[00:11] <valorie> arraybolt3: \o/
[00:11]  * valorie has been wanting this for sooo long
[01:21]  * mamarley grumbles loudly at the latest version of "gnupg" forcing him to install "postfix" on a bunch of client systems.
=== guiverc2 is now known as guiverc
[09:19] <sgmoore> arraybolt3: https://git.launchpad.net/~kubuntu-dev/ubuntu-seeds/+git/kubuntu
[14:57] <tsimonq2> mamarley: Which version of (K)ubuntu?
[14:57] <tsimonq2> RikMills, sgmoore, arraybolt3: Could we please take the time to evaluate what is in the Kubuntu seed sometime over the next two weeks?
[14:58] <tsimonq2> The Technical Board is questioning the amount of packages are in there, vorlon raised cvs as an example.
[14:58] <tsimonq2> I'm happy to take the heat for us if there is justification for keeping packages in there.
[15:00] <RikMills> tsimonq2: I don't se cvs in there
[15:02] <RikMills> *see
[15:03] <tsimonq2> RikMills: https://ubuntu-archive-team.ubuntu.com/packagesets/noble/kubuntu is what they were looking at.
[15:05] <RikMills> tsimonq2: it is not in https://git.launchpad.net/~kubuntu-dev/ubuntu-seeds/+git/kubuntu/tree/supported
[15:05] <tsimonq2> RikMills: When's the last time we've asked the DMB to update the packageset? :)
[15:06] <tsimonq2> There *was* discussion in the TB meeting about that process being unclear.
[15:06] <RikMills> so if it is getting pulled in by something else, that is a release team script issue
[15:06] <tsimonq2> Strong +1, just making sure *our* ducks are in a row before I tell them their ducks are not. :)
[15:06] <RikMills> tsimonq2: I have been meaning to do that for a while
[15:08] <sgmoore> I am brand new to seeds and really don't have a clue. I really would like to know the proper process though.
[15:08] <RikMills> thing is, as I have been MOTU and main uploader, I have been lazy about it
[15:08] <RikMills> since I gan upload anything in universe without the kubuntu set matching
[15:08] <RikMills> *can
[15:09] <tsimonq2> RikMills: I totally understand that, too :)
[15:11] <RikMills> tsimonq2: sgmoore: so a full review of the kubuntu seed whould be a good task for 24.04. to keep everyone happy
[15:11] <RikMills> sgmoore: did you have motu at one point?
[15:13] <sgmoore> I have not, was working on it when things exploded.
[15:14] <sgmoore> I plan on fixing that of course
[15:16] <RikMills> sgmoore: good. package sets are fine, but they never get updated often enough. I think it is hugely important for flavours to have a MOTU or even core dev active
[15:16] <RikMills> tsimonq2: is a great example 
[15:16] <sgmoore> Of course
[15:19] <tsimonq2> https://lists.ubuntu.com/archives/technical-board/2024-February/002888.html is worth referencing
[15:19] <sgmoore> well to be fair doesn't cervisia depend on cvs? And it is still an active application AFAIK
[15:20] <tsimonq2> That is fair, yes. Just need to make sure it's documented as such. :)
[15:20] <sgmoore> ack
[15:21] <tsimonq2> Thanks for your input everyone :) arraybolt3 or anyone else, let us know if you have thoughts!
[15:22] <tsimonq2> sgmoore: Oh, and re: your earlier question about proper process...
[15:23] <tsimonq2> Usually it goes, add it to the seed, update your metapackage, then ask the DMB to poke the packageset.
[15:23] <tsimonq2> I know in the past the packageset part was done automagically, but I believe the process is being evaluated at this point.
[15:23] <sgmoore> kool, refresh my memory... DMB?
[15:23] <tsimonq2> Developer Membership Board :)
[15:24] <sgmoore> thanks lol
[15:24] <tsimonq2> No worries! There is `!dmb-ping` in #ubuntu-devel for emergencies, otherwise the best way to contact the DMB is via the devel-permissions list.
[15:24] <sgmoore> I was looking at the seed ( desktop ) and wondering why we install thunderbird and not KDE's lovely kmail?!?! 
