[04:06] <arraybolt3> @tsimonq2: Well... looks like LXQt Wayland is probably just about ready then... do we want to try to go Wayland for 23.10?
[04:07] <arraybolt3> (At least offering it as an option, I'm thinking?)
[04:07] <arraybolt3> I can probably package Wayfire for Debian and Ubuntu, and I'm pretty sure you can help get it into both.
[04:07] <arraybolt3> (That looks like where LXQt is mainly headed as far as Wayland compositor support.)
[04:08] <arraybolt3> There's also labwc but I dunno how well it will work.
[04:09] <arraybolt3> Also, did you see email some months ago about maybe doing a UI refresh for 23.10? I wonder what you think of that idea.
[04:33] <arraybolt3> And one more idea - maybe we can add ubuntu-drivers support to Calamares (via a subprocess module and a checkbox maybe)?
[04:46]  * arraybolt3 writes these things down
 Will it be possible to backport the wayland lxqt proposed for 23.10 to 22.04 or we will have to wait for 24.04 ?? (re @lubuntu_bot: (irc) <arraybolt3> writes these things down)
[15:44] <arraybolt3> @BlackKnight987: That remains to be determined. Might be possible, might not be.
[16:50] <tsimonq2> My gut reaction re: Wayfire: not before the LTS but that's not set in stone 
[16:51] <tsimonq2> I mean, if it's really stable right out of the box and we have graphics drivers worked out, sure 
[16:51] <tsimonq2> In terms of backporting, probably not 
[16:51] <tsimonq2> UI refresh> no, please remind me 
[16:51] <tsimonq2> Calamares> +1, good idea
[16:52] <arraybolt3> tsimonq2: Should be an email to lubuntu-devel@ titled " Suggestion - do a user interface refresh for the 23.10 cycle?"
[16:52] <tsimonq2> Link?
[16:52] <arraybolt3> I *think* (not entirely sure?) that graphics drivers should Just Work - the drivers support Wayland, not the other way around.
[16:52] <arraybolt3> tsimonq2: Uh... lemme dig it up...
[16:53] <arraybolt3> https://lists.ubuntu.com/archives/lubuntu-devel/2023-March/001963.html
[16:56] <arraybolt3> Anyway the thing that triggered my mention of Wayland is the fact that LXQt 1.3.0 has Wayland-related fixes that look hopeful, so while we definitely wouldn't want to replace X with Wayland entirely, it might be worth just adding it as an option so that people who are eager to try it can log into an LWQt session from SDDM.
[16:56] <arraybolt3> Obviously it probably won't be perfect for everyone, but it might help us to get the bugs shaken out if we offer it as an option that we label as experimental.
[16:56] <tsimonq2> Right, that is certainly an option I think
[16:57] <tsimonq2> Wrt theming overhaul, what are some viable candidates?
[16:57] <arraybolt3> Not sure yet, I've not looked into it a whole lot. I liked how Clearlooks looked and I think that's what Debian uses by default in LXQt though.
[16:58] <tsimonq2> We should still be unique, I'd say
[16:58] <arraybolt3> The email was more to get people's general idea on whether a UI refresh would be welcome at all before digging into what exactly the "new" UI would look like.
[16:59] <arraybolt3> Maybe that's backwards though :P
[16:59] <tsimonq2> And hey, this is just my gut reaction since apparently I'm dumb and don't know how to read emails. :P
[17:00] <arraybolt3> lol
[17:02] <arraybolt3> We could also do something really fun and make our own theme from scratch, if we had the time.
[17:03] <arraybolt3> (Though we want to rewrite lubuntu-update-notifier so we might not have the time to do something quite that ambitious. But hey, four months is a while.)
 "And hey, this is just my gut..." <- Bah! Who has time for email? Lol
[17:43] <arraybolt3> Heh, depends on if you have Thunderbird set up or not :D
[22:24] <Eickmeyer> arraybolt3: Devil's advocate here: https://bugs.launchpad.net/ubuntu/+source/calamares/+bug/2016436/comments/1
[22:24] -ubottu:#lubuntu-devel- Launchpad bug 2016436 in calamares (Ubuntu) "Calamares will let you set up a user account with no password" [Undecided, New]
[22:26] <arraybolt3> Eickmeyer: We'll see...
