AsciiWolfrbasak, hi, I am working on the Tor Browser Launcher SRU for Focal... one quick question: do I have to do some changes, custom changelog etc., or can I just do debdiff of old dsc compared to the new dsc from debian testing/ubuntu groovy?13:54
AsciiWolfthere are many changes in the latest packages when compared to the old one, but I don't think that any of the changes breaks something on Focal... and I will test the package before submitting it13:55
ItzSwirlzAsciiWolf you have been pretty lucky getting the attention you need14:11
ItzSwirlzThe MOTU's like to ignore people14:11
ItzSwirlzYou need to make a .patch file, build it to create a debdiff14:11
ItzSwirlzSign debian/changelog14:11
rbasakAsciiWolf: the SRU upload will need its own changelog entry stating "focal" with an appropriate version number (lower than groovy, higher than anything published in <=focal, etc). Any reasonable method you give to your sponsor to get to that upload is reasonable14:11
ItzSwirlzThen attach it to the bug report and pray MOTU's come for help14:11
ItzSwirlz(like they ever will)14:12
rbasakAsciiWolf: however note that SRUs need to be minimal. See https://wiki.ubuntu.com/StableReleaseUpdates for the policy14:12
ItzSwirlzversion number is14:12
rbasakIn general you'll have a harder time convincing anyone to take a new version wholesale over a cherry-pick, especially because reviewing and verifying the correctness of a cherry-pick is far easier.14:12
ItzSwirlzbut if your requestingsync i doubt it will happen14:14
ItzSwirlzIt kind of guarantees your SRU will NEVER get in there14:14
ItzSwirlzAnyways, anyone got updates on my patches?14:15
ItzSwirlzThey are the cinnamon patches14:15
rbasakItzSwirlz: provide something reasonable and simple and you'll find sponsors. Give reviewers a hard time and you won't.14:15
AsciiWolfrbasak, ah, ok, thanks!14:18
AsciiWolfrbasak, I have prepared the torbrowser-launcher SRU: https://bugs.launchpad.net/ubuntu/+source/torbrowser-launcher/+bug/1896085 :)16:16
ubottuLaunchpad bug 1896085 in torbrowser-launcher (Ubuntu) "[SRU] Backport patch to update Tor Browser Developers public key into Ubuntu 20.04" [Undecided,New]16:16
ItzSwirlzOk I'll look at it16:17
ItzSwirlzOkay so-my advice about the Regression Potential16:17
ItzSwirlzTry to add detail in the case that IT CAN happen-16:17
ItzSwirlzIn the case of say a key update a lot could change16:17
ItzSwirlzThrough PGP/OpenGPG updates of the whole program thats what can happen16:18
ItzSwirlzIt's assumed they are low but it's best to think what could happen in the case of a regression.16:18
AsciiWolfthe key is used only when torbrowser-launcher is launched for a first time16:26
AsciiWolfit is used to verify torbrowser archive that is downloaded and unpacked (into user's home) when torbrowser-launcher is launched for a first time16:28
AsciiWolfas far as I know, torbrowser updates are then handled by torbrowser itself, not by torbrowser-launcher... so they work fine (in case torbrowser is already installed/configured by torbrowser-launcher) even if the devel public key used by torbrowser-launcher is wrong16:30
rbasakAsciiWolf: that's the sort of discussion/analysis that should go into the Regression Potential section please16:33
rbasakAsciiWolf: the point is to identify areas of behaviour that are most likely to regress if we're wrong, so that we know what areas to test16:34
rbasakAsciiWolf: apart from that your SRU looks fine.16:34
rbasakWe'll need to find someone to sponsor because if I SRU-review it then someone else is supposed to sponsor.16:34
AsciiWolfrbasak, ok, I will update the Regression Potential :)16:34
AsciiWolfrbasak, done :)16:39
rbasakAsciiWolf: thanks. As I say we'll need to find someone else to sponsor. One other thought: is there any evidence that the key being added is the correct key and not a compromised one?16:41
rbasakFor example the commit link looks like it's to a fork and not the original project.16:42
rbasakMaybe it'd be a good idea to provide some evidence (or pointers to evidence) that it's the correct key in the bug.16:42
AsciiWolfwell, the key is already used in Debian/Ubuntu Groovy and the patch was made by a Tor developer :)16:44
AsciiWolfhttps://github.com/sysrqb seems to be an account of a Tor developer16:45
AsciiWolfthe new key from this patch is also already used in Fedora, on Flathub and in many places :)16:47
AsciiWolfanyway, the patch file is the same that is already included in the source package in Ubuntu Groovy :)16:48
AsciiWolfrbasak, I have added comment with link to the Debian Salsa commit, mentioning that the patch file is already used in Groovy16:54
rbasakAsciiWolf: perfect. Thank you!17:04
rbasakA pointer to Debian's identical key is certainly sufficient since most of the time we rely on the Debian maintainer via syncs anyway17:04
ItzSwirlzSo about my patches:17:57
ItzSwirlzI do have many patches and many more I can do but I don't want to mess up the versions in changelog17:57
ItzSwirlzBut now that we are a month from release I am wondering if it's still worth the 20.04 SRU's now.17:57
ItzSwirlzSo if anyones available to help that'd be great, I'll remain online.18:08
ItzSwirlzAsciiWolf: Is this similar to your problem? https://bugs.launchpad.net/ubuntu/+source/torbrowser-launcher/+bug/149598621:57
ubottuLaunchpad bug 1495986 in torbrowser-launcher (Ubuntu) "Crashes when trying to download signature" [Medium,Confirmed]21:57
ItzSwirlzIt seems all bugs here are to that issue: https://bugs.launchpad.net/ubuntu/+source/torbrowser-launcher21:57

Generated by irclog2html.py 2.7 by Marius Gedminas - find it at mg.pov.lt!