[03:06] <lotuspsychje> good morning
[09:35] <b4z> hello someone has news regarding the status of package repository servers?
[09:37] <oerheks> resolved .. https://status.canonical.com/#/incident/KNms6QK9ewuzz-7xUsPsNylV20jEt5kyKsd8A-3ptQEVUe5iAwdm8JF7ErCrLqPnMAwu3z5Y-lH0alDAJSJH6w==
[09:39] <b4z> thanks
[14:39] <ravage> ogra: are there any plans to add a UI to ask for snap permissions on first startup? like on mobile devices? 
[14:40] <ogra> ravage, yes, since ages ... but ... manpower ... meanwhile, there is the permissions UI in the snap-store snap *and* they are exposed in gnome-settings in the application category too
[14:41] <ravage> yes that works pretty well already
[14:46] <ravage> had a look at ubports 20.04 on sunday. thats when i thought of it :)
[15:00] <lotuspsychje> im still stuck on this on jammy, is that suppose to happen on a machine without pro? https://dpaste.org/4dbKL
[15:01] <leftyfb> yeah, that's a bit annoying and certainly a bug
[15:01] <leftyfb> at the very least with wording
[15:01] <lotuspsychje> kk
[15:02] <ogra> lotuspsychje, yes, it is supposed to happen ... we can'T hide available security updates in apt
[15:03] <lotuspsychje> but why are those packages being held back?
[15:04] <ogra> you mean the lower block ? looks like pahsed updates to me 
[15:04] <ogra> *phased
[15:04] <lotuspsychje> ah
[15:04] <leftyfb> what about the upper block?
[15:04] <ogra> what about it ? 
[15:05] <leftyfb> we're gating package updates behind a commercial product?
[15:05] <ogra> there are CVE fixes in them
[15:05] <lotuspsychje> i should purge imagemagic to get rid of the warnings?
[15:05] <ogra> no, you should just enable pro 
[15:05] <lotuspsychje> but what if im a user that doesnt need/want that?
[15:05] <ogra> ... and install them indeed
[15:05] <leftyfb> that is verymuch not a good solution
[15:05] <ogra> ten just ignore it 
[15:06] <lotuspsychje> yeah that sounds very messy
[15:06] <leftyfb> use commercial product or ignore messages about security updates 
[15:06] <ogra> it isnt a commercial product for most users 
[15:06] <leftyfb> pro is 100% a commercial product, regardless of which users pay $0 for it
[15:07] <ogra> thats a philosphical thing i guess 🙂 
[15:07] <lotuspsychje> if i had pro, i dont mind such messages
[15:07] <leftyfb> this is a bug and will have very big an negative ramifications for Ubuntu/Canonical if not resolved
[15:07] <ogra> it is a free product for most users but to make sure the ones that need to pay do not abuse it there must be a gate keping mechanism
[15:08] <leftyfb> there should be an additional repo that gets added if you install pro
[15:08] <lotuspsychje> i agree on that
[15:08] <ogra> it is added by default
[15:08] <leftyfb> default installs should not complain about commercial products not being utilized 
[15:08] <ogra> since there are CVE fixes in it 
[15:09] <leftyfb> CVE's with unspecified severity and giving everyone who doesn't partake the impression that their system is now insecure
[15:09] <ogra> which it is ...
[15:09] <leftyfb> this is very bad
[15:10] <ogra> (and which is why they will not be quietened)
[15:10] <lotuspsychje> and why the seperation from terminal vs GUI updater?
[15:10] <ogra> no idea, i didnt implement it ... but i guess the GUI will eventually get it too
[15:11] <lotuspsychje> thats not good
[15:11] <ogra> extra security is not good ?
[15:11] <lotuspsychje> i dont want my regular customers end up with gui warnings
[15:11] <leftyfb> ogra: you know that's not what this is
[15:12] <ogra> that is exactly what it is 
[15:14] <leftyfb> ogra: I am running the latest LTS from Ubuntu, I'm being told there are security updates for packages on my system that I'm not allowed to access unless I utilize a commercial product (regardless of price). The impression is, my system is insecure unless I partake. The impression is, go use another linux distro
[15:14] <ogra> there are new people hired to provide additional CVE fixes for 23000 packages that have not been there before ... these are provided for free to endusers and small businesses ... but to pay the people *someone* has to pay, his is why there needs to be gate-keeping
[15:14] <ogra> leftyfb, but the impression is correct !!