[22:27] <Eickmeyer> I have the feeling it's a config.
[22:27] <arraybolt3> Let's hope so, because XScreenSaver locks you out if your password is blank. Just confirmed it.
[22:30] <Eickmeyer> arraybolt3: https://github.com/calamares/calamares/blob/calamares/src/modules/users/users.conf#L118
[22:30] <Eickmeyer> Bug is actually in calamares-settings-ubuntu
[22:30] <arraybolt3> Yay!
[22:30] <arraybolt3> And grr... now we're going to need a respin.
[22:31] <Eickmeyer> Likely for both Lubuntu and Ubuntu Studio if the problem is present in both.
[22:33] <arraybolt3> Yep, looks like Studio also is missing the needed option.
[22:33] <arraybolt3> Eickmeyer: You want me to fix it for both while I'm at it, or are you content with it as it is?
[22:33] <arraybolt3> (Make sure to test that KDE's screen locking won't lock you out if you want to leave it as-is.)
[22:34] <Eickmeyer> arraybolt3: Nah, because the screen locking isn't a problem in KDE.
[22:34] <arraybolt3> +1, then I'll fix it in Lubuntu only.
[22:34] <Eickmeyer> BUT, I'd rather people not have a blank password.
[22:34]  * Eickmeyer is very security minded
[22:35] <Eickmeyer> arraybolt3: ^
[22:35] <arraybolt3> OK, then I'll fix it in both.
[22:36] <Eickmeyer> Thanks. :)
[23:10] <arraybolt3> Hmm... I dunno, as much as this is a crummy problem, how does the Lubuntu team feel about a respin?
[23:10] <arraybolt3> guiverc, tsimonq2, teward, kc2bez[m] ^
[23:11] <arraybolt3> (And also kgiii and LeoK[m], though it looks like kgiii is missing atm)
[23:12] <arraybolt3> I feel it would be helpful and that it's within our ability to do, but I also don't want to flush the testing work everyone's been doing for something that we're not all on board with.
[23:12] <arraybolt3> The fix appears to work at least.
[23:13] <kc2bez[m]> We've been pretty lax with password and user enforcement in the past. There are a bunch of options in the configuration really.
[23:14] <tsimonq2> Is the screensaver the only package affected by this?
[23:14] <arraybolt3> tsimonq2: I don't know, but I still think it's a Bad Idea to let users be able to lock themselves out doing something that they think will keep themselves from getting locked out.
[23:14] <tsimonq2> Also, if this bug exists, what is different in the live ISO, which also has a blank password?
[23:15] <arraybolt3> Nothing :) You can lock yourself out of a live session too.
[23:15] <arraybolt3> https://bugs.launchpad.net/ubuntu/+source/lubuntu-meta/+bug/2000787
[23:15] -ubottu:#lubuntu-devel- Launchpad bug 2000787 in lubuntu-meta (Ubuntu) "Live system cannot leave 'Lock Screen' when selected from menu" [Undecided, Confirmed]
[23:15] <kc2bez[m]> I am not opposed to a change here but we could release note it too.
[23:16] <guiverc> I don't mind either way... I never thought to test no passwd & would imagine some (kids etc) would like it, can understand why its not good, but I'm not fussed either way
[23:16] <arraybolt3> Either way, since I can see Eickmeyer would really like the fix (he marked it Critical), I'll upload it, it's just a question of whether to press the "flush all our testing work and make a new ISO" button or not.
[23:16] <tsimonq2> Okay, two questions... does the default installer prevent this? Does it affect anything besides the screensaver?
[23:16] <arraybolt3> tsimonq2: If by default installer you mean Ubiquity, I'm fairly certain it does prevent this.
[23:17] <arraybolt3> As for the second question, that's yet to be determined.
[23:17] <Eickmeyer> Can confirm: Ubiquity prevents a blank password.
[23:17] <kc2bez[m]> There is the other default flutter installer too
[23:17] <guiverc> default desktop install is now ubuntu-desktop-installer (for Ubuntu Desktop)
[23:17] <arraybolt3> Hmm, I'd have to zsync to find out if the Flutteri nstaller also prevents it.
[23:17] <guiverc> ubiquity is found on legacy/alternate iso only
[23:18] <arraybolt3> Well there are a lot of flavors still using Ubiquity so arguably it still is the "default installer" for a lot of things.
