there a preferred launchpad method to bring a bug to the attention of the security team in case of a regression due to a CVE fix?
[16:37] <rbasak> yakkety-proposed still contains 1.7~git20160703+dfsg-1 that never migrated for good reasons.
[16:37] <rbasak> But users may now have -proposed enabled because Yakkety is released.
[16:37] <rbasak> That sounds like a problem to me, unless I'm mistaken? Should we be clearing out -proposed before release?
[16:38] <rbasak> (my example is src:heimdal, sorry)
[16:38] <cjwatson> rbasak: The usual practice is that once we have a usable zesty-proposed (etc.) then we copy everything to that and delete from yakkety-proposed.
[16:38] <cjwatson> I think just deleting would make it hard to keep track.
[16:39] <rbasak> cjwatson: thanks, but isn't that a problem with the process then?
[16:40] <rbasak> Because that then leads to bug 1633653, for example, where a user who has proposed enabled is upgrading from Xenial to Yakkety. And we want to encourage that.
[16:41] <cjwatson> rbasak: I find it hard to care, given that having -proposed enabled is always for the adventurous.
[16:41] <cjwatson> Maybe there's some way to improve it, I just don't see it as especially urgent.
[16:42] <cjwatson> It might be possible to delete, but somebody would have to keep a list ...
[16:42] <mapreri> a way to improve it would be for sabdfl to announce the new series name before the release, so they can be copied at release time?
[16:42] <rbasak> I'd like to encourage people to volunteer to test proposed and report bugs in it (for stable releases). That helps us with SRU verification. But in that case, we should ensure (IMHO) that our processes don't leave them broken unnecessarily.
[16:43] <rbasak> Otherwise we'll put people off testing proposed, and I want the opposite.
[16:46] <nacc> smb: cpaelzer: any chance you could peek at LP: #1633207? Should that be supported?
[16:49] <rbasak> I filed bug 1634201
[16:50] <rbasak> powersj: do you want to dupe those into this bug?
[16:50] <powersj> rbasak: shoot I already merged them into the one you called out.
[16:50] <rbasak> Ah, sorry. That's slightly different possibly, because users shouldn't have proposed enabled in a development release at all, but may have it enabled in a stable release for testing pending SRUs.
[16:51] <powersj> rbasak: shall I move them to that one?
[16:51] <rbasak> Please, if they filed after Yakkety was released.
[16:51] <powersj> all submitted on the 14th, so I will
[16:52] <rbasak> Thanks!
[16:54] <cpaelzer> nacc: out of the blue I don't know
[16:54] <cpaelzer> nacc: would have to check the doc/sources to answer that
[16:59] <nacc> cpaelzer: thanks
[17:02] <infinity> rbasak: I think we can improve on this for next time, actually, based on a tool Andy's working on for me.
[17:03] <infinity> rbasak: Not much I can do about it this time, though. :P
[17:03] <rbasak> That sounds good. Yeah sure, this time it's clearly easiest to clear out proposed the usual way once the new series is ready. I'm only raising it because it seems like a recurring broken thing, rather than a one-off.
[17:05] <nacc> smoser: have you seen LP: #1633453 ?
[18:14] <nacc> rbasak: smoser: https://git.launchpad.net/~nacc/ubuntu/+source/memcached
[18:14] <nacc> just re-pusehd there, with changelog entries on each import
[18:14] <nacc> e.g. https://git.launchpad.net/~nacc/ubuntu/+source/memcached/commit/?h=ubuntu/devel
[18:16] <smoser> nacc, i think that looks good.
[18:16] <smoser> i responded to that bug
[18:17] <nacc> smoser: thanks
[18:17] <smoser> i have a question on importer
[18:17] <smoser> nacc,
[18:17] <smoser> so maybe im'just missing something
[18:17] <smoser> but you seem to really, really want to never change things to break shas
[18:17] <smoser> (ie, you want to get this change in before "settling")
[18:18] <smoser> is there a big reason behind that ?
[18:18] <nacc> reproducible imports
[18:18] <smoser> i think it inevitable that at some point you'll want to change something and future imports will nto be identical
[18:18] <smoser> i agree with the goal for sure.
