| superm1_ | infinity, ping. I wanted to talk to you about what's happening with signed EFI packages in cosmic (Eg https://launchpad.net/ubuntu/+source/fwupdate-signed/1.20) | 03:11 |
|---|---|---|
| superm1_ | since debian started making signed packages it looks like they're also autosynced into the wrong pocket (https://launchpad.net/ubuntu/+source/fwupdate-amd64-signed) but that causes ubuntu signed packages to fail | 03:12 |
| superm1_ | also their signing service isn't running on every upload, so it's even out of sync now too | 03:12 |
| superm1_ | so I think unless Ubuntu intends to move to the same signing solution as Debian some time in $future using those template packages, those autosynced packages need to get blacklisted to prevent this problem | 03:14 |
| === superm1_ is now known as superm1 | ||
| doko | coreycb, jamespage: rejected zvmcloudconnector, incomplete copyright. also do you really need all the alternatives, does it matter which Python version is used for these binaries? | 05:50 |
| doko | coreyb, jamespage: rejected vaultlocker, incomplete copyright again | 05:52 |
| doko | tjaalton: rejected jboss-annotations-1.2-api, incomplete copyright | 05:58 |
| tjaalton | doko: incomplete how? | 06:03 |
| doko | tjaalton: Oracle not listed | 06:04 |
| tjaalton | 2011, Oracle and/or its affiliates | 06:04 |
| tjaalton | sure is | 06:04 |
| doko | oops | 06:05 |
| doko | tjaalton: and dogtag-pki autopkg tests are failing | 06:12 |
| tjaalton | alright | 06:12 |
| jamespage | doko: working those both now | 07:48 |
| jamespage | doko: vaultlocker re-uploaded with complete copyright | 07:54 |
| jamespage | doko: re zvmcloudconnector - the d/copyright looks to have an extra copyright holder not in the upstream source which I have dropped | 08:01 |
| jamespage | doko: anything else I have missed | 08:01 |
| jamespage | doko: re py2 package - right now we do still need that as this is a depends for nova | 08:01 |
| jamespage | doko: python-future is needed for the latest python-pysaml2 - its been in main before so can we re-promote that one? | 08:46 |
| jamespage | I subbed ubuntu-openstack for bugs | 08:47 |
| === popey_ is now known as popey | ||
| === lfaraone_ is now known as lfaraone | ||
| seb128 | doko, hey, could you have another look to https://bugs.launchpad.net/ubuntu/+source/cpdb-backend-cups/+bug/1747760 and https://bugs.launchpad.net/ubuntu/+source/cpdb-libs/+bug/1747759 to see if Till's fixes are enough for you? | 09:29 |
| ubottu | Launchpad bug 1747760 in cpdb-backend-cups (Ubuntu) "[MIR] cpdb-backend-cups" [High,In progress] | 09:29 |
| ubottu | Launchpad bug 1747759 in cpdb-libs (Ubuntu) "[MIR] cpdb-libs" [High,In progress] | 09:29 |
| seb128 | doko, what are the chances https://bugs.launchpad.net/ubuntu/+source/tracker-miners/+bug/1770877 get reviewed before ff? | 09:58 |
| ubottu | Launchpad bug 1770877 in tracker-miners (Ubuntu) "[MIR] tracker-miners" [Undecided,New] | 09:58 |
| rbasak | Could an AA-type please review bug 1778041? For binary package disappearances in an SRU. I'm not sure what needs to be done, if anything. | 12:36 |
| ubottu | bug 1778041 in freshplayerplugin (Ubuntu Xenial) "browser-plugin-freshplayer-pepperflash broken" [High,In progress] https://launchpad.net/bugs/1778041 | 12:36 |
| doko | seb128: I'm just back for two days ... | 14:11 |
| doko | jamespage: vaultlocker accepted and built | 14:12 |
| seb128 | doko, wb, I hope you had nice holidays :) | 14:15 |
| seb128 | doko, and yeah, sorry to ping you, the MIR team is understaffed and things are just sitting there unsure to get them unblocked :/ | 14:15 |
| doko | coreycb, cpaelzer, nacc: is php 7.3 as the default planned for cosmic? | 14:22 |
| cpaelzer | ahasenack: rbasak: ^^ | 14:24 |
| cpaelzer | maybe to discuss on the standup | 14:24 |
| rbasak | I'm reluctant | 14:24 |
| cpaelzer | me as well | 14:25 |
| rbasak | php-defaults is still in excuses for ?7.2 | 14:25 |
| rbasak | That part isn't FF-critical I don't think. | 14:25 |
| cpaelzer | lacking nacc this was a bit orphaned most of this cycle with resolution planned next cycle | 14:25 |
| rbasak | Yeah | 14:25 |
| cpaelzer | I msut admit at least I haven't looked for php at all recently | 14:26 |
| rbasak | That part isn't FF-critical I don't think -> but going for 7.3 seems like too much of a stretch to me without nacc. I'm not familiar enough with it all yet. | 14:26 |
