/srv/irclogs.ubuntu.com/2019/08/07/#ubuntu-devel.txt

sahidjamespage, coreycb: about Train, head-dahsboard does not support python3-django > 2, in eoan we well have 1:1.11, but in eoan-proposed we have 2:2.2.407:26
LocutusOfBorgUnit193, hello, what is your feeling about a assaultcube sync?07:26
sahidhow are we going to handle that?07:26
Unit193LocutusOfBorg: Hah!  I happened to voice that in -motu just earlier today. :P07:27
LocutusOfBorgaaand? sync?07:27
LocutusOfBorgwe will loose some bits by syncing07:27
Unit193LocutusOfBorg: tl;dr: No benefit now, Debian version is *weird* for a couple reasons.07:27
LocutusOfBorgso, forward patches to Debian?07:27
Unit193(For the longer description, perhaps check logs)07:30
LocutusOfBorgmwhudson, hello, should golang-1.11-race-detector-runtime move to 1.12?07:50
EoflaOEHello, can someone explain to me what is this channel? For requesting updated versions or what?07:51
jamespagesahid: does horizon support django >= 2 ?08:15
sahidjamespage: yes it looks like since the build success08:20
jamespagesahid: that might not be much of a guide - I don't think we run any testing for horizon during the build08:24
jamespagesahid: indeed "Django<2.1,>=1.11;python_version>='3.0'  # BSD"08:26
mwhudsonLocutusOfBorg: yes, need to check which revision 1.12 was built with i guess09:03
mwhudsonLocutusOfBorg: oh, looks like the same revision as 1.11 so it's just upload with a new package name it seems09:04
LocutusOfBorgmwhudson, shouldn't this one go in Debian?09:49
LocutusOfBorgthe freeze is now over :(09:50
LocutusOfBorg:)09:50
mwhudsonLocutusOfBorg: yes but i never had the energy to go through the itp process09:50
mwhudsonLocutusOfBorg: if you do, go for it!09:50
LocutusOfBorgmwhudson, what does it need? the packaging is already there, right?10:09
LocutusOfBorgjust open a bug and I can sponsor it10:09
LocutusOfBorglamont, hello, can you please do an inspircd merge? did you never upstreamed the patches? the new version is quite a lot different, and I don't know how to check if your patches are still needed or not...11:00
=== Wryhder is now known as Lucas_Gray
rbasaksil2100: I like your block-proposed handling in pending-sru :)12:07
=== ricab is now known as ricab|lunch
sil2100rbasak: thanks, glad you like it! Although it was Brian's idea to use the blockade emoji ;)12:33
=== ricab|lunch is now known as ricab
rbasakbionic-security has distro-info-data 0.37ubuntu0.5 that Breaks: distro-info (<< 0.18ubuntu0.18.04.1~).13:40
rbasakdistro-info >> 0.18ubuntu0.18.04.1~ only exists in bionic-updates.13:40
rbasakTherefore, distro-info in bionic-security has become uninstallable on bionic-security only systems.13:40
rbasakinfinity: you TIL ^13:41
rbasakWanna bug?13:41
rbasakLooks like the Breaks was introduced in 0.37ubuntu0.313:43
infinityOh fun.13:44
infinityrbasak: Lemme just sanity check the distro-info build and copy it to security if it's clean.13:44
rbasakLooks like it's been like that for a while. Does the lack of report mean that nobody actually does security-only installs any more?13:47
infinityI've asked that question every time something like this comes up three months after we break it. :P13:47
infinityhttps://launchpad.net/ubuntu/+source/distro-info/0.18ubuntu0.18.04.1/+publishinghistory13:49
infinityrbasak: ^-- It'll fix itself shortly.13:49
rbasakThank you!13:49
infinityrbasak: Anyhow, I think I've expressed in the past that I feel the updates/security thing is a mess, and if we could come up with a clever way to tag updates as security-or-not, we should collapse them to one pocket and be done with it.13:51
rbasakSome kind of metadata that an apt pin can pick up perhaps13:51
infinityWhich sounds simple on the surface ("Just add it to the control data!"), until you realise a user could be two revisions out of date, and the current one in Packages.gz *isn't* tagged security, but the previous was.13:51
rbasakGood point :)13:52
rbasakIt'd have to be control metadata with a version string stating when it was last updated for security13:52
infinitySo, indeed, another set of stream data that's just package:version pairs of every security update ever, and we fuzzy match between installed and available, or some such.13:52
