[05:08] <luis220413> I am available now.
[05:08] <luis220413> Please review my updates.
[05:12] <luis220413> Please review the security update in bug 1970507.
[05:12] <luis220413> Please review the SRUs in bug 1970779, bug 1978555 and bug 1978891.
[05:15] <luis220413> And bug 1980873 (not packaged by me)
[05:18] <luis220413> sbeattie: ^
[06:58] <luis220413> I am unavailable until 11:00 UTC and may be so until 12:00 UTC.
[12:01] <luis220413> amurray: Please review my updates.
[12:01] <luis220413> I am available now.
[12:11] <luis220413> georgiag: Please review my updates.
[12:52] <ebarretto> luis220413, I will be adding comments to your launchpad tickets today. Please note that SRUs are not the security team responsibility to review them or to notify the SRU team.
[13:12] <luis220413> ebarretto: Specifically, I want you to review bug 1970507, bug 1970779, bug 1978555, bug 1978891 and bug 1980873. The updated package in the last one was not made by me.
[13:15] <ebarretto> luis220413, spip for focal and jammy is an SRU 
[13:15] <ebarretto> I think we already discussed about this one 
[13:15] <luis220413> I know. Ignore all but 1970779 (that should be a security update) and 1980873
[13:15] <luis220413> And 1970507
[13:16] <ebarretto> again, I will be adding comments, I won't be sponsoring those. I'm just reviewing everything so we assign people to it 
[13:17] <luis220413> I just converted 1970779 into a security update given comment #18 (by Marc Deslauriers)
[13:20] <ebarretto> luis220413, regarding #1970507 I can't see a debdiff there 
[13:21] <ebarretto> not sure if LP is misbehaving 
[13:21] <ebarretto> could you please attach the debdiff(s)? 
[13:22] <luis220413> ebarretto: I will upload one now. It includes the fixes from the version in the unapproved queue.
[13:22] <luis220413> LP is not misbehaving.
[13:23] <luis220413> The debdiff has been attached 1 minute ago.
[13:23] <ebarretto> luis220413, please add also information on how to test the package/cves 
[13:26] <luis220413> ebarretto: Done. I can perform the part of the testing that does not involve private exploits.
[13:26] <luis220413> The Ubuntu Security Team may have access to private exploits.
[13:30] <ebarretto> luis220413, thanks! 
[13:39] <ebarretto> luis220413, regarding https://bugs.launchpad.net/ubuntu/+source/wpewebkit/+bug/1970779  could you also upload a debdiff? I checked your ppa and I see build failures, are you currently working on fixing those? 
[13:40] <luis220413> ebarretto: Please download the source packages from https://launchpad.net/~luis220413/+archive/ubuntu/security-updates/+packages. I asked a question about Launchpad itself on Launchpad regarding the build failures because they do not have logs.
[13:41] <luis220413> I tried to upload the debdiffs but they were too large (around 200 MB).
[13:43] <ebarretto> luis220413, 200mb debdiffs are really hard to sponsor and validate 
[13:43] <luis220413> When I completed the patched packages I tried to upload the debdiffs several times but encountered timeout errors due to the size of the debdiffs (around 100-200 MB), and filed a bug on Launchpad itself (that was marked as Won't Fix) as described in 1970779.
[13:43] <luis220413> ebarretto: A debdiff only with the security fixes would not fix compatibility issues with current websites. Many current websites only support the latest versions of browsers.
[13:45] <ebarretto> luis220413, but still a large debdiff like that can introduce many regressions, ABI and API incompatiblity. Causing more issues than gains 
[13:47] <luis220413> ebarretto: See comment #18 in the bug. The wpewebkit 2.x series have stable ABI and API.
[13:48] <ebarretto> luis220413, we still need to validate that in the debdiff has every piece of code needed, and nothing is missing. And that's not trivial in a 200mb debdiff 
[13:48] <ebarretto> luis220413, your build should at least pass in all architectures before we continue this sponsoring
[13:48] <ebarretto> could you please investigate it?
[13:51] <luis220413> I believe that should be investigated by the Launchpad team. I will upload a new version now. From the times of the previous builds of this package, the builds will take 1 to 10 hours.
[13:52] <ebarretto> luis220413, if it fails again let me know and I can ask the launchpad team to take a look 
[13:54] <luis220413> ebarretto: I will skip Impish because it will reach end-of-life tomorrow.
[13:54] <ebarretto> luis220413, yes, please skip it
[14:00] <luis220413> ebarretto: Regarding the debdiffs you can ignore the upstream changes and only consider the changes in the Debian packaging tarball.
[14:03] <luis220413> ebarretto: The new packages are building in my PPA
[14:09] <luis220413> ebarretto: Next is bug 1980873
[14:09] <ebarretto> luis220413, thanks, I will try to keep a look at it, but feel free to let me know if it fails again and there's no log, so I can ask launchpad team's help
[14:18] <ebarretto> luis220413, 1980873 is already assigned to one of our colleagues, it will get done in the next days/weeks