[23:18] <Eickmeyer> But still supported.
[23:19] <Eickmeyer> Considering ubuntu-desktop-installer was modeled after Ubiquity, I'd argue it's safe to assume it also doesn't allow a blank password.
[23:19] <arraybolt3> (zsync of Ubuntu Desktop in progress over here)
[23:20] <Eickmeyer> And to be fair, spinning a new ISO does not flush all of the testing work, that stuff is still recorded and does not get erased.
[23:21] <guiverc> Eickmeyer, referring to https://phab.lubuntu.me/w/release-team/testing-checklist/ where policy says start-again if certain packages are changed..
[23:21] <Eickmeyer> Oh! I was referring to the official iso tracker.
[23:21] <kc2bez[m]> We've still got some time to test things, all is good.
[23:22] <arraybolt3> Yeah, and this is a change to calamares-settings-lubuntu, so it *will* result in us having to do ~18 more installs.
[23:22] <guiverc> I agree kc2bez[m] 
[23:22] <arraybolt3> (Currently verifying that the bug fix works on Studio, looks promising so far.)
[23:23] <Eickmeyer> arraybolt3: Calamares is calamares. If it works in Lubuntu it will work in Studio. DE isn
[23:23] <Eickmeyer> t a factor.
[23:23] <arraybolt3> Eickmeyer: Right but I made the change in two separate places, and while it was the same change both times, you can never be too careful, especially with an installer.
[23:23] <arraybolt3> (What if I made a typo and missed it?)
[23:24] <Eickmeyer> That's what a difftool is for.
[23:24] <arraybolt3> Also there are documented instances where Calamares does things weird on Studio that it doesn't do on Lubuntu (i.e., autologin)
[23:24] <arraybolt3> So it's not entirely true that DE isn't a factor.
[23:24] <arraybolt3> (It's probably not a factor here though.)
[23:24] <Eickmeyer> The autologin is a known bug.
[23:25] <Eickmeyer> And one that I bugged Adrian about at Summit.
[23:26] <arraybolt3> I'm just saying, I'd rather avoid breaking things on accident. I should use a difftool too (I have Meld installed), but theoretically it is possible that Calamares could have some weird interaction with a KDE component that it doesn't have with LXQt that causes it to crash with a SIGABRT for no apparent reason if you set some particular setting. Unlikely, but could happen.
[23:26] <arraybolt3> And the install is already mostly done anyway :P
[23:30] <arraybolt3> Verified that everything's working, package is now uploaded.
[23:31] <arraybolt3> And pushed to Git.
[23:32] <tsimonq2> This patch doesn't feel quite right, because it's restricting user functionality. That being said, I just read the SDDM bug
[23:32] -queuebot:#lubuntu-devel- Unapproved: calamares-settings-ubuntu (lunar-proposed/universe) [1:23.04.11 => 1:23.04.12] (lubuntu, ubuntustudio)
[23:32] <arraybolt3[m]> tsimonq2: To disallow a blank password? I mean I'm pretty sure we used to disallow a blank password before.
[23:32] <tsimonq2> This cycle, meh, it's not a regression compared to Ubiquity
[23:32] <arraybolt3[m]> (In Focal, possibly still in Jammy.)
[23:33] <arraybolt3[m]> Personally, if the user really, *really* wants a blank password that badly, they can do that after the installation is finished using some "I'm obviously asking for trouble here" hack that doesn't involve using `passwd` since `passwd` won't let you do it anyway. Then when XScreenSaver locks them out, they did it to themselves at least.
[23:36] <guiverc> IF no password is accepted now with installer issue; will that mean the screenlock of installed system won't unlock??   That issue would mandate fix/respin in my view.
[23:36] <arraybolt3[m]> guiverc: Yes.
[23:36] <arraybolt3[m]> If you make a user account with no password, you will be unable to unlock the screen.
[23:36] <guiverc> I'll vote we need to respin then now.
[23:36] <tsimonq2> How long has that been happening? Can we confirm that this is an issue on the live ISO?
[23:36] <arraybolt3[m]> That's the main reason I'm in favor of disallowing a blank password. If it wasn't for that, I'd not be that concerned about it.
[23:36] <Eickmeyer> Needs an ack from release team first.