infinityOr maybe what you say.13:52
rbasakHave fun implementing that in Launchpad :)13:53
infinityAnyhow, if anyone felt like coming up with an elegant solution to that for LP->apt->unattended-upgrades/update-manager, I'd love to ditch the split pockets that aren't really split anyway.13:53
rbasak(or, actually, maybe just in the source package, and Launchpad then wouldn't need to care?)13:53
infinityIf security was actually forked from release, that would be one thing, but we always FFWD against updates anyway to save the pain and horror of maintaining forks.13:54
infinityAnd yeah, LP doesn't necessarily need to know anything here.  It could well be implemented at the package level.13:55
infinityIt's an extra step for the security team to get right, though.13:56
rbasakWhat does Debian do on the fast forwarding point?13:56
rbasakThe security team would merely need to flag every upload they do as a security update. Tooling could do that.13:56
infinityWhereas something more automated that tags things coming into a specific queue would get it more right more often, maybe.13:56
infinityDebian doesn't FFWD until point releases, where they FFWD literally the whole archive.13:57
infinityAs in, stable is replaced with the merge of stable+stable-proposed-updates+stable-security.13:57
infinityThen a new empty spu and ss begin.13:57
rbasakSo before a point release, they maintain two forks of each package - spu + security?13:58
infinityYep.13:58
infinityBut there's not much software in spu, compared to what we ship in updates.13:58
infinitySo it's not that onerous.13:58
rbasakYep13:58
rbasakrafaeldtinoco: in https://salsa.debian.org/debian/dbconfig-common/merge_requests/4, did you miss my comment about the changelog?13:59
cjwatsonIf you're trying to tag updates as security or not, Launchpad would probably have to care because it would have to keep more than one version live in a single pocket.13:59
infinityAt any rate, I think it's a cross-team discussion worth (re)having.  Maybe even having it in earnest well before 20.04, in case we decide to stop the insanity.13:59
infinitycjwatson: Why?13:59
infinitycjwatson: My take is "if a version between your installed one and the available one was a security update, you get the new one, HTH, HAND."14:00
rbasakcjwatson: I had assumed that the only option available to a user after having missed the security upload in the archive would be to update to an even newer SRU14:00
rbasakYeah what infinity said14:00
cjwatsonOh, I see.  Maybe14:00
infinityPeople who want to install current-1 to obtusely get only the security update aren't people we really want to cater to.14:00
rbasakBecause security already fast forwards so users get arbitrary SRUs14:00
cjwatsonThat "version between" bit skates over tricky implementation though14:01
rbasakThe only current benefit to following only security updates is less regression-risk disruption14:01
rbasakIn terms of numbers of updates14:01
rbasakAnd we'd be maintaining that14:01
infinitycjwatson: I mean, it's a simple dpkg version compare on the client side.14:01
cjwatsonDepends on how the tagging is14:02
cjwatsondone14:02
infinityWouldn't get a rollback right, but we shouldn't ever be counting backwards.14:02
cjwatsonIf client has 2, 3 was tagged security, 4 wasn't tagged security and is current, the client needs some way to know about the tag on 314:02
rbasakHypothetically, a "Last-Security-Update: <version string>" in the binary control file is what I was thinking.14:02
rbasakThough perhaps that's not generic enough for apt14:02
infinityRobie's suggestion of "Last-Security-Update: ${version}" in binary control would DTRT.14:02
cjwatsonSounds fiddly to maintain14:02
infinityJinx.14:02
cjwatsonAnd easy to get wrong14:02
rbasakI don't think it'd be that fiddly.14:02
cjwatsonI do :)14:03
infinityI think it's totally fiddly if it's up to the uploader to get right.14:03
rbasakMostly it's just security bumping it, and nobody else bumping it.14:03
infinityIf it could be injected via security coming in from another queue, or having a more generic tag on it, that's less fiddly.14:03
