[01:23] -queuebot:#ubuntu-release- Unapproved: accepted ivsc-driver [source] (mantic-proposed) [0~git202212210258.94ecb88b-0ubuntu0.23.10.3]
[01:53] -queuebot:#ubuntu-release- Unapproved: accepted mesa [source] (mantic-proposed) [23.2.1-1ubuntu3.1]
[02:14] -queuebot:#ubuntu-release- New sync: oem-stella.cmit-cooexy-meta (focal-proposed/primary) [20.04~ubuntu1]
[03:05] <xnox> vorlon: where did you remove md5 & sha1? =) i think i need to start a troll train of blog posts
[03:07] <vorlon> xnox: an argument to xorriso that only matters for jigdo and was failing with xorriso in mantic, possibly because we weren't telling it to actually produce .jigdo
[03:07] <xnox> cool
[03:08] <xnox> so how are we going to kill md5sums?
[03:08] <vorlon> kill it from what and where
[03:08] <xnox> .deb
[03:08] -queuebot:#ubuntu-release- Unapproved: accepted qemu [source] (mantic-proposed) [1:8.0.4+dfsg-1ubuntu3.23.10.1]
[03:08] <xnox> cause we don't have a usable replacement yet; and we don't have anything else to validate tamper proof (apart from like the 5 FIPS certified things with hmacs)
[03:09] <xnox> do i need to benchmark if parallelhash128 or sha256 is best here?
[03:09] <vorlon> I'm indifferent, it's not a significant security feature?  (If an attacker has write access to your rootfs, a stronger-than-md5sum checksum in the dpkg database won't save you)
[03:09] <vorlon> if what you're asking is "when do we have *verity", well
[03:09] <xnox> i am worried one cannot calculate md5 checksum anymore
[03:09] <xnox> (on an external machine)
[03:09] <vorlon> mm?
[03:10] <xnox> because everything is removing md5sum support =)
[03:10] <vorlon> md5sum itself won't go away
[03:10] <xnox> but i think it should
[03:10] <vorlon> well, you're wrong then ;)
[03:11] <vorlon> there are non-security-sensitive applications of hash calculations
[03:12] <xnox> vorlon: https://launchpad.net/ubuntu/noble/+queue?queue_state=0&queue_text=libpisp pretty please? for pi5 camera support
[03:15] <vorlon> xnox: I will try to take a look at it, but not right now; currently trying to do SRU shift makeup, as the queues are looking a bit unpleasant
[03:17] <xnox> vorlon: for non-security-sensitive application of hash calculation i would rather use blake3 as it is faster than md5
[03:17] <vorlon> ok, enjoy
[03:17] <vorlon> that's not a justification for killing compatibility with existing stuff :)
[03:22] -queuebot:#ubuntu-release- Unapproved: accepted alacarte [source] (mantic-proposed) [3.50.0-1ubuntu0.1]
[03:33] -queuebot:#ubuntu-release- Unapproved: accepted livecd-rootfs [source] (mantic-proposed) [23.10.56]
[04:16] -queuebot:#ubuntu-release- Packageset: Added oem-sutton-addie-meta to canonical-oem-metapackages in focal
[04:16] -queuebot:#ubuntu-release- Packageset: Added oem-sutton-addie-meta to canonical-oem-metapackages in jammy
[04:27] -queuebot:#ubuntu-release- Unapproved: rejected livecd-rootfs [source] (lunar-proposed) [2.828.2]
[04:36] -queuebot:#ubuntu-release- Unapproved: accepted grub2-unsigned [sync] (mantic-proposed) [2.12~rc1-10ubuntu4.1]
[04:41] -queuebot:#ubuntu-release- Unapproved: accepted grub2-signed [sync] (mantic-proposed) [1.197.1]
[04:42] -queuebot:#ubuntu-release- Unapproved: accepted grub2 [source] (mantic-proposed) [2.12~rc1-10ubuntu4.1]
[04:46] <vorlon> tsimonq2: lxqt-themes-extra> "License: MIT" is wrong, this should say "Expat"
[04:48] -queuebot:#ubuntu-release- New: accepted lxqt-themes-extra [source] (noble-proposed) [1.0-0ubuntu1]
[04:50] -queuebot:#ubuntu-release- Unapproved: accepted libqb [source] (mantic-proposed) [2.0.8-1ubuntu0.1]
[04:50] <vorlon> tsimonq2: same for sddm-conf
[04:50] -queuebot:#ubuntu-release- New sync: oem-sutton-addie-meta (jammy-proposed/primary) [22.04~ubuntu1]
[04:51] -queuebot:#ubuntu-release- New binary: lxqt-themes-extra [amd64] (noble-proposed/none) [1.0-0ubuntu1] (no packageset)
[04:52] -queuebot:#ubuntu-release- New: accepted sddm-conf [source] (noble-proposed) [0.2.0~git20231105-0ubuntu1]
[04:53] <vorlon> tsimonq2: qtilitools: it's written 'BSD-3-clause', per https://www.debian.org/doc/packaging-manuals/copyright-format/1.0/
[04:54] <vorlon> tsimonq2: debian/patches/fix-syntax.patch has a useless patch header...