[15:24] <tsimonq2> https://lists.ubuntu.com/mailman/listinfo/devel-permissions
[15:26] <BluesKaj> Hi all
[15:26] <RikMills> tsimonq2: there is a update-seed script that look at a complete clone of all the frameworks, plasma, and gear repos and adds them to the seed
[15:26] <RikMills> *looks
[15:27] <RikMills> that is where: https://git.launchpad.net/~kubuntu-dev/ubuntu-seeds/+git/kubuntu/tree/supported#n228 
[15:27] <RikMills> comes from
[15:27] <tsimonq2> Oh wow, nice!
[15:28] <tsimonq2> BluesKaj: Heya :)
[15:28] <RikMills> I think it is still in bzr somewhere. I will find it
[15:28] <sgmoore> oh neato
[15:28] <BluesKaj> hey tsimonq2
[15:30] <RikMills> BluesKaj: how are you doing? It is a lomg time since we talked
[15:32] <BluesKaj> I'm doing ok, getting old and creaky but I'm managing , how about you, RikMills?
[15:35] <tsimonq2> sgmoore: Thunderbird vs KMail> I don't know if there is a reason, although I'm biased because I use Thunderbird and have never gotten KMail to work quite right for me. :)
[15:35] <tsimonq2> For your own context, we had a discussion within Lubuntu a few years ago about our default web browser.
[15:35] <RikMills> BluesKaj: BluesKaj I don't thing I am as old as you but I think I am getting to that of feeling, so I and definitely understand
[15:36] <RikMills> *donk think
[15:36] <tsimonq2> sgmoore: We would be shipping Falkon by default, fullstop, if we could count on the underlying Chromium library to be updated frequently. We ship Firefox solely because it delegates the responsibility of those security concerns to folks at Mozilla and Canonical. I could see the conversation about KMail being similar.
[15:37] <sgmoore> tsimonq2: So what should be in the packageset exactly KDE packages plus dependencies or ?
[15:38] <BluesKaj> tsimonq2, I used kmail til 2008 then it got too complex for me to even set up so I went with gmail \
[15:38] <sgmoore> Ah, I see, valid point... but I find it sad the (K) buntu doesn't ship a KDE application by default. 
[15:38] <tsimonq2> sgmoore: In my opinion (I'd be curious to see if RikMills concurs), all of KDE should be in supported, what we ship should be in our main desktop seed, anything extra shouldn't be in supported or desktop. :)
[15:39] <sgmoore> I use and love the whole kontact suite of apps. It has come a long way.
[15:39] <tsimonq2> I agree, they're a great idea and I love the UX, just comes down to functionality, for me personally. :)
[15:41] <sgmoore> Now with firefox ( browser default ) I can totally agree with, browsers and their security nightmares is best left with a much better paid Canonical team.
[15:42] <tsimonq2> I don't think Kubuntu officially has an opinion on KMail vs Thunderbird, so you are welcome to prepare justification. :)
[15:42] <sgmoore> But I honesly have not seen an enormous amount of kmail CVEs. I don't see an issue with supporting it.
[15:43] <sgmoore> Is this something I bring to KC or ?
[15:45] <RikMills> kmail depends on qtwebenine, which is very har to update in a sable release
[15:45] <RikMills> *hard
[15:46] <sgmoore> Ah, valid point
[15:46] <sgmoore> that is a bit beastly isn't it.
[15:46] <RikMills> indeed
[15:46] <sgmoore> and plenty of CVEs
[15:46] <sgmoore> I don't, I have to backport a few for Debian LTS lol
[15:47] <sgmoore> I know rather
[15:47] <sgmoore> and had, fat fingers.
[15:47] <RikMills> https://www.omgubuntu.co.uk/2024/02/thunderbird-snap-in-ubuntu-24-04
[15:47] <tsimonq2> We could consider doing those security updates, it's not out of the question. That being said, part of the discussion around Firefox vs Falkon was, would our time be better spent on something else?
[15:47] <RikMills> is that true tsimonq2 
[15:47] <RikMills> ?
[15:48] <tsimonq2> RikMills: My default answer is "no, that isn't true" for OMG! Ubuntu! :P
[15:48] <tsimonq2> That being said, I know there are efforts in this direction.