rbasakTooling can do that.14:03
rbasakNot sure about release upgrades though.14:03
cjwatsonI think we should try to do better than something that requires uploader-side tooling14:03
rbasakMaybe it can be completely ignored for those, since apt is upgrading everything anyway.14:03
infinityrbasak: It's ignored in those situations today, so...14:04
rbasakGet security to continue uploading to the securit pocket.14:04
cjwatsonWe have plenty of stuff that does already, but that's not a reason not to put thought into doing better when designing a new thing14:04
rbasakAnd have automation in the upload processing check that it was bumped.14:04
infinityThe only reason to "know" about security updates right now is (a) people who pick "sec only" in unattended-upgrades, and (b) so update-manager can highlight "important updates".14:04
infinityNeither of those apply to full dist upgrades.14:04
rbasakcjwatson: I don't really see this as a hack. The source package seems like the appropriate canonical source of this information to me.14:05
rbasakIt's already effectively done in debian/changelog14:05
rbasakWe'd just be making it machine readable.14:05
infinityAny time you carry a version in more than one place in a source package, the odds of getting it wrong are high.14:05
cjwatsonYour proposal is totally a hack compared to having something automatically scan it and work it out centrally14:05
infinityWithout explicit tooling and very disciplined uploaders.14:05
cjwatsonAnd I don't quite understand why you're pushing it :)14:06
rbasakIt's only a weak suggestion :)14:06
infinityI'd definitely prefer *either* security tagged in changelog (ie: urgency=security), or a queue/target to upload to, but either way, LP would then figure it out.14:06
cjwatson(Not that I'm immediately volunteering; this feels like quite an early stage of discussion ...)14:06
rbasakWorking it out centrally seems like a hack to me, because the actual source of the information must come from the uploader in the first place.14:07
infinityI actually prefer just setting a new imaginary urgency, I think.14:07
rbasakOh14:07
infinityOr declaring that one of the existing ones is now the security team's, so we don't break existing parsers.14:07
rbasakIf the canonical location of the information is in debian/changelog, then sure.14:07
cjwatsonIt's better for the source of information to be "this thing that I'm uploading right now is a security upload" rather than "the last version that was a security upload was <foo>"14:07
rbasakThat fits.14:07
cjwatsonis what I'm trying to say14:07
infinitycjwatson: Fully agreed.14:07
rbasakThen the control field could be automatically generated from debian/changelog14:08
rbasakEither by Launchpad or at package build time.14:08
cjwatsonFWIW the changelog format does already permit multiple tags as well as urgency14:08
cjwatsonWhether existing parsers handle it I don't exactly know, but if they don't they're buggy per policy :)14:09
rbasakhttps://tracker.debian.org/news/1041443/accepted-mysql-57-5726-1-source-into-unstable/14:09
rbasak mysql-5.7 (5.7.26-1) unstable; urgency=high (security fixes)14:09
rbasakThat works fine FWIW14:09
cjwatsonnow I think that isn't pedantically correct even though it might work14:09
rbasakIIRC it's documented and specified somewhere14:09
cjwatsonAFAICS the spec says "multiple keyword=value pairs separated by commas"14:10
rbasakIIRC it's a separate free form comment field14:10
cjwatsonhttps://www.debian.org/doc/debian-policy/ch-source.html#debian-changelog-debian-changelog14:10
coreycbjamespage: sahid: i just checked with amotoki and django 2.2 support is planned upstream for the openstack "U" release (ubuntu 20.04 cycle)14:10
cjwatsonAh, there's https://www.debian.org/doc/debian-policy/ch-controlfields.html#s-f-urgency14:10
cjwatsonDunno whether that's better.  As a matter of principle I'd prefer using a new tag over imposing new mechanical interpretation on a free-form field14:11
coreycbjamespage: sahid: so not quite sure how to move forward on this one for eoan14:11
infinityAhh, so urgency=high (security) would get the job done.14:11