[23:37] <arraybolt3[m]> tsimonq2: I don't know how long. It may have been like this (and may still be like this) in Kinetic.
[23:37] <arraybolt3[m]> I remember some user reporting it, and I told them "I don't think the installer lets you make a user acocunt with no password". Welp, turns out it does.
[23:37] <tsimonq2> No, I mean the screensaver issue specifically
[23:38] <arraybolt3> Oh. That's been happening for a few months, sudodus reported it in December of last year.
[23:38] <arraybolt3> It's a fair guess that it's always been like that though.
[23:38] <arraybolt3> I mean I can fire up a Focal VM and see.
[23:38] <tsimonq2> And to be clear, do we have default timeout settings? (I always changed that immediately after install)
[23:39] <tsimonq2> Er, power saving
[23:39] <arraybolt3> I'm pretty sure the screen does automatically lock.
[23:39] <Eickmeyer> Honestly, the first user (an admin user by default) having no password is a security issue no matter which way you sell it.
[23:39] <arraybolt3> Hmm, it looks like it does *not* automatically lock after all.
[23:39] <arraybolt3> I think I was wrong there.
[23:40] <tsimonq2> You scared me there for a second. :)
[23:40] <arraybolt3> Still, a user could set a blank password, lock the screen with important work open, come back to unlock it, and then discover that they just lost all their work.
[23:40] <arraybolt3> (Windows lets you make a user with no password and then lock the screen, it just *also* lets you back in after that :P so this is something people are liable to do.)
[23:41] <guiverc> I can't imagine any smart-user who relies on their system using a (blank) password... 
[23:41] <arraybolt3> Valid point.
[23:42] <arraybolt3> Here's a question - if you enable suspend-on-lid-close on a laptop, does the screensaver kick in automatically when you wake the system?
[23:42]  * arraybolt3 checks
[23:42] <Eickmeyer> Having a blank password as an admin user is just a security nightmare. Having windows with a blank password is just saying, "Hey! Look at me! Here's all my stuff!"
[23:43] <guiverc> ack Eickmeyer ; its not a great 'selling' point as for Lubuntu taking security as important..
[23:44] <guiverc> (or Ubuntu Studio from your view)
[23:44] <arraybolt3> Yeah the screensaver *does* kick in when you wake a laptop.
[23:44] <arraybolt3> (Just confirmed using a Lunar Final install of Lubuntu that I made during testing.)
[23:44] <arraybolt3> And now I just locked myself out :P
[23:44] <Eickmeyer> ope
[23:45] <arraybolt3> So there is a fairly common scenario wherein which someone could lock themselves out doing this (laptop set to suspend when lid is closed), and there's the obvious security concerns.
[23:46] <guiverc> I'd suggest respin if Ubuntu Release Team allows (thus we retest); otherwise we release-note it..
[23:46] <arraybolt3> Holy smoke I only had about 29% of the Ubuntu Desktop ISO here. So that's going to take a while :)
[23:46] <Eickmeyer> They'll most certainly allow it.
[23:47] <tsimonq2> So, what about the screensaver bug?
[23:47] <tsimonq2> Is there any known workaround or fix for that? Have we tried the latest version?
[23:48] <arraybolt3> tsimonq2: I find it highly unlikely we'll get away with adding a new version of XScreenSaver from upstream this late in the game. It turns XScreenSaver from GTK2 to GTK3, and it lacks the time bomb fix we applied.
[23:48] <arraybolt3> As for any known workaround, there is none that I know of.
[23:48] <Eickmeyer> Just pinged vorlon to see if he's around for a quick ack before dinner.
[23:49] <tsimonq2> Does that version actually have a fix for it, or would we have to patch it anyway? I'm not suggesting a full version update, just a cherry pick
[23:49] <arraybolt3> Sadly XScreenSaver doesn't use Git so finding a patch to cherry-pick is non-trivial.
[23:49] <arraybolt3> jwz only distributes tarballs, there's no official VCS :(
[23:50] <arraybolt3> I could check to see if there's anything in a changelog though perhaps.
[23:50] <tsimonq2> Just depends on the fix
[23:50] <tsimonq2> Good idea
[23:52] <arraybolt3> Nothing in the changelog that I can see (searched for both "blank" and "password").
[23:54] <arraybolt3> Also searched for "empty".