[04:55] -queuebot:#ubuntu-release- New: accepted qtilitools [source] (noble-proposed) [0.1.1~git20231009-0ubuntu1]
[04:57] -queuebot:#ubuntu-release- Unapproved: rejected lubuntu-update-notifier [source] (lunar-proposed) [0.6.0~23.04.2]
[04:57] -queuebot:#ubuntu-release- New binary: qtilitools [amd64] (noble-proposed/none) [0.1.1~git20231009-0ubuntu1] (no packageset)
[05:06] <vorlon> tsimonq2: you appear to have sponsored optee-client-s32 as a NEW package.  But you are using a version number that is incorrect for an initial Ubuntu-only package; this should be 3.18.0-0ubuntu1, not 3.18.0-5ubuntu1
[05:09] <vorlon> tsimonq2: $ queue reject optee-client-s32 -m "incorrect version number for an Ubuntu-only upload. asserts individual copyright where Canonical copyright applies. debian/copyright license declarations do not match upstream."
[05:10] -queuebot:#ubuntu-release- New: rejected optee-client-s32 [source] (noble-proposed) [3.18.0-5ubuntu1]
[05:15] <vorlon> tsimonq2: `lintian -I optee-test-s32_3.18.0-2ubuntu1.dsc` is instructive
[05:15] <vorlon> tsimonq2: $ queue reject optee-test-s32 -m "incorrect version number for an Ubuntu-only upload. Incorrect assertion of 'GPL-3+' licensing which is inconsistent with Canonical copyright policy. SPDX-License-Identifier garbage header in debian/copyright. debian/copyright fails lintian checks. debian/copyright does not match upstream license information (bundled OpenSSL)"
[05:16] -queuebot:#ubuntu-release- New: rejected optee-test-s32 [source] (noble-proposed) [3.18.0-2ubuntu1]
[05:23] <vorlon> xnox: libpisp: same as above re: saying "License: MIT" instead of "License: Expat". licensecheck also shows me bits that are GPL-2 but this is not listed in debian/copyright. and debian/copyright lists a Canonical-copyrighted debian/ as BSD-2-clause; this is fine for debian/patches/* but packaging bits are not contributions to an upstream project and Canonical license policy says GPL-3
[05:25] -queuebot:#ubuntu-release- New: rejected libpisp [source] (noble-proposed) [1.0.0-0ubuntu1]
[05:28] <vorlon> tsimonq2: and I am, to be clear, categorically rejecting any packages I find in NEW that have an SPDX license identifier header *inside of* debian/copyright
[05:30] <vorlon> it a) is not part of the file format in the Debian copyright-format spec, b) is patent nonsense because there is no license on the contents of the copyright+license information itself, and I'm nipping this in the bud right now
[05:31] <vorlon> tsimonq2: u-boot-s32: GPL-3+ asserted and that's not the Canonical license
[05:32] -queuebot:#ubuntu-release- New: rejected u-boot-s32 [source] (noble-proposed) [2022.04-bsp37.0-13ubuntu1]
[08:23] -queuebot:#ubuntu-release- Unapproved: mesa (jammy-proposed/main) [23.0.4-0ubuntu1~22.04.1 => 23.2.1-1ubuntu3.1~22.04.1] (core, i386-whitelist, xorg)
[09:49] <rs2009> vorlon: ohh, it landed in my junk once again
[10:08] -queuebot:#ubuntu-release- Unapproved: rejected mesa [source] (jammy-proposed) [23.2.1-1ubuntu3~22.04.1]
[10:59] -queuebot:#ubuntu-release- Unapproved: accepted flash-kernel [source] (jammy-proposed) [3.104ubuntu17]
[12:13] -queuebot:#ubuntu-release- Unapproved: distro-info (mantic-proposed/main) [1.5 => 1.5ubuntu0.23.10.1] (core, i386-whitelist)
[12:17] -queuebot:#ubuntu-release- Unapproved: distro-info (lunar-proposed/main) [1.5 => 1.5ubuntu0.23.04.1] (core, i386-whitelist)
[12:21] -queuebot:#ubuntu-release- Unapproved: distro-info (jammy-proposed/main) [1.1ubuntu0.1 => 1.1ubuntu0.2] (core, i386-whitelist)
[13:30] <ricotz> hello ubuntu-archive, please reject the libreoffice 4:7.5.8-0ubuntu0.23.04.1~bpo22.04.1 from unapproved queue for jammy-backports.
