[03:11] <superm1_> infinity, ping.  I wanted to talk to you about what's happening with signed EFI packages in cosmic (Eg https://launchpad.net/ubuntu/+source/fwupdate-signed/1.20)
[03:12] <superm1_> since debian started making signed packages it looks like they're also autosynced into the wrong pocket (https://launchpad.net/ubuntu/+source/fwupdate-amd64-signed) but that causes ubuntu signed packages to fail
[03:12] <superm1_> also their signing service isn't running on every upload, so it's even out of sync now too
[03:14] <superm1_> so I think unless Ubuntu intends to move to the same signing solution as Debian some time in $future using those template packages, those autosynced packages need to get blacklisted to prevent this problem
[05:50] <doko> coreycb, jamespage: rejected zvmcloudconnector, incomplete copyright. also do you really need all the alternatives, does it matter which Python version is used for these binaries?
[05:52] <doko> coreyb, jamespage: rejected vaultlocker, incomplete copyright again
[05:58] <doko> tjaalton: rejected jboss-annotations-1.2-api, incomplete copyright
[06:03] <tjaalton> doko: incomplete how?
[06:04] <doko> tjaalton: Oracle not listed
[06:04] <tjaalton>            2011, Oracle and/or its affiliates
[06:04] <tjaalton> sure is
[06:05] <doko> oops
[06:12] <doko> tjaalton: and dogtag-pki autopkg tests are failing
[06:12] <tjaalton> alright
[07:48] <jamespage> doko: working those both now
[07:54] <jamespage> doko: vaultlocker re-uploaded with complete copyright
[08:01] <jamespage> doko: re zvmcloudconnector - the d/copyright looks to have an extra copyright holder not in the upstream source which I have dropped
[08:01] <jamespage> doko: anything else I have missed
[08:01] <jamespage> doko: re py2 package - right now we do still need that as this is a depends for nova
[08:46] <jamespage> doko: python-future is needed for the latest python-pysaml2 - its been in main before so can we re-promote that one?
[08:47] <jamespage> I subbed ubuntu-openstack for bugs
[09:29] <seb128> doko, hey, could you have another look to https://bugs.launchpad.net/ubuntu/+source/cpdb-backend-cups/+bug/1747760 and https://bugs.launchpad.net/ubuntu/+source/cpdb-libs/+bug/1747759 to see if Till's fixes are enough for you?
[09:58] <seb128> doko, what are the chances https://bugs.launchpad.net/ubuntu/+source/tracker-miners/+bug/1770877 get reviewed before ff?
[12:36] <rbasak> Could an AA-type please review bug 1778041? For binary package disappearances in an SRU. I'm not sure what needs to be done, if anything.
[14:11] <doko> seb128: I'm just back for two days ...
[14:12] <doko> jamespage: vaultlocker accepted and built
[14:15] <seb128> doko, wb, I hope you had nice holidays :)
[14:15] <seb128> doko, and yeah, sorry to ping you, the MIR team is understaffed and things are just sitting there unsure to get them unblocked :/
[14:22] <doko> coreycb, cpaelzer, nacc: is php 7.3 as the default planned for cosmic?
[14:24] <cpaelzer> ahasenack: rbasak: ^^
[14:24] <cpaelzer> maybe to discuss on the standup
[14:24] <rbasak> I'm reluctant
[14:25] <cpaelzer> me as well
[14:25] <rbasak> php-defaults is still in excuses for ?7.2
[14:25] <rbasak> That part isn't FF-critical I don't think.
[14:25] <cpaelzer> lacking nacc this was a bit orphaned most of this cycle with resolution planned next cycle
[14:25] <rbasak> Yeah
[14:26] <cpaelzer> I msut admit at least I haven't looked for php at all recently
[14:26] <rbasak> That part isn't FF-critical I don't think -> but going for 7.3 seems like too much of a stretch to me without nacc. I'm not familiar enough with it all yet.
[14:27] <rbasak> Though php-defaults is in sync now, so it'll autosync if Debian do it. Seems unlikely before our FF though.
[15:02] <jamespage> doko: ta
[15:37] <psusi> bug #1683105 has had a patch waiting for someone to apply since last december... could someone please apply it?
[16:03] <nacc> doko: cpaelzer: rbasak: i really apologize about that. The hard part right now is we had to add a bunch of delta to universe packages for phpunit in 18.04
[16:04] <nacc> and many of those packages are still not updated in debian, when i last looked
[16:04] <nacc> and since debian, last i checked as well, still wasn't gating their CI, it will fail in our system; so they will need merges
[16:04] <nacc> fairly trivial merges, but merges nonetheless
[16:04] <nacc> i just haven't had the time this cycle :(
[16:55] <GunnarHj> rbasak: Thinking of bug #1778041. If I hadn't SRU'ed the fix, people with one of the dropped packages installed might upgrade to 18.10 and then keep having the old package installed. So we don't usually have a model to make sure that packages which are dropped from archive are uninstalled, do we?
[17:51] <rbasak> GunnarHj: I think do-release-upgrade might take care of that. I'm not sure exactly.
[17:52] <rbasak> GunnarHj: if nobody else chimes in, how do you feel about shipping the binary packages but empty? I think that'd be the least harmful, even if it turns out later to be overkill, since it leaves thd door open to anything later without having made it difficult, IYSWIM.
[17:52] <rbasak> afk now, but back later.
[19:08] <GunnarHj> rbasak: I thought that do-release-upgrade only takes care of packages no longer needed as dependencies - like 'apt autoremove'. But I'm not sure either.
[19:08] <GunnarHj> rbasak: Sure, I can add empty packages for the two dropped binaries, if you think it's motivated.
[19:08] <nacc> it would be nice if it did something more, if it doesn't know, based upon, perhaps ubuntu-support-status output, etc.
[19:08] <nacc> *if it doesn't now
[19:08] <GunnarHj> rbasak: But before doing so, please also consider that the remaining binary browser-plugin-freshplayer-pepperflash is - unlike before - only built on amd64 and i386. (See comment #4 in the bug report for the reason.) I suppose that can't be handled through empty packages.
[19:11] <GunnarHj> nacc: Would make sense. But can you confirm that no such thing is in place currently?
[19:11] <nacc> GunnarHj: i can try :)
[19:12] <GunnarHj> nacc: Don't spend too much effort on it. It's merely a side discussion when discussing a special SRU case.
[19:13] <nacc> yep, understood
[23:54] <rbasak> GunnarHj: that's a good point.
[23:54] <rbasak> sil2100 accepted the Bionic package so I'd like his opinion but he's not here right now.
[23:55] <rbasak> I'm also reluctant to dictate anything on this one, since I'm not certain of any right answer here, and others will know more. But I also don't want to block you :-/
[23:57] <Unit193> https://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-1000544.html Debian 902720 was fixed in Debian, so cosmic is covered at least! :D
[23:58] <Unit193> https://launchpadlibrarian.net/383593876/ruby-zip_1.2.1-1_1.2.1-1.1.diff.gz interesting diff though.
[23:59] <sarnold> uhhhh