Re: zfs-linux_0.6.5.6-0ubuntu25_source.changes REJECTED

[C de-Avillez]

On Wed, 12 Sep 2018 17:04:59 +
Debian FTP Masters  wrote:

> zfs-linux_0.6.5.6-0ubuntu25.dsc: Refers to non-existing file
> 'zfs-linux_0.6.5.6.orig.tar.xz' Perhaps you need to include the file
> in your upload?
> 
> 
> 
> ===
> 
> Please feel free to respond to this email if you don't understand why
> your files were rejected, or if you upload new files which address our
> concerns.
> 
> 

Hello,

We have been receiving, every so often, emails like the above to the
mailing list; since the OP is not registered, they end up in the
moderation queue.

I would like to know if the ML admins should release such emails to the
ML, or just block the OP.

Thank you,

..C..


pgpBmoM3dgjtm.pgp
Description: OpenPGP digital signature
-- 
Ubuntu-devel-discuss mailing list
Ubuntu-devel-discuss@lists.ubuntu.com
Modify settings or unsubscribe at: 
https://lists.ubuntu.com/mailman/listinfo/ubuntu-devel-discuss

Re: [WARNING] Intel Skylake/Kaby Lake processors: broken hyper-threading

[C de-Avillez]

On Mon, 26 Jun 2017 17:48:26 -0400
Jack Howarth  wrote:

> Is there any official word from the Ubuntu kernel maintainers about
> their response to this issue just announced on the Debian mailing
> lists?
> 
> https://lists.debian.org/debian-devel/2017/06/msg00308.html
> 
> My understanding from System76 was that they expected this issue to be
> fixed with a kernel update rather than requiring a UEFI bios update
> for motherboards.
>  Thanks in advance for any info.
>   Jack
> 

There is a bug on this [1]. But this is not a kernel issue, is a
processor microcode issue.

Cheers,

..C..



[1] https://bugs.launchpad.net/bugs/1700373


signature.asc
Description: OpenPGP digital signature
-- 
Ubuntu-devel-discuss mailing list
Ubuntu-devel-discuss@lists.ubuntu.com
Modify settings or unsubscribe at: 
https://lists.ubuntu.com/mailman/listinfo/ubuntu-devel-discuss

Re: The Simple Things in Life

[C de-Avillez]

On Thu, 21 Jul 2016 22:02:53 +0200
Xen <l...@xenhideout.nl> wrote:

> C de-Avillez schreef op 21-07-2016 21:48:
> > On Thu, 21 Jul 2016 14:19:34 +0200
> > Xen <l...@xenhideout.nl> wrote:
> > 
> > 
> >   
> >> > FWIW, this is the *only* reply to this thread that I will ever
> >> > do. I'm too busy following by secret agenda to reply to the other
> >> > mails...  
> >> 
> >> Rightly so! This is important work you do. You should be proud of
> >> it ;-).  
> > 
> > 
> > How about you give us a link to the systemd-devel thread about this?
> > Then we will be able to read the source, instead of your
> > interpretation and attacks.  
> 
> If you wanted that, you would already have found it, so I don't think 
> you do.

...

> I don't give people stuff they are not interested in, or are only 
> interested in in order to break someone down, such as that you are 
> demonstrating here.

But here you are referring to a mail thread on systemd-devel, and
ranting about how people that know what they are talking about (and
even tried to argue with you about it) do not agree with you.

So, no, this thread *is* important. It puts your comments in context.

https://www.mail-archive.com/systemd-devel%40lists.freedesktop.org/msg35744.html

And, still, you antagonise people because you think they do not see
your PoV. You succeeded in getting Martin uninterested in discussing 
this further with you.

This is the end of the thread, for me as well. But the other subscribers
should have the source.

I am not interested in breaking anyone down. I am, though, interested in
understanding what is going on.

Cheers,

..C..




pgpWwtTi6gLEW.pgp
Description: OpenPGP digital signature
-- 
Ubuntu-devel-discuss mailing list
Ubuntu-devel-discuss@lists.ubuntu.com
Modify settings or unsubscribe at: 
https://lists.ubuntu.com/mailman/listinfo/ubuntu-devel-discuss

Re: The Simple Things in Life

[C de-Avillez]

On Thu, 21 Jul 2016 14:19:34 +0200
Xen  wrote:



> > FWIW, this is the *only* reply to this thread that I will ever do.
> > I'm too busy following by secret agenda to reply to the other
> > mails...  
> 
> Rightly so! This is important work you do. You should be proud of it 
> ;-).


