[03:11] infinity, ping. I wanted to talk to you about what's happening with signed EFI packages in cosmic (Eg https://launchpad.net/ubuntu/+source/fwupdate-signed/1.20) [03:12] since debian started making signed packages it looks like they're also autosynced into the wrong pocket (https://launchpad.net/ubuntu/+source/fwupdate-amd64-signed) but that causes ubuntu signed packages to fail [03:12] also their signing service isn't running on every upload, so it's even out of sync now too [03:14] so I think unless Ubuntu intends to move to the same signing solution as Debian some time in $future using those template packages, those autosynced packages need to get blacklisted to prevent this problem === superm1_ is now known as superm1 [05:50] coreycb, jamespage: rejected zvmcloudconnector, incomplete copyright. also do you really need all the alternatives, does it matter which Python version is used for these binaries? [05:52] coreyb, jamespage: rejected vaultlocker, incomplete copyright again [05:58] tjaalton: rejected jboss-annotations-1.2-api, incomplete copyright [06:03] doko: incomplete how? [06:04] tjaalton: Oracle not listed [06:04] 2011, Oracle and/or its affiliates [06:04] sure is [06:05] oops [06:12] tjaalton: and dogtag-pki autopkg tests are failing [06:12] alright [07:48] doko: working those both now [07:54] doko: vaultlocker re-uploaded with complete copyright [08:01] doko: re zvmcloudconnector - the d/copyright looks to have an extra copyright holder not in the upstream source which I have dropped [08:01] doko: anything else I have missed [08:01] doko: re py2 package - right now we do still need that as this is a depends for nova [08:46] doko: python-future is needed for the latest python-pysaml2 - its been in main before so can we re-promote that one? [08:47] I subbed ubuntu-openstack for bugs === popey_ is now known as popey === lfaraone_ is now known as lfaraone [09:29] doko, hey, could you have another look to https://bugs.launchpad.net/ubuntu/+source/cpdb-backend-cups/+bug/1747760 and https://bugs.launchpad.net/ubuntu/+source/cpdb-libs/+bug/1747759 to see if Till's fixes are enough for you? [09:29] Launchpad bug 1747760 in cpdb-backend-cups (Ubuntu) "[MIR] cpdb-backend-cups" [High,In progress] [09:29] Launchpad bug 1747759 in cpdb-libs (Ubuntu) "[MIR] cpdb-libs" [High,In progress] [09:58] doko, what are the chances https://bugs.launchpad.net/ubuntu/+source/tracker-miners/+bug/1770877 get reviewed before ff? [09:58] Launchpad bug 1770877 in tracker-miners (Ubuntu) "[MIR] tracker-miners" [Undecided,New] [12:36] Could an AA-type please review bug 1778041? For binary package disappearances in an SRU. I'm not sure what needs to be done, if anything. [12:36] bug 1778041 in freshplayerplugin (Ubuntu Xenial) "browser-plugin-freshplayer-pepperflash broken" [High,In progress] https://launchpad.net/bugs/1778041 [14:11] seb128: I'm just back for two days ... [14:12] jamespage: vaultlocker accepted and built [14:15] doko, wb, I hope you had nice holidays :) [14:15] doko, and yeah, sorry to ping you, the MIR team is understaffed and things are just sitting there unsure to get them unblocked :/ [14:22] coreycb, cpaelzer, nacc: is php 7.3 as the default planned for cosmic? [14:24] ahasenack: rbasak: ^^ [14:24] maybe to discuss on the standup [14:24] I'm reluctant [14:25] me as well [14:25] php-defaults is still in excuses for ?7.2 [14:25] That part isn't FF-critical I don't think. [14:25] lacking nacc this was a bit orphaned most of this cycle with resolution planned next cycle [14:25] Yeah [14:26] I msut admit at least I haven't looked for php at all recently [14:26] That part isn't FF-critical I don't think -> but going for 7.3 seems like too much of a stretch to me without nacc. I'm not familiar enough with it all yet. [14:27] Though php-defaults is in sync now, so it'll autosync if Debian do it. Seems unlikely before our FF though. [15:02] doko: ta [15:37] bug #1683105 has had a patch waiting for someone to apply since last december... could someone please apply it? [15:37] bug 1683105 in dmraid (Ubuntu) "Installation of DMRaid should automatically add necessary modules to /etc/initramfs-tools/modules" [Medium,Triaged] https://launchpad.net/bugs/1683105 [16:03] doko: cpaelzer: rbasak: i really apologize about that. The hard part right now is we had to add a bunch of delta to universe packages for phpunit in 18.04 [16:04] and many of those packages are still not updated in debian, when i last looked [16:04] and since debian, last i checked as well, still wasn't gating their CI, it will fail in our system; so they will need merges [16:04] fairly trivial merges, but merges nonetheless [16:04] i just haven't had the time this cycle :( [16:55] rbasak: Thinking of bug #1778041. If I hadn't SRU'ed the fix, people with one of the dropped packages installed might upgrade to 18.10 and then keep having the old package installed. So we don't usually have a model to make sure that packages which are dropped from archive are uninstalled, do we? [16:55] bug 1778041 in freshplayerplugin (Ubuntu Xenial) "browser-plugin-freshplayer-pepperflash broken" [High,In progress] https://launchpad.net/bugs/1778041 [17:51] GunnarHj: I think do-release-upgrade might take care of that. I'm not sure exactly. [17:52] GunnarHj: if nobody else chimes in, how do you feel about shipping the binary packages but empty? I think that'd be the least harmful, even if it turns out later to be overkill, since it leaves thd door open to anything later without having made it difficult, IYSWIM. [17:52] afk now, but back later. [19:08] rbasak: I thought that do-release-upgrade only takes care of packages no longer needed as dependencies - like 'apt autoremove'. But I'm not sure either. [19:08] rbasak: Sure, I can add empty packages for the two dropped binaries, if you think it's motivated. [19:08] it would be nice if it did something more, if it doesn't know, based upon, perhaps ubuntu-support-status output, etc. [19:08] *if it doesn't now [19:08] rbasak: But before doing so, please also consider that the remaining binary browser-plugin-freshplayer-pepperflash is - unlike before - only built on amd64 and i386. (See comment #4 in the bug report for the reason.) I suppose that can't be handled through empty packages. [19:11] nacc: Would make sense. But can you confirm that no such thing is in place currently? [19:11] GunnarHj: i can try :) [19:12] nacc: Don't spend too much effort on it. It's merely a side discussion when discussing a special SRU case. [19:13] yep, understood [23:54] GunnarHj: that's a good point. [23:54] sil2100 accepted the Bionic package so I'd like his opinion but he's not here right now. [23:55] I'm also reluctant to dictate anything on this one, since I'm not certain of any right answer here, and others will know more. But I also don't want to block you :-/ [23:57] https://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-1000544.html Debian 902720 was fixed in Debian, so cosmic is covered at least! :D [23:57] Debian bug 902720 in ruby-zip "CVE-2018-1000544" [Grave,Fixed] http://bugs.debian.org/902720 [23:57] rubyzip gem rubyzip version 1.2.1 and earlier contains a Directory Traversal vulnerability in Zip::File component that can result in write arbitrary files to the filesystem. This attack appear to be exploitable via If a site allows uploading of .zip files , an attacker can upload a malicious file that contains symlinks or files with absolute pathnames "../" to write arbitrary f... (http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1000544) [23:58] https://launchpadlibrarian.net/383593876/ruby-zip_1.2.1-1_1.2.1-1.1.diff.gz interesting diff though. [23:59] uhhhh