[13:50] -queuebot:#ubuntu-release- Unapproved: virtualbox (jammy-proposed/multiverse) [6.1.38-dfsg-3~ubuntu1.22.04.1 => 6.1.38-dfsg-3~ubuntu1.22.04.2] (kernel-dkms, ubuntu-cloud)
[14:17] <tsimonq2> vorlon: Good morning. Thanks for all the queue reviews, I appreciate it. I'll sort through and address them one-by-one, when there's some coffee in my system. :P
[15:09] -queuebot:#ubuntu-release- Unapproved: grub2-signed (focal-proposed/main) [1.187.6~20.04.1 => 1.187.8~20.04.1] (core) (sync)
[15:09] -queuebot:#ubuntu-release- Unapproved: grub2-unsigned (focal-proposed/main) [2.06-2ubuntu14.4 => 2.06-2ubuntu14.5] (no packageset) (sync)
[15:27] <xnox> vorlon: my working assumption up to now was that packaging (meaning all of debian/) is at the same license as upstream (not just patches), but that makes more sense. About GPLv2 files - that is odd opened upstream issue for them to clarify what they want https://github.com/raspberrypi/libpisp/issues/18
[15:27] -ubottu:#ubuntu-release- Issue 18 in raspberrypi/libpisp "GPLv2 or BSD license?" [Open]
[16:38] <slyon> ubuntu-sru: If somebody could look into releasing the SRU from bug #1959570 (fully aged & verified), that'd be appreciated. The Ubuntu Core team is eagerly waiting for that. (CC RAOF, bdmurray, abeato)
[16:38] -ubottu:#ubuntu-release- Bug 1959570 in netplan.io (Ubuntu Focal) "netplan crashes on UbuntuCore with the network-manager snap installed" [Undecided, Fix Committed] https://launchpad.net/bugs/1959570
[17:15] -queuebot:#ubuntu-release- New binary: openpyxl [amd64] (noble-proposed/universe) [3.1.2+dfsg-3] (no packageset)
[17:17] -queuebot:#ubuntu-release- New binary: liquidsoap [amd64] (noble-proposed/universe) [2.2.2-1] (no packageset)
[17:22] -queuebot:#ubuntu-release- New binary: liquidsoap [arm64] (noble-proposed/universe) [2.2.2-1] (no packageset)
[17:22] -queuebot:#ubuntu-release- New binary: liquidsoap [s390x] (noble-proposed/universe) [2.2.2-1] (no packageset)
[17:22] -queuebot:#ubuntu-release- New binary: liquidsoap [ppc64el] (noble-proposed/universe) [2.2.2-1] (no packageset)
[17:26] -queuebot:#ubuntu-release- New binary: liquidsoap [armhf] (noble-proposed/universe) [2.2.2-1] (no packageset)
[17:58] -queuebot:#ubuntu-release- New binary: liquidsoap [riscv64] (noble-proposed/universe) [2.2.2-1] (no packageset)
[20:18] -queuebot:#ubuntu-release- Unapproved: gnome-characters (mantic-proposed/main) [45.0-1 => 45.0-1ubuntu1] (ubuntu-desktop)
[20:41] -queuebot:#ubuntu-release- Unapproved: fonts-noto-color-emoji (mantic-proposed/main) [2.038-1 => 2.041-0ubuntu0.23.10.1] (i386-whitelist, ubuntu-desktop)
[21:00] -queuebot:#ubuntu-release- Unapproved: fonts-noto-color-emoji (jammy-proposed/main) [2.038-0ubuntu1 => 2.041-0ubuntu0.22.04.1] (i386-whitelist, ubuntu-desktop)
[21:37] -queuebot:#ubuntu-release- Unapproved: systemd-hwe (jammy-proposed/main) [249.11.3 => 249.11.4] (no packageset)
[21:39] -queuebot:#ubuntu-release- Unapproved: systemd-hwe (lunar-proposed/main) [252.4.3 => 252.4.4] (no packageset)
[21:40] -queuebot:#ubuntu-release- Unapproved: systemd-hwe (mantic-proposed/main) [253.5.1 => 253.5.2] (no packageset)
[22:53] -queuebot:#ubuntu-release- New source: rust-bindgen-0.65 (noble-proposed/primary) [0.65.1+dfsg0-0ubuntu1]
[23:14] <liushuyu> Hi, is there any AA available for reviewing https://launchpad.net/ubuntu/noble/+queue?queue_state=0&queue_text=rust-bindgen-0.65 ? Thanks!