How about you give us a link to the systemd-devel thread about this?
Then we will be able to read the source, instead of your interpretation
and attacks.

Cheers,

..C..


pgpiOPO1mGKBb.pgp
Description: OpenPGP digital signature
-- 
Ubuntu-devel-discuss mailing list
Ubuntu-devel-discuss@lists.ubuntu.com
Modify settings or unsubscribe at: 
https://lists.ubuntu.com/mailman/listinfo/ubuntu-devel-discuss

Re: [ubuntu-studio-devel] Apologies

[C de-Avillez]

On Thu, 14 Jul 2016 10:23:39 +0200
Set Hallstrom  wrote:

> Hi all,
> 
> First of all: i am very sorry things went so sour in that discussion.
> I feel i owe everyone an apology: I apologize for letting my own
> feelings take the lead. Kaj, Jimmy and the group as a hole.
> 
> Who wants to work with a grumpy extremist with static ways? Not me.
> 
> Many of the blames i formulated were probably aimed at myself: i
> understand this project is not the place to push my freesoftware
> philosophy agenda in 7 steps, to Set us free, hackers, to Set us
> free. I understand i need to leave discussions open for solutions in
> an inclusive way for the benefit of the team and the users, over the
> benefit of my personal integrity. I realize i tend to be triggered by
> the idea of using mainstream media, and i will work on that. While i
> admit still being in the midst of a thought process, for now i can say
> this: i do understand it is up to the community in its entirety; users
> and devels a-like to decide how, when, why and what tools we use. Not
> up to my personal beliefs to determine what is appropriate or not for
> our project. This is our project, not mine.
> 
> I understand i came across as an extremist/purist/grumpycat, but i
> assure you i am not. I am just a pingnu perfectly comfortable with the
> compromises Ubuntu does in order to enable the community to welcome
> users of all levels of computer literacy. If i wasn't comfortable with
> this, i wouldn't be here to begin with. TBH with you and myself, i'm
> still working on understanding what made me allow myself to be
> stubborn and exclusive, and while at the moment i might not be in the
> brightest most secure position in my life away from keyboard, i will
> work hard to address it and to make sure i do not get the community
> mixed up with my moods again.
> 
> I reached out fairly soon the to community council to ask for help but
> they haven't responded yet. In all sincerity, i'm glad they didn't get
> back ASAP, because it let me marinate in my mess for a moment giving
> me time to get back down and reflect upon my own behavior. But i look
> forward to develop contact with them because i think they have
> experiences, tools and ideas we may benefit from. I do not plan to
> bail on you, unless that would be the desire/best-interest of the
> group and i hope you will give me the chance to show you that i can
> learn from my mistakes.

It usually takes some time for us (the CC) to digest an issue. Most of
the times, barging in without a clear understanding of the issues ends
up worse...

We were made aware of it by you, and we do thank you for that. Your
current email is a marvelous step in the right direction (conflict
resolution). We, the CC, will happily help with anything we can do.

But  this is the preferred way for conflicts to be addressed. This
means, as far as I can personally see, that we are already on a path to
recovery. I do hope the other party will be willing to reconsider his
position, or at least be willing to talk with us.

 
> Hopefully, from here we will be able to move forward to release yet
> another great version of Ubuntu Studio in happy collaboration, without
> leaving any mess under the rugg...

It would be nice for someone to contact the other party, as well.

Cheers,

..C..


pgpRY7SVXznJ1.pgp
Description: OpenPGP digital signature
-- 
ubuntu-studio-devel mailing list
ubuntu-studio-devel@lists.ubuntu.com
Modify settings or unsubscribe at: 
https://lists.ubuntu.com/mailman/listinfo/ubuntu-studio-devel

Re: Let's Discuss Interim Releases (and a Rolling Release)

[C de-Avillez]

On Thu, 28 Feb 2013 11:44:47 -0500
Marc Deslauriers marc.deslauri...@canonical.com wrote:

  That means users could choose:
  * The LTS release
  * The rolling release updated daily or as frequently as desired
  * The rolling release updated at least monthly
 
 I like the monthly snapshot idea. It allows us to set goals,
 promote new features, and allows technical enthusiasts to use the
 development release without having the massive package churn every
 single day. This also isolates them from bad uploads in the rare
 cases where they may occur.