| rbasak | Though php-defaults is in sync now, so it'll autosync if Debian do it. Seems unlikely before our FF though. | 14:27 |
| jamespage | doko: ta | 15:02 |
| psusi | bug #1683105 has had a patch waiting for someone to apply since last december... could someone please apply it? | 15:37 |
| ubottu | bug 1683105 in dmraid (Ubuntu) "Installation of DMRaid should automatically add necessary modules to /etc/initramfs-tools/modules" [Medium,Triaged] https://launchpad.net/bugs/1683105 | 15:37 |
| nacc | doko: cpaelzer: rbasak: i really apologize about that. The hard part right now is we had to add a bunch of delta to universe packages for phpunit in 18.04 | 16:03 |
| nacc | and many of those packages are still not updated in debian, when i last looked | 16:04 |
| nacc | and since debian, last i checked as well, still wasn't gating their CI, it will fail in our system; so they will need merges | 16:04 |
| nacc | fairly trivial merges, but merges nonetheless | 16:04 |
| nacc | i just haven't had the time this cycle :( | 16:04 |
| GunnarHj | rbasak: Thinking of bug #1778041. If I hadn't SRU'ed the fix, people with one of the dropped packages installed might upgrade to 18.10 and then keep having the old package installed. So we don't usually have a model to make sure that packages which are dropped from archive are uninstalled, do we? | 16:55 |
| ubottu | bug 1778041 in freshplayerplugin (Ubuntu Xenial) "browser-plugin-freshplayer-pepperflash broken" [High,In progress] https://launchpad.net/bugs/1778041 | 16:55 |
| rbasak | GunnarHj: I think do-release-upgrade might take care of that. I'm not sure exactly. | 17:51 |
| rbasak | GunnarHj: if nobody else chimes in, how do you feel about shipping the binary packages but empty? I think that'd be the least harmful, even if it turns out later to be overkill, since it leaves thd door open to anything later without having made it difficult, IYSWIM. | 17:52 |
| rbasak | afk now, but back later. | 17:52 |
| GunnarHj | rbasak: I thought that do-release-upgrade only takes care of packages no longer needed as dependencies - like 'apt autoremove'. But I'm not sure either. | 19:08 |
| GunnarHj | rbasak: Sure, I can add empty packages for the two dropped binaries, if you think it's motivated. | 19:08 |
| nacc | it would be nice if it did something more, if it doesn't know, based upon, perhaps ubuntu-support-status output, etc. | 19:08 |
| nacc | *if it doesn't now | 19:08 |
| GunnarHj | rbasak: But before doing so, please also consider that the remaining binary browser-plugin-freshplayer-pepperflash is - unlike before - only built on amd64 and i386. (See comment #4 in the bug report for the reason.) I suppose that can't be handled through empty packages. | 19:08 |
| GunnarHj | nacc: Would make sense. But can you confirm that no such thing is in place currently? | 19:11 |
| nacc | GunnarHj: i can try :) | 19:11 |
| GunnarHj | nacc: Don't spend too much effort on it. It's merely a side discussion when discussing a special SRU case. | 19:12 |
| nacc | yep, understood | 19:13 |
| rbasak | GunnarHj: that's a good point. | 23:54 |
| rbasak | sil2100 accepted the Bionic package so I'd like his opinion but he's not here right now. | 23:54 |
| rbasak | I'm also reluctant to dictate anything on this one, since I'm not certain of any right answer here, and others will know more. But I also don't want to block you :-/ | 23:55 |
| Unit193 | https://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-1000544.html Debian 902720 was fixed in Debian, so cosmic is covered at least! :D | 23:57 |
| ubottu | Debian bug 902720 in ruby-zip "CVE-2018-1000544" [Grave,Fixed] http://bugs.debian.org/902720 | 23:57 |
| ubottu | rubyzip gem rubyzip version 1.2.1 and earlier contains a Directory Traversal vulnerability in Zip::File component that can result in write arbitrary files to the filesystem. This attack appear to be exploitable via If a site allows uploading of .zip files , an attacker can upload a malicious file that contains symlinks or files with absolute pathnames "../" to write arbitrary f... (http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1000544) | 23:57 |
| Unit193 | https://launchpadlibrarian.net/383593876/ruby-zip_1.2.1-1_1.2.1-1.1.diff.gz interesting diff though. | 23:58 |
| sarnold | uhhhh | 23:59 |
Generated by irclog2html.py 2.7 by Marius Gedminas - find it at mg.pov.lt!