cjwatsonUnless it's already very widespread practice14:11
cjwatsone.g. urgency=high, security=yes14:11
cjwatsonfeels better14:12
coreycbbeisner: fyi django ^14:12
infinityI'd be fine with inventing urgency=security (but ick, might break tools) or just deciding that "emergency" or "critical" now mean something.14:12
rbasakcjwatson: over imposing new mechanical interpretation> agreed14:12
rbasakI was just pointing out that this is a form that might be useful and doesn't currently break anything14:12
cjwatsonI'd prefer not overloading urgency14:12
cjwatsonYep14:12
rbasakHow about Last-Critical-Urgency: <date>?14:12
rbasakWould you consider that overloading?14:13
infinityI don't like gratuitously breaking format like your example just did. :)14:13
cjwatsoninfinity: how does my example gratuitously break format?14:13
cjwatsonit matches the spec14:13
infinityBut also, I'm wondering if urgency=[current-values] might be what we really want anyway.14:13
cjwatsonI mean, for once we have a format that already supports multiple key/value pairs, and then we try to ram everything into one key?14:13
cjwatsondoesn't seem right14:13
infinityThat is, maybe what "security only" people really want is "only urgent SRUs".14:13
infinityurgency=critical because it corrupts data is just as important as urgency=critical because it's remote root.14:14
infinitycjwatson: I don't see it matching the spec?  Maybe I'm reading a different part of policy.14:14
sahidcoreycb: hum yeah, several -dashboard packages are in cause14:14
rbasakinfinity: that's sort of what I mean, yes.14:15
infinitycjwatson: I mean, okay, it's alluded to as maybe being okay "commas are used to separate..."14:15
infinitycjwatson: But the bit in parens pretty much immediately invalidates that.14:15
rbasakWe get to define what urgency means exactly for our stable releases14:15
coreycbsahid: yes something we're very unlikely to be taking on ourselves14:15
rbasakAnd it isn't overloading the field for us (Ubuntu) to have a policy on that.14:15
rbasakAnd then users can follow that policy if we publish the "Last-" in a control field.14:15
rbasakAssuming that urgency has an understood ordering.14:16
coreycbsahid: fwiw nobody will likely deploy horizon on eoan but of course we still want a solution here14:16
cjwatsoninfinity: the bit in parens is part of the urgency key's value14:18
cjwatsoninfinity: so urgency=foo (bar), some-other-tag=some-value is valid14:18
infinitycjwatson: I meant the parens at the end of the sentence I was quoting.14:18
cjwatsoninfinity: that's just a matter of the keys that are currently defined; it doesn't preclude defining new ones14:19
infinitycjwatson: Given that there's only ever been one key=pair value of any note, the odds that tools are robust enough to assume more would be naive.14:19
infinitykey=value pair, even.14:19
cjwatsonthere aren't that many such relevant tools; easy enough to check14:19
* infinity shrugs.14:19
rbasakWe'd notice at build time14:20
infinityI still maintain that this is an opportunity to revisit what we (and users) really mean with "security-only".14:20
rbasakWe could start doing it well in advance of any implementation14:20
cjwatsonIn fact there used to be closes=14:20
cjwatsonmany many years ago14:20
infinityBecause, for my money, what I mean is "I want high urgency stuff NOW, and I can wait on other stuff until I've read the changelogs."14:20
rbasakgit-ubuntu has had fun with parsing old changelog formats14:20
infinityNot strictly security.14:20
infinityBut security-only is the only approximation we have of "high urgency" today.14:21
infinityNote that MS has a similar urgency setting hidden in their updates.14:21
rbasakWith urgency in heavy use in Debian's testing migration, I wonder if there's any potential for future conflict with that14:22
cjwatsonIf what we actually want is semantically urgency, then I don't mind overloading that14:22
infinityWhich gives you everything from "won't touch it until a user clicks a button" to "will install in the background when the machine isn't busy" to "will install now, but maybe not take hold until reboot" and ultimately "will install NOW and reboot NOW, and also fuck you slightly, but this is important."14:22