[15:14] <leftyfb> wow
[15:14] <ogra> it is insecure ... 
[15:15] <leftyfb> ogra: mark my words, this is going to be VERY bad for Ubuntu/Canonical. The press is going to eat this up and it's going to verymuch leave a scar
[15:16] <ogra> as insecure as it has always been ... but now you have the ability to get fixes for this ... universe has always been best effort community CVE fixing .. and that effort has always been very very low
[15:16] <oerheks> "Reduce your average CVE exposure time from 98 days to 1 day" ... confusing
[15:16] <lotuspsychje> and why exactly a user following the LTS regular route needs pro?
[15:16] <ogra> leftyfb, making the distro more secure than it was the last 19y is bad ?
[15:16] <leftyfb> ogra: you know exactly what I mean
[15:17] <leftyfb> I know you get this
[15:17] <leftyfb> the messaging is bad
[15:17] <ogra> leftyfb, well, file a bug, suggest a better message ... 
[15:17] <leftyfb> there is already a bug
[15:17] <leftyfb> and it's going to blow up, I'm telling you
[15:17] <ogra> well, ten see what the maintainers say 
[15:17] <ogra> *then
[15:18] <ogra> point is, there are additional security updtes now and they wont be hidden ... 
[15:18] <ogra> (and why should they)
[15:18] <leftyfb> that is not made clear to the end user
[15:19] <ogra> well, should it spit ut another two pages with explanation that there have never been security fixes to universe before ?
[15:19] <leftyfb> something to that affect, 100%
[15:19] <ogra> it has an url and that has an explanation
[15:27]  * ogra needs to go now ... there are several discussion threads about pro on discourse.ubuntu.com though ...
[15:28] <leftyfb> lotuspsychj3: https://bugs.launchpad.net/ubuntu/+source/ubuntu-advantage-tools/+bug/1992026
[15:28] -ubottu:#ubuntu-discuss- Launchpad bug 1992026 in ubuntu-advantage-tools (Ubuntu) "Ubuntu Pro APT integration is a bit much" [Critical, In Progress]
[15:28] <lotuspsychj3> yeah found that yesterday tnx leftyfb 
[15:29] <lotuspsychj3> so i purged all those imagemagick packages
[15:29] <lotuspsychj3> then the warning left
[15:29] <lotuspsychj3> now installing a new imagemagick gives back the esm warning
[15:30] <leftyfb> yeah, it's a very bad experience. It's going to drive a very large number of users away from Ubuntu.
[15:30] <lotuspsychj3> and how big will that list become after a while?
[15:32] <ravage> the current situation is just really bad. i agree
[15:33] <ravage> show me the information. let me enter "I KNOW WHAT IM DOING" and that should be it. no more Pro messages
[15:33] <lotuspsychj3> after all these years, they still havent learned, leave the user the choice...
[15:34] <leftyfb> that's a partial solution for users who understand what's going on
[15:34] <ravage> the alternative will be 100 articles online that show you how to do it
[15:35] <ravage> without any additional benfit to the users
[15:36] <leftyfb> I get the reasoning behind all this. Canonical is going above and beyond to fix security bugs in community software, something outside their responsibility. They want people to utilize this commercial product to pay for it. Great. I'm on board. I'll sign up and suggest others do we well.....
[15:36] <leftyfb> but the implementation amd current messages is VERY bad and will 100% drive users away and is going to cause a S-storm in the press
[15:36] <ravage> i talked to Fallen and i think... Heather and some other guy about it at FOSDEM
[15:37] <ravage> i think they at least did understand my point. i even use Ubuntu Pro. But not everyone wants to
[15:37] <leftyfb> same here
[15:38] <lotuspsychj3> i dont want my customer messing with pro
[15:38] <ravage> you can activate it for them :)
[15:39] <ravage> which is probably a good idea in general
[15:39] <lotuspsychj3> i want my users on a regular LTS route
[15:39] <oerheks> "add a UI to ask for snap permissions on first startup" is actually a good idea
[15:41] <leftyfb> completely different topic, but yes, I agree with that one as well
[15:41] <ravage> it was the topic a little earlier :)