A monthy snapshot allows us to (as Marc points out) to set goals and
promote new features. But we should be really strict there -- no
last-minute changes (like, historically, we have seen with Unity). If
something is not ready, then this something *MUST* be postponed. We
will be now, at most, delaying one month (or a few days).

I am all for rolling release process between LTSs, but, please, let's
do it right.

..C..


signature.asc
Description: PGP signature
-- 
ubuntu-devel mailing list
ubuntu-devel@lists.ubuntu.com
Modify settings or unsubscribe at: 
https://lists.ubuntu.com/mailman/listinfo/ubuntu-devel

Re: Getting access to errors.ubuntu.com

[C de-Avillez]

On Friday, January 25, 2013 16:56:05 David King wrote:

snip/

 Is there a shortcut that I can use as an upstream developer to see crash
 reports for my projects? If so, I will happily update the wiki page with
 that information.

An upstream can be a member of of the BugControl team. Of old, Jorge Castro 
took care of that (and I am copying him here).

Cheers,

..C..

signature.asc
Description: This is a digitally signed message part.
-- 
ubuntu-devel mailing list
ubuntu-devel@lists.ubuntu.com
Modify settings or unsubscribe at: 
https://lists.ubuntu.com/mailman/listinfo/ubuntu-devel

Re: EFF Privacy; hopefully Ubuntu will listen to users

[C de-Avillez]

On 05/11/12 09:08, Jordon Bedwell wrote:
 This is from my perspective though
 and I have not really followed all too closely since I am the type of
 person to remove what I don't want and block stuff like Canonical's
 NTP and other tracking via our hardware firewalls instead of
 complaining about stuff that I myself can fix.

I am curious on what is this block stuff like Canonical's NTP and
other tracking

You state, or imply, that NTP -- which I take to mean the network
time protocol --, specifically Canonical's NTP,  has been added
with the ability to track its users.

You then keep on stating this is the same with other tracking,
without any details.

Can you please provide some pointers (or, even better, facts) to
allow us to verify a -- so far -- baseless assertion?

Cheers,

..C..



signature.asc
Description: OpenPGP digital signature
-- 
Ubuntu-devel-discuss mailing list
Ubuntu-devel-discuss@lists.ubuntu.com
Modify settings or unsubscribe at: 
https://lists.ubuntu.com/mailman/listinfo/ubuntu-devel-discuss

Re: Prevent deletion of file when it is being copied

[C de-Avillez]

On 27/09/12 07:51, Emmet Hikory wrote:

 Yes, this is contrived, etc.  On the other hand, I suspect many
 of us have managed to be both Alice and Bob in a scenario much like
 that above when interrupted in the middle by some significant
 distraction, or just a sufficient span of time.
 

It is contrived, but still possible. A (perhaps) simpler scenario is:
* have multiple SSH sessions going;
* have the correct amount of interrupts on what you are doing,
requiring you to open (a few) more SSH sessions;
* run the 'rm -rf whatever' you intended to run in a different SSH
session.

Pretty much all of us that work on multiple systems have done
something like that at least once (not necessarily with 'rm').

On another track, Nautilus already has a seatbelt on: by default,
deletion is actually move-to-trash. Of course, one can disable it. I
wonder if this was the case for the OP.

Cheers,

..C..

p.s. Emmet! Glad to see (ah, read) you!



signature.asc
Description: OpenPGP digital signature
-- 
Ubuntu-devel-discuss mailing list
Ubuntu-devel-discuss@lists.ubuntu.com
Modify settings or unsubscribe at: 
https://lists.ubuntu.com/mailman/listinfo/ubuntu-devel-discuss

Re: Does anyone knows about utmp and wtmp handling?

[C de-Avillez]

On Mon, 11 Jun 2012 19:37:26 +0200
Sebastien Bacher seb...@ubuntu.com wrote:

 Hey,
 
 That's a call for help,feedback,comment on lightdm bug #870297 [1]: 
 Lightdm logins not being logged in wtmp
 
  From the comments and feedback that seems like an issue that should
 be fixed in the lts, there is a merge request proposed to fix it on:
 https://code.launchpad.net/~lotheac/lightdm/utmpx/+merge/107739
 
 The lightdm project has been trying to avoid adding code just
 because it's this way for 25 years but trying to understand if
 things still make sense on a modern linux distribution rather and
 that's where we need your help.
 