[15:48] <tsimonq2> I have personally been using the Thunderbird snap on my production machine for months now, with zero issue.
[15:48] <RikMills> it would make sense
[15:51] <tsimonq2> For the record, today is my last full day of this week. I'll be in a car for 8 hours tomorrow en route to $dayjob headquarters.
[15:52] <sgmoore> So with all of this said ... https://git.launchpad.net/~kubuntu-dev/ubuntu-seeds/+git/kubuntu/tree/supported#n228 wouldn't really be a true set of packages we support in LTS because we don't ship them all on the seed. Right? Or am I mistaken and we do have to worry about CVEs for the next 3 years on kmail ? Or webengine?
[15:52] <tsimonq2> I will be available via phone for emergencies, and I do have an incredibly bad habit of Talk to Texans while driving... :P
[15:53] <tsimonq2> sgmoore: The answer to your question is a more de facto one (as opposed to de juris), meaning, unofficially, yes flavors should put their best effort into CVE patches, but it falls under "it's in Universe, so there is no obligation."
[15:54] <tsimonq2> In recent history, I *think* me and arraybolt3 have been the only ones to do community security updates. I really hope I'm wrong on that.
[15:54] <tsimonq2> And of course, Ubuntu Pro does ship some security updates for packages in Universe, on customer request. I have contacts there ifneedbe :)
[15:54] <RikMills> sgmoore: the question of what the supported seed means is a little unclear. Is it packages that we want to support for updates/patches, or is it ones that we want o maintains uplod rights to
[15:54] <sgmoore> Ok, well I have done several for Debian LTS, so I will certainly do them here.
[15:55] <sgmoore> Well, I would think we would want to support the packages we upload :)
[15:56] <tsimonq2> We should be careful in our messaging, because if we tell the TB "hey, these packages are in supported just because we want to have upload access to them," even if that was the truth at some point, we'll get met with "uhhhh.... wat??" :)
[15:57] <tsimonq2> I would say that going forward, supported packages should reflect only the packages we update as a flavor every cycle. Gear, Frameworks, Plasma, and anything else we would like to actually support.
[15:57] <tsimonq2> I'm not opposed to keeping supported as it is, iff we can justify it.
[15:58] <sgmoore> Which brings in the bug triage mess we have in launchpad, Which is personally something high priority to fix, with little support from either kde or launchpad teams it seems.
[15:58] <tsimonq2> Don't worry, I'm working on that.
[15:58] <tsimonq2> Quite a bit of "unseen" work on that front has been happening. ;)
[15:59] <sgmoore> tsimonq2: Oh yeah? I got an update on the bug saying, none of us were around when the plugin was made and we don't have the resources to update it.
[15:59] <sgmoore> this cycle at least.
[15:59] <tsimonq2> sgmoore: From Ben, right?
[15:59] <tsimonq2> Or are you saying from the LP team?
[15:59] <sgmoore> No, launchpad devs
[15:59] <tsimonq2> Cool, have a link?
[15:59] <RikMills> tsimonq2: we have MOTU, and if we can include you a core-dev so the need have all things you want to be able to upload is not such an issue now
[16:00] <tsimonq2> RikMills: Given that I now have $dayjob backing for this effort, yes you can absolutely include me. :)
[16:00] <tsimonq2> I know, very well, that this is not the way it used to be, of course.
[16:01] <RikMills> yeah, we used to have to add a lot to the seeds to be able to work
[16:01] <sgmoore> tsimonq2: https://bugs.launchpad.net/launchpad/+bug/2052788
[16:01] -ubottu:#kubuntu-devel- Launchpad bug 2052788 in Launchpad itself "launchpadplugin is outdated and doesn't work with modern versions of Bugzilla" [Undecided, Incomplete]
[16:02] <RikMills> wow. A long time since I even tried to if that worked
[16:03] <RikMills> *see if
[16:03] <sgmoore> So I made this to track our plasma bugs... https://bugs.launchpad.net/ubuntu/+source/plasma-desktop/+bug/2053125
[16:03] -ubottu:#kubuntu-devel- Launchpad bug 2053125 in Plasma 5.27 "Tracking 5.27 Plasma Bugs" [High, Triaged]
[16:04] <sgmoore> I hand imported bugs from bugs.kde.org with Plasma and Kubuntu in them.
