lotuspsychjegood morning03:06
=== NeoFAT32___ is now known as NeoFAT32
=== NeoFAT32___ is now known as NeoFAT32
=== arraybolt3[m] is now known as arraybolt3[old]
b4zhello someone has news regarding the status of package repository servers?09:35
oerheksresolved .. https://status.canonical.com/#/incident/KNms6QK9ewuzz-7xUsPsNylV20jEt5kyKsd8A-3ptQEVUe5iAwdm8JF7ErCrLqPnMAwu3z5Y-lH0alDAJSJH6w==09:37
=== EriC^^ is now known as Guest6760
=== Guest6760 is now known as EriC^
ravageogra: are there any plans to add a UI to ask for snap permissions on first startup? like on mobile devices? 14:39
ograravage, yes, since ages ... but ... manpower ... meanwhile, there is the permissions UI in the snap-store snap *and* they are exposed in gnome-settings in the application category too14:40
ravageyes that works pretty well already14:41
ravagehad a look at ubports 20.04 on sunday. thats when i thought of it :)14:46
lotuspsychjeim still stuck on this on jammy, is that suppose to happen on a machine without pro? https://dpaste.org/4dbKL15:00
leftyfbyeah, that's a bit annoying and certainly a bug15:01
leftyfbat the very least with wording15:01
ogralotuspsychje, yes, it is supposed to happen ... we can'T hide available security updates in apt15:02
lotuspsychjebut why are those packages being held back?15:03
ograyou mean the lower block ? looks like pahsed updates to me 15:04
leftyfbwhat about the upper block?15:04
ograwhat about it ? 15:04
leftyfbwe're gating package updates behind a commercial product?15:05
ograthere are CVE fixes in them15:05
lotuspsychjei should purge imagemagic to get rid of the warnings?15:05
ograno, you should just enable pro 15:05
lotuspsychjebut what if im a user that doesnt need/want that?15:05
ogra... and install them indeed15:05
leftyfbthat is verymuch not a good solution15:05
ograten just ignore it 15:05
lotuspsychjeyeah that sounds very messy15:06
leftyfbuse commercial product or ignore messages about security updates 15:06
ograit isnt a commercial product for most users 15:06
leftyfbpro is 100% a commercial product, regardless of which users pay $0 for it15:06
ograthats a philosphical thing i guess 🙂 15:07
lotuspsychjeif i had pro, i dont mind such messages15:07
leftyfbthis is a bug and will have very big an negative ramifications for Ubuntu/Canonical if not resolved15:07
ograit is a free product for most users but to make sure the ones that need to pay do not abuse it there must be a gate keping mechanism15:07
leftyfbthere should be an additional repo that gets added if you install pro15:08
lotuspsychjei agree on that15:08
ograit is added by default15:08
leftyfbdefault installs should not complain about commercial products not being utilized 15:08
ograsince there are CVE fixes in it 15:08
leftyfbCVE's with unspecified severity and giving everyone who doesn't partake the impression that their system is now insecure15:09
ograwhich it is ...15:09
leftyfbthis is very bad15:09
ogra(and which is why they will not be quietened)15:10
lotuspsychjeand why the seperation from terminal vs GUI updater?15:10
ograno idea, i didnt implement it ... but i guess the GUI will eventually get it too15:10
lotuspsychjethats not good15:11
ograextra security is not good ?15:11
lotuspsychjei dont want my regular customers end up with gui warnings15:11
leftyfbogra: you know that's not what this is15:11
ograthat is exactly what it is 15:12
leftyfbogra: I am running the latest LTS from Ubuntu, I'm being told there are security updates for packages on my system that I'm not allowed to access unless I utilize a commercial product (regardless of price). The impression is, my system is insecure unless I partake. The impression is, go use another linux distro15:14
ograthere are new people hired to provide additional CVE fixes for 23000 packages that have not been there before ... these are provided for free to endusers and small businesses ... but to pay the people *someone* has to pay, his is why there needs to be gate-keeping15:14