 Does anyone knows if:
 - utmp and wtmp support is still important?
 - if those are speced or described in a reference document
 somewhere?
 - if the login manager is the right place to record those entries?
 
 Review of the previous listed merge request from people who know
 about the topic would be welcome as well
 
 Thanks,
 Sebastien Bacher
 

A bit late, but anyway.

Yes, I think it should be there. Unfortunately.

The most important issue, I think, is to find out/code/propose a
replacement for utmp. utmp is old, and is one of the old *IX utilities
that did not age well. When *IX moved from being a pure/mostly command
line system, there was nothing to replace utmp to find out who is
logged in -- or, better saying, nothing that really won the battle.

We now need a similar thing that will work on graphical environments.
We need to be able to know who is logged in, if a movie is being
played, etc. utmp does not cut it, but there is nothing I know of (a
bit dated as well, last time I looked for it was a few years ago) that
cut the mustard.

The issue we have is less and less programs bother about utmp; some
that do bother to write a login record in utmp do not bother to write
a logoff (usually not really a logoff, but an exit from the
application).

FWIW, utmp is in Posix.

Cheers,

..C.. 


signature.asc
Description: PGP signature
-- 
ubuntu-devel mailing list
ubuntu-devel@lists.ubuntu.com
Modify settings or unsubscribe at: 
https://lists.ubuntu.com/mailman/listinfo/ubuntu-devel

Re: Missing File

[C de-Avillez]

On Fri, 20 Apr 2012 12:25:24 -0400
Ray McCrum ogmhc1...@att.net wrote:

 
 This should be an easy fix.
 
 This morning I tried to upgrade my Ubuntu 11.10 to the Ubuntu 12.04
 beta2-desktop-amd64, which did not work.
 
 I went into the Terminal and typed in this Line.
 ''sudo do-­release-­upgrade ­d;''
 
 I tried this several times, both using and not using the - between
 words like it is Printed in the PDF I downloaded from the Ubuntu Web
 Site last evening.  I also tried it with and with out the ;  at the
 end of the Line.
 
 The only result I got was a Line that said no upgrades found''.  I


snip/

Hi Ray

It seems your problem is mising a dash: the command requires '-d' to
attempt an upgrade to a development release, *not* 'd'.

Please try with

sudo do-release-upgrade -d

and we will go from there.

Cheers,

..C..


signature.asc
Description: PGP signature
-- 
Ubuntu-devel-discuss mailing list
Ubuntu-devel-discuss@lists.ubuntu.com
Modify settings or unsubscribe at: 
https://lists.ubuntu.com/mailman/listinfo/ubuntu-devel-discuss

Re: How to install Precise without getting screwed?

[C de-Avillez]

On Wed, 11 Apr 2012 09:54:55 -0700
Dane Mutters dmutt...@gmail.com wrote:


 If I might recommend one final thing...can the essence of this
 discussion be somehow posted in an easy-to-find place on Ubuntu's
 various web pages and forums?  It would be helpful to have an
 official notice that this is how it is, and it's not going back to
 how it was.  It would save a lot of people (like me) a lot of
 trouble in trying to present ideas about what's unsatisfactory and
 needs changing, seeing as the direction of development apparently
 finds such input (concerning the GUI) unimportant at this time. As a
 policy, I find this quite unfortunate, but if that's just how it
 is, a simple warning would be nice.


I think you are expanding and assuming results, decisions, and
consequences over what has been said on this thread.

1. I am pretty sure Unity development will look at, and hear, on any
well-explained, decent complaint. 
2. I am sorry, but Gnome 3 sucks, and Unity sucks more is *not* what
I am referring to above.
3. I do not remember anyone involved on Unity development stating that
s/he finds such input (concerning the GUI) unimportant at this time.
4. I see no official notice of this is how it is(...)

What we had was a rant followed by another rant followed by... I do not
know, I stopped in the middle of the second rant. ScootK was very right
when referring to the delete option.