[18:19] <nacc> smoser: we're discussing move to ubuntu-server-dev
[18:19] <nacc> smoser: right, and if we do that, we re-import everything
[18:19] <nacc> smoser: i'm tryign to minimize how often we'd do that :)
[18:19] <smoser> why would you re-import everything?
[18:20] <nacc> so that a new user would be able to push if they did a local import
[18:20] <nacc> the shas need to match for that tow ork
[18:20] <nacc> *work
[18:21] <smoser> but what is that use case ?
[18:21] <smoser> you want to have no access to the previously-imported tree, and run your import and then push over the previously improted tree that others have used for things.
[18:22] <smoser> i think i'd just not do that.
[18:22] <nacc> i believe the primary use case was for packages we had not imported
[18:22] <nacc> it was never in scope to replace UDD fully
[18:22] <nacc> so this will only ever cover the small set of packages the server team cares about
[18:22] <nacc> at least officially
[18:23] <smoser> i'm confused for sure.
[18:23] <smoser> i suspect i'm just missing something.
[18:23] <nacc> so let's say you're joe user and want to import locally some package that's not been imported to ubuntu-server-dev
[18:23] <nacc> i guess we don't need to re-import, necessarily
[18:24] <nacc> smoser: i'm mostly trying to minimize how often the shas can change
[18:24] <nacc> smoser: you're right, there may be future cases where they will, we'll need to consider that then
[18:24] <smoser> and that makes sense
[18:24] <nacc> smoser: but changing all the import/ commit messages was a pretty obvious broad change, and was a godo fix
[18:25] <nacc> *good
[18:25] <smoser> but i just think at the point in which you publish to anywhere (ubuntu-server-dev) then i clone, i make a change locally.... if you re-import at that point, i'm broken.
[18:25] <nacc> smoser: right, that's why ntohing is publisehd to ubuntu-server-dev yet :)
[18:26] <smoser> so i'd suggest that in that scenario, we basically continue on with what was originally in ubuntu-server-dev
[18:26] <nacc> smoser: i'm willing to concede we won't need to rewrite published git trees
[18:26] <smoser> unless it is deemed more important to fix that tree than to break users.
[18:26] <nacc> smoser: we use teh tree contents everywhere, and right now, nothing changes those
[18:26] <nacc> smoser: so the only time we'd need to re-import, i think, is if all the tree hashes were to change, which seems unlikely as they come from the source pacakges
[18:26] <smoser> yeah.  changing hashes is a pita for sure.
[18:27] <smoser> ok. i just wanted to make sure i wasn't missing something more intrinsic than i thought.
[18:27] <nacc> smoser: no, it's nothing intrinsic, afaict -- it was a requirement from the sprint docs, mostly
[18:27] <nacc> rbasak may be able to speak to it better
[18:45] <rbasak> smoser: I think it's a nice property that the imports are reproducible. It allows, for example, for a third party to prepare something locally, then submit an MP, and then to official import it, and then it'd just merge in.
[18:46] <rbasak> smoser: however, I accept that we may need to break it at some point. Then in that scenario you'd have to rebase. That's just something that would be nice to avoid if possible, that's all. Not the end of the world if we can't maintain the property, but everything is cleaner if we can. Sort of like epochs in version numbers.
[18:50] <smoser> rbasak, right.
[18:50] <smoser> but in the event that you've published something publicly , it seems more likely that you'd want to keep the published thing than re-import it.
[19:01] <rbasak> smoser: agreed.
[19:01] <smoser> good.
[19:01] <smoser> so since we'r'e here...
[19:02] <smoser> the goal is to drop the usd-import-team repos ?
[19:02] <smoser> is that right?
[19:02] <rbasak> smoser: if we made a note of when this happened though, we might even be able to keep the public trees reproducible by using previous importer revisions from git history
[19:02] <rbasak> I believe so, yes.
[19:02] <smoser> ok. cool
[19:02] <rbasak> If nacc agrees?
[19:02] <rbasak> That's my understanding, anyway.
[19:03]  * rbasak needs to go
[19:45] <nacc> rbasak: smoser: yes, hopefully very soon
[19:45] <nacc> rbasak: smoser: and import fresh into ubuntu-server-dev
[20:23] <nacc> jgrimm: fyi, running a test import of the pacakges from your list with the newest importer
[20:23] <nacc> rbasak: i think, if these imports go through w/o error, i'm ready to mark this as 1.0 and switch to annoted tags?