rbasakThere's nice separation in that this would only be for our stable releases14:22
infinityThey've backed off a lot on using the last one, thankfully.14:22
rbasakBut what if Debian start wanting to do something with their stable releases and also use the urgency field?14:22
infinityrbasak: What if?14:23
cjwatsondpkg-parsechangelog parses "urgency=medium, security=yes" fine, although it issues a couple of warnings because it doesn't know about that particular field name14:23
cjwatsonFWIW14:23
infinityYeah, I didn't assume dpkg would have any issues.14:23
rbasakinfinity: it might result in tooling changes that affect our use of the field, perhaps?14:24
infinityI'm willing to bet there are people out there that have their own changelog reading madness, though.14:24
infinityTo do crazy things like feed into RT for sysadmins to look at incoming updates, and who knows what other crazy.14:24
infinityrbasak: I kinda doubt it?14:25
infinityrbasak: urgency has always had more meaning in Debian than in Ubuntu.  If we started using it, we'd be aligning, not diverging.14:25
infinityrbasak: Assuming we did so with a bit of thought behind it.14:25
infinityAnyhow, I think this is a good start for a baseline cross-team discussion for another time.14:26
infinityI definitely think the changelog would be the right place for this magical data to live and be extracted from.14:26
infinityWe also didn't posit the idea of free-forming another bug syntax, which would skip some of the potential "we might break tools" issues.14:27
infinityLP-SEC: #12345514:27
infinityOr whatever.14:27
rbasakown weird changelog reading madness> oh you mean like this: https://git.launchpad.net/usd-importer/tree/gitubuntu/git_repository.py#n43414:28
infinityHas the downside of requiring a bug for every security upload, but honestly, we probably should have anyway.14:28
cjwatsonI think the only good reason for bugs to be annotated the way they are is to allow them to go alongside the prose description of their fix.  It wouldn't make sense for something that's essentially a flag on the version.14:28
infinityProbaby true, was just giving a less invasive (from a formatting POV) option.14:29
cjwatson(There's a non-trivial amount of hairy stuff associated with bug closures in LP.)14:30
infinityAnyhow, I think the base level discussion (should we collapse pockets, and why, and what would be the end goal of flagging versions (security, or urgency, or some combination of both)) needs to happen before we bikeshed anymore about how to flag versions. :)14:30
cjwatsonYeah, agreed14:30
cjwatsonEnd goal before anything else :)14:30
=== Wryhder is now known as Lucas_Gray
santa_ddstreet, rbalint: good evening, systemd >= 242 fixed my autopkgtest hangs, thank you. but I found yesterday a new issue with latest 243 from -proposed:18:40
santa_udisks2 fails to install in a LXD container because the postinst script fails18:41
santa_udisks2 postinst executes "udevadm trigger --subsystem-match=block --action=change", and this command fails like this (inside an LXD container):18:42
santa_m18:44
santa_https://paste.ubuntu.com/p/5shmRgGRy3/18:44
santa_udisks2 installation inside an LXD container (with -proposed enabled):18:45
santa_https://paste.ubuntu.com/p/jTmJNpVwkY/18:47
santa_... and last but not least, syncing udisks2 from debian wouldn't solve the problem18:50
santa_(I've just tested that with this package here: https://launchpad.net/~panfaust/+archive/ubuntu/kde-test-good)18:51
rbalintsanta_, there are other issues with 243, hopefully we can resolve those as well soonish20:32
mwhudsongood morning #ubuntu-devel21:02
connor_ko/21:14
geniiHi, just wondering if someone could clarify what video mode is being set in OEM install mode which may differ from regular install video mode. In regular install for instance, I can see the entire window but in OEM mode the bottom is cropped off ( on a netbook screen which is 1024x600 it seems like the windows are a non-resizable fixed at maybe 1024x768)21:26
santa_rbalint: ack, thanks21:42

Generated by irclog2html.py 2.7 by Marius Gedminas - find it at mg.pov.lt!