A lot of people left KDE when KDE4 was put out. A lot returned, others
went elsewhere. A lot of people will leave Gnome3, or
replace by whatever interface is changing the paradigm. It happens,
people (in general) do not like change. But if I do not like something,
and I want to _help_ change it, I need to put out a very clear
statement of what I think is wrong *AND* why I think it 
is wrong.

I have not seen this here.

Cheers,
..C..


signature.asc
Description: PGP signature
-- 
Ubuntu-devel-discuss mailing list
Ubuntu-devel-discuss@lists.ubuntu.com
Modify settings or unsubscribe at: 
https://lists.ubuntu.com/mailman/listinfo/ubuntu-devel-discuss

Re: How to install Precise without getting screwed?

[C de-Avillez]

On 02/04/12 15:27, Scott Kitterman wrote:
 On Monday, April 02, 2012 08:58:20 PM Dale Amon wrote:
 Oh and did I mention that some are only accessible
 by ip or have unique ssh ports for security? I'm
 not very good at remembering those at 3am.
 That's what ~/.ssh/config is for.


So to give an idea, my ~/.ssh/config has more than 200 entries; some
of them have unique ports, some of them unique proxies, some of them
different userIds, some of them a mix of the previous.

To boot, ssh has autocompletion for entries in its ./config. And...
you can *name* the entries as you wish (or make sense for you).

But I think the major issue for the OP is the change in paradigm.  I
suffered with it when I moved to Unity (and grumbled a lot).  Now I
find myself actually liking it. YMMV.

Anyways, if you want something like Gnome, there is pure Gnome,
always available. And KDE,  etc. The beauty of this all is we have
options. And we *can* opt.

..C..



signature.asc
Description: OpenPGP digital signature
-- 
Ubuntu-devel-discuss mailing list
Ubuntu-devel-discuss@lists.ubuntu.com
Modify settings or unsubscribe at: 
https://lists.ubuntu.com/mailman/listinfo/ubuntu-devel-discuss

Re: Ubuntu should move all binaries to /usr/bin/

[C de-Avillez]

On 02/11/11 00:25, Marius Gedminas wrote:
 On Tue, Nov 01, 2011 at 05:52:16PM -0400, Martin Pitt wrote:
 Here's a link to an article that talks about Fedora's idea:
 http://www.h-online.com/open/news/item/Fedora-considers-moving-all-binaries-to-usr-bin-1369642.html?view=print
  
 That would mean that we need to drop the possibility to have /usr on a
 separate partition/network file system, or make the initramfs
 clever/complicated enough to actually wait for /usr to come up.
 Is a separate /usr currently fully supported in Ubuntu?


Yes, and has been for quite a while this way, at least since Edgy,
when I moved to Ubuntu. In fact, right now, I am running on a system
with many different mount points (including /usr).

The only thing of note I can remember was a regression when we
started with upstart, but it was quickly resolved.

..C..



signature.asc
Description: OpenPGP digital signature
-- 
Ubuntu-devel-discuss mailing list
Ubuntu-devel-discuss@lists.ubuntu.com
Modify settings or unsubscribe at: 
https://lists.ubuntu.com/mailman/listinfo/ubuntu-devel-discuss

Re: mountall and plymouth

[C de-Avillez]

On 02/23/2011 09:43 AM, Lukas Hejtmanek wrote:
 Hi,
 
 first of all, I'm running bleeding-edge unstable Ubuntu to test new features
 (and report bugs I got).
 
 Now I have the following issue. I tried to unhold mountall from 2.9 version
 and I tried to install 2.22 (the current in unstable). It forced to install
 plymouth packages. I don't want them by world is not perfect, so I installed
 them anyway. 
 
 However, I don't use initramdisk and I don't use any kind of framebuffer (just
 pure text). I got messages that plymouth got SIGSEGV (I guess because
 the framebuffer is not available) and subsequently, the mountall does not
 mount any file system which hurts a lot, mailny udev that does not start and
 subsequently whole system does not start.
 
 So, what I could do? I definitely don't want to use frame buffer. I there
 a way how to disable plymouth to trying messing with fb? I want to see
 messages from kernel and from boot scripts. Does this way include functional
 mountall?
 

Perhaps https://bugs.edge.launchpad.net/bugs/723482 ?