[20:24] <jgrimm> nacc, great!
[20:30] <nacc> smoser: given the importer isn't really running as a real user, it doesn't make sense to sign annotated tags, does it?
[20:31] <smoser> nacc, well i dont think that "as a real user" indicates "should not sign"
[20:31] <smoser> as lots of machines sign things.
[20:31] <smoser> if the importer were running on a system and ahd access to a key we wanted to let it sign things with, it might make sense.
[20:31] <nacc> smoser: what e-mail address is the key tied to in those cases?
[20:32] <smoser> well, an example is the ubuntu-cloudimage-keyring
[20:33] <smoser> http://paste.ubuntu.com/23340540/
[20:35] <nacc> ah a -noreply address?
[20:35] <nacc> smoser: so e-mails sent there, in theory, get bounced?
[20:36] <nacc> smoser: probably not a big deal for us either way, i'm just wondering if we want to direct importer queries always to the server ML or something
[20:37] <smoser> i think probably jsut dev/null
[20:37] <smoser> i dont know.
[20:37] <nacc> smoser: and where did you generate that key, etc?
[20:38] <smoser> i dont know how that particular key got generated, i think probalby utlemming did it... i might ask slangasek or cjwatson about best practices on such a thing.
[20:38] <smoser> i believe we could add that later though, right ?
[20:38] <smoser> (especially given a reproducible hash mechanism :)
[20:39] <rbasak> What if we sign (as an option) by the user who ran the command?
[20:40] <nacc> smoser: yeah, but we want to sign tags, i believe, which would change all the tags
[20:40] <nacc> rbasak: yeah, i was thinking of adding a -k option
[20:40] <nacc> rbasak: then we can figure out what key to use at runtime (or decide later)
[20:40] <nacc> rbasak: are we ok with historical tags being unsigned?
[20:40] <rbasak> Then when pushing to an official place, sign yourself, even if just our individual keys.
[20:40] <smoser> i think signing does not actually change hashes
[20:40] <rbasak> Then the only open question is what cron should do
[20:40] <smoser> does it?
[20:40] <smoser> you can sign stuff later
[20:40] <rbasak> Only of the tag itself.
[20:41] <nacc> smoser: it creates a different tag object, aiui
[20:41] <smoser> ah. right.
[20:41] <rbasak> If you replaced a tag (eg. by signing it) then the tag would change, but I don't see how that would break anything for anyone.
[20:41] <smoser> right.
[20:41] <nacc> rbasak: that's true, the pointed-to object is the same
[20:41] <nacc> sorry, i'm being overly cautious about any changes :)
[20:42] <rbasak> If the annotation said what version importer was used (eg. git describe output), then a tag signed by an Ubuntu uploader would be nice. Other uploaders would perhaps be able to trust that rather than having to check against the archive.
[20:42] <nacc> that's a good point
[20:42] <rbasak> I wonder if that needs a chain of signed tags for full trust though, in which case perhaps signed commits would work better.
[20:43] <utlemming>  smoser: correct, that key was generated by hand and then I got it signed
[20:44] <utlemming> smoser: I don't really remember all the details other than that is what I was told to do
[20:44] <nacc> heh
[20:45] <nacc> rbasak: yeah, i'll admit my key-knowledge is limited, so i'm not sure if there is already a trusted chain we should be using (by default) in the importer to recognize keys, etc
[20:52] <nacc> rbasak: so i think we're ok with not signing the tags for now, i can add the functionality to pass a key down to git-tag (-u option)?
[20:53] <nacc> rbasak: as this feels like a policy decision, on some level
[21:04] <rbasak> nacc: that sounds fine. If we decided that commits should be signed, then we'd need to add support for that separately I think.
[22:23] <slangasek> smoser, nacc: I don't know about best practices, you'll find that the Ubuntu archive key lists 'ftpmaster@ubuntu.com' but I'm not sure if anyone currently receives/reads that mail
[22:26] <nacc> rbasak: ack, do we still want to annotate them unsigned?
[22:26] <nacc> slangasek: ok, thanks!