[16:05] <sgmoore> It still needs refinment. But at least it is one place I can go through each component and triage bugs.
[16:05] <tsimonq2> sgmoore: I would highly suggest reaching out to bdmurray in #ubuntu-devel to see if he has any thoughts on this. After all, he is "Ubuntu's Bug Master" ;)
[16:05] <sgmoore> Yeah, I remember him :) And Nate on the KDE side.
[16:06] <tsimonq2> Yes of course :D
[16:37] <arraybolt3> tsimonq2: LocutusofBorg also did some community CVE updates... via VBox microreleases.
[16:37] <arraybolt3> As for upload permissions, I'm happy to help with evaluating the seed.
[16:38] <arraybolt3> And also, I have MOTU privileges, so sgmoore, et. al.: if something comes up where you need to do an upload and both Rik and Simon have vanished, I can help out too.
[16:39] <tsimonq2> arraybolt3: I sometimes forget how much LoB does, I should stop that :D
[16:39] <tsimonq2> If anyone wants a direct contact on the security team, I'm happy to make that connection.
[17:01] <arraybolt3> tsimonq2: QtWebEngine seems like one of those things that could be seriously helpful and is instead just a security mess. I wonder if at some point (maybe for a future cycle, maybe for this one if we're ambitious) we could figure out a plan that would allow us to keep it constantly updated?
[17:02] <arraybolt3> I don't think an MRE would work because of how the upstream Qt release cycle works, but something along those lines...
[17:38] <tsimonq2> arraybolt3: We should have a chat with the Security Team about this. :)
[17:40] <arraybolt3> right now I don't think we even have access to the latest QtWebEngine security patches because Qt5 has been left behind for so long...
[17:41] <arraybolt3> and given the amount of time it takes for Plasma to update to the latest megarelease of Qt (if the Plasma 6 transition was any indicator), that would be a "hole" we'd be left with an awful lot of the time.
[17:43] <arraybolt3> oh? maybe not though, https://code.qt.io/cgit/qt/qtwebengine.git/log/?h=5.15.16
[17:48] <arraybolt3> tsimonq2: if you want to get in touch with the Security Team over it, that would be great. I would love if we could regularly keep QtWebEngine up to date, and due to Qt's policies it looks like we may be able to regularly security patch even Qt5's WebEngine.
[17:55] <arraybolt3> holy smoke QtWebEngine requires Python2 to build :exploding_head: I really hope these docs are just out of date.
[19:10] <sgmoore> arraybolt3: Thank you
[19:11] <sgmoore> While I certainy do intend on fixng my MOTU. I would rather my time be spent on a spectactular LTS release right now.
[19:12] <sgmoore> And yeah, there was a QT5 release, it is in neon already, ubuntu/debian is behind.
[19:24] <sgmoore> Though to be fair, it was fairly recent and the current transition was in place.
[20:00] <sgmoore> arraybolt3: Can I add you as a point of contact for LTS re-qualification?
[20:17] <arraybolt3> sgmoore: I'm not sure, I don't have a very deep understanding of Kubuntu's internals (kubuntu-automation mainly) and am not sure how good of a job I'd do at being a point of contact.
[20:21] <sgmoore> Okay, no worries.
[20:33] <Eickmeyer> sgmoore: I was toying with the contact idea, but decided against it. But keep this in mind for resource awareness and collaboration needs: 1) I'm a MOTU. 2) Ubuntu Studio shares the Plasma DE. 3) Ubuntu Studio seeds some KDE packages that Kubuntu doesn't seed, such as digiKam and Kdenlive. 3) Edubuntu seeds a TON of KDE Educational applications.
[20:33] <Eickmeyer> With that, Ubuntu Studio's health, and to a lesser extent, Edubuntu's, directly depends on Kubuntu.
[20:34] <Eickmeyer> So, there's some overlap and I believe tsimonq2 and I will be working closely with you.
[20:42] <sgmoore> Wonderful :)
[20:44] <sgmoore> THey were happy with my list, I just thought the more the merrier. All is well.