ograleftyfb, but the impression is correct !!15:14
ograit is insecure ... 15:14
leftyfbogra: mark my words, this is going to be VERY bad for Ubuntu/Canonical. The press is going to eat this up and it's going to verymuch leave a scar15:15
ograas insecure as it has always been ... but now you have the ability to get fixes for this ... universe has always been best effort community CVE fixing .. and that effort has always been very very low15:16
oerheks"Reduce your average CVE exposure time from 98 days to 1 day" ... confusing15:16
lotuspsychjeand why exactly a user following the LTS regular route needs pro?15:16
ograleftyfb, making the distro more secure than it was the last 19y is bad ?15:16
leftyfbogra: you know exactly what I mean15:16
leftyfbI know you get this15:17
leftyfbthe messaging is bad15:17
ograleftyfb, well, file a bug, suggest a better message ... 15:17
leftyfbthere is already a bug15:17
leftyfband it's going to blow up, I'm telling you15:17
ograwell, ten see what the maintainers say 15:17
ograpoint is, there are additional security updtes now and they wont be hidden ... 15:18
ogra(and why should they)15:18
leftyfbthat is not made clear to the end user15:18
ograwell, should it spit ut another two pages with explanation that there have never been security fixes to universe before ?15:19
leftyfbsomething to that affect, 100%15:19
ograit has an url and that has an explanation15:19
* ogra needs to go now ... there are several discussion threads about pro on discourse.ubuntu.com though ...15:27
leftyfblotuspsychj3: https://bugs.launchpad.net/ubuntu/+source/ubuntu-advantage-tools/+bug/199202615:28
-ubottu:#ubuntu-discuss- Launchpad bug 1992026 in ubuntu-advantage-tools (Ubuntu) "Ubuntu Pro APT integration is a bit much" [Critical, In Progress]15:28
lotuspsychj3yeah found that yesterday tnx leftyfb 15:28
lotuspsychj3so i purged all those imagemagick packages15:29
lotuspsychj3then the warning left15:29
lotuspsychj3now installing a new imagemagick gives back the esm warning15:29
leftyfbyeah, it's a very bad experience. It's going to drive a very large number of users away from Ubuntu.15:30
lotuspsychj3and how big will that list become after a while?15:30
ravagethe current situation is just really bad. i agree15:32
ravageshow me the information. let me enter "I KNOW WHAT IM DOING" and that should be it. no more Pro messages15:33
lotuspsychj3after all these years, they still havent learned, leave the user the choice...15:33
leftyfbthat's a partial solution for users who understand what's going on15:34
ravagethe alternative will be 100 articles online that show you how to do it15:34
ravagewithout any additional benfit to the users15:35
leftyfbI get the reasoning behind all this. Canonical is going above and beyond to fix security bugs in community software, something outside their responsibility. They want people to utilize this commercial product to pay for it. Great. I'm on board. I'll sign up and suggest others do we well.....15:36
leftyfbbut the implementation amd current messages is VERY bad and will 100% drive users away and is going to cause a S-storm in the press15:36
ravagei talked to Fallen and i think... Heather and some other guy about it at FOSDEM15:36
ravagei think they at least did understand my point. i even use Ubuntu Pro. But not everyone wants to15:37
leftyfbsame here15:37
lotuspsychj3i dont want my customer messing with pro15:38
ravageyou can activate it for them :)15:38
ravagewhich is probably a good idea in general15:39
lotuspsychj3i want my users on a regular LTS route15:39
oerheks"add a UI to ask for snap permissions on first startup" is actually a good idea15:39
leftyfbcompletely different topic, but yes, I agree with that one as well15:41
ravageit was the topic a little earlier :)15:41
=== JanC is now known as Guest2803
=== JanC_ is now known as JanC

Generated by irclog2html.py 2.7 by Marius Gedminas - find it at mg.pov.lt!