=== cjwatson changed the topic of #launchpad to: Help contact: @ilasc (06:00-15:00 UTC Mon-Fri) | Launchpad is an open source project: https://dev.launchpad.net/ | This channel is logged: http://irclogs.ubuntu.com/ | User Guide: https://help.launchpad.net/ | Support and spam reporting: https://answers.launchpad.net/launchpad
[20:24] <sarnold> ilasc: hello :) a user in #ubuntu has mentioned that he can't find an older curl package on the archives any more, and I can't find it on old-releases -- curl version 7.58.0-2ubuntu3.12 appears to have been published.. https://launchpad.net/ubuntu/+source/curl/7.58.0-2ubuntu3.12
[20:25] <sarnold> ilasc: there's no ...3.12 packages on http://archive.ubuntu.com/ubuntu/pool/main/c/curl/ -- and there's 7.58 packages of any sort at all on http://old-releases.ubuntu.com/ubuntu/pool/main/c/curl/
[20:29] <pappacena> Hi, sarnold. Checking  the publishing history, it seems that this package version was superseded, and its removal was requested: https://launchpad.net/ubuntu/+source/curl/7.58.0-2ubuntu3.12/+publishinghistory
[20:30] <sarnold> pappacena: yeah, just hte usual security update process, though
[20:30] <sarnold> pappacena: I thought we had all the old packages on old-packages though, for folks who needed to do archaelogy
[20:32] <pappacena> Hum... I'm not sure if we keep the removed ones on old-packages. Probably cjwatson can answer that with more confidence, but he is not available today.
[20:32] <mbeierl> What would be the best practice for creating a repeatable docker build system that is based on Ubuntu:18.04 and pinning apt packages?  In this case, my builds stopped working due to a 404, which is good as it points out the security fix, but we might need to keep an older version for a short period of time.  Local apt mirror?
[20:36] <sarnold> yeah, and one that skips the --delete and --delete-after arguments, perhaps
[20:36] <mbeierl> oh, good point!
[20:36] <sarnold> if you need this specific file for a reason, I've still got it in my local archive's snapshots, it'll age out in a day or two
[20:36] <sarnold> but you sound like you're fixing a problem, not papering over something :)
[20:37] <mbeierl> no, I just updated all the dockerfiles, but I need to find a proper procedure to keep things up to date, while also not breaking the build on a regular basis when a new security patch comes out
[20:38] <sarnold> ah good, launchpad still has them, hooray
[20:39] <mbeierl> Like I want to pin the exact versions of *everything* in the dockerfiles so it can be repeatable, but when a security fix comes out, well, the old version is not available, so that build is not repeatable.  That is fine as we know at that moment what needs to change, and we can make a conscious decision to change