-- 
Ubuntu-devel-discuss mailing list
Ubuntu-devel-discuss@lists.ubuntu.com
Modify settings or unsubscribe at: 
https://lists.ubuntu.com/mailman/listinfo/ubuntu-devel-discuss

Re: Sync Request process questions

[C de-Avillez]

(with the bugSquad/Control admin hat on)

On 12/14/2010 01:56 PM, Andrew Starr-Bochicchio wrote:
  1. Unlike many other excellent automatic responses, this one does not
  thank me for my bug report. It implies that for anything to be done
  for my bug report, I have to go and follow the instructions on the
  page pointed to.

I am sorry you had this bad experience; please rest assured that we
try very hard to follow the CoC [1]; being nice does not cost
anything but a few keystrokes, and helps a whole lot.

In this case, we do not have an official, pre-canned-type, response.
You can see all pre-canned responses on [2]. Even with these
answers, we still recommend the human touch -- i.e., adding
additional data/comments.

In fact, we recommend that triagers stay clear of developer-type
bugs (sync, merge, promote, etc) [3]. I have just changed the wiki
page, trying to highlight this.

My guess is lack of reading the instructions... sigh/.

   But why should I? I have reported the bug, I have not
  indicated that I am anything other than an ordinary user, why on earth
  would you think I have the time or indeed the skills needed to triage
  my own bug report against the criteria on this page? As it happens, I
  have both the time and the skills, but I still choose not to work on
  Ubuntu itself; I choose to spend my effort upstream (for example, I
  helped to make some improvements to sudo recently), and downstream (in
  this case, reporting this bug). In summary, this automatic response
  looks rather ungrateful.
 First of all, thank you for your contributions and your thoughtful
 email on Ubuntu development. You certainly targeted a number of pain
 points (some of which we are very aware of) that make contributing to
 Ubuntu as a bug reporter or developer more difficult than it should
 be. 

Indeed.

 *As for this specific interaction, it seems to be a case of a bug
 triager not being completely aware of Ubuntu development procedures.*

And, if I may add, not completely aware of the Ubuntu triaging
procedures. I will contact the triager.

Reuben, thank you for bringing this incident to our attention. Your
help *is* appreciated.

Cheers,

..C..

[1] https://launchpad.net/codeofconduct/1.0.1
[2] https://wiki.ubuntu.com/Bugs/Responses
[3] https://wiki.ubuntu.com/Bugs/HowToTriage#Developer%20Process%20Bugs



signature.asc
Description: OpenPGP digital signature
-- 
Ubuntu-devel-discuss mailing list
Ubuntu-devel-discuss@lists.ubuntu.com
Modify settings or unsubscribe at: 
https://lists.ubuntu.com/mailman/listinfo/ubuntu-devel-discuss

Re: SSH and the Ubuntu Server

[C de-Avillez]

On 11/18/2010 09:49 AM, Marc Deslauriers wrote:

  Q: What if the openssh-server package is compromised on the ISO?
  A: Although this has happened before, it is relatively rare over the
 history of Ubuntu.  If/when this happens again, we would need to:
a) recommend that people choose no when prompted, and install
 SSH post-installation from the security archive (same as we would do
 now, actually)
b) and probably respin the ISOs (also been done before)
 
 This isn't the only reason to not have SSH by default. My point was not
 having SSH installed by default before the administrator can properly
 secure a server, including installing security updates, and configuring
 ssh to respond to a particular network interface with password
 authentication disabled.

I do not see this as a major issue: in corporate environments (where
you will usually find multiple network interfaces) a system is
installed in a protected area (either physically, or network-wise,
or both). It is not just installing the basic system, but all the
necessary configuration that needs to be done. Only after this
post-install configuration a system will be set in the
firewalls/routers.

On the other hand, having SSH installed by default will help the
majority of corporate users: we go (either physically, or via a
serial console), install, and then happily use SSH to configure the
rest of the system (and get out of the -- usually -- lights-out and
cold environment, or off the bloody serial console).


  Q: Why don't we disable password authentication?
  A: We could do this, and ask users to provide a public SSH key (or
 even just a simple Launchpad userid whose public key we could securely
 import).  This would probably involve adding another page to the
 installer, public SSH keys are hard to memorize, while others will
 almost certainly object to even optionally tying their Launchpad ID to
 Ubuntu installations.  Most importantly, Ubuntu does not set a root
 password, so an attacker would need to guess BOTH the username AND
 password.
 
 Password authentication should definitely be disabled when SSH servers
 are exposed to untrusted networks. But in a lot of cases though, SSH
 password authentication is acceptable, such as on my home network, or in
 a corporate environment where the SSH port is restricted behind a
 firewall.

I respectfully disagree. Password authentication should be disabled
by default. Downgrading security -- in corporate environments --
usually requires a formal risk acceptance process. Also, in every
audit I participated a system accepting SSH password authentication
would be flagged an audit finding, and documentation would be
required to justify it.

It strikes me as inconsistent that we allow a known risk as default.
It should be the other way: if I want to downgrade security, I have
to explicitly choose to do so.

Of course, in this discussion, having only PK-authentication would
require either the person installing to provide an out-of-band
public key, or the installer to have this option.

 I don't think disabling SSH password authentication is something that
 can realistically be done by default for now.
 
  Q: What if I want a different sshd configuration than what's shipped
 by default in Ubuntu, before running sshd?
  A: You sound like an advanced user; please preseed your installation,
 or add SSH after the initial install (as you would do now).
 
 Securing your ssh installation is mentioned in every single security
 checklist I've seen. This isn't something only advanced users need to
 do. Making novice users install SSH without knowing the impact of doing
 so is not something we should be recommending.

Even more reason for us to provide a sensible -- and more secure --
default SSH configuration.

Cheers,

..C..



signature.asc
Description: OpenPGP digital signature
-- 
Ubuntu-devel-discuss mailing list
Ubuntu-devel-discuss@lists.ubuntu.com
Modify settings or unsubscribe at: 
https://lists.ubuntu.com/mailman/listinfo/ubuntu-devel-discuss

I am looking for packages with checks

[C de-Avillez]

Hi,

We currently daily build some packages that embed extensive tests in the
build process. I want to extend the tests for either build-time tests or
a binary that runs it.

I am now looking for either:

* packages with extensive tests on build time
* packages that build an extensive test binary

Emphasis is on Main packages, but all that have such tests are
interesting for us.

I already know of the following (as of Maverick, updates to Natty welcome):

 * libvirt
 * postgresql-8.4
 * mysql-server-5.1
 * openldap
 * php5
 * python2.6
 * coreutils

Although I am basically looking for server packages, I am willing to
consider other flavours. So, if you know of such packages, please tell me.

Cheers,

..C..



signature.asc
Description: OpenPGP digital signature
-- 
Ubuntu-devel-discuss mailing list
Ubuntu-devel-discuss@lists.ubuntu.com
Modify settings or unsubscribe at: 
https://lists.ubuntu.com/mailman/listinfo/ubuntu-devel-discuss

Re: I am looking for packages with checks

[C de-Avillez]

On 11/10/2010 03:12 PM, Scott Kitterman wrote:

 I believe that clamav would fit your criteria.

Indeed. Added for both Maverick and Natty.

Thank you, Scott



signature.asc
Description: OpenPGP digital signature
-- 
Ubuntu-devel-discuss mailing list
Ubuntu-devel-discuss@lists.ubuntu.com
Modify settings or unsubscribe at: 
https://lists.ubuntu.com/mailman/listinfo/ubuntu-devel-discuss

Re: File a new bug or re-open an old one

[C de-Avillez]

On Sat, 27 Mar 2010 17:59:10 -0700 (PDT)
Bruce Miller subscr...@brmiller.ca wrote:

Hello Bruce, 

 I am not an Ubuntu developer; I learn a lot, however, from lurking on
 this list. If this is not the right forum to raise this issue, I
 would be grateful for a pointer in a better direction.

I would say that you are raising a point that *can* be discussed here.
But usually, for bug management, ubuntu-bugsq...@lists.ubuntu.com or
ubuntu-bugcont...@lists.launchpad.net are the ideal MLs.

snip/  

 The focus of this message is one bug which the Apport retracer on
 Launchpad tagged as a duplicate. The original bug (of which mine was
 marked duplicate) was originally submitted on 2009-12-14, that is, as
 Karmic was approaching release. A fix was released the following day,
 2009-10-15.
 
 I suspect that I may be dealing with a regression. If I do nothing to
 flag that concern, there would appear to be a risk that the bug would
 never come to the attention of a developer.
 
 I have therefore changed the status of the bug from Fix Released to
 New. I also deleted the tag regression-retracer, and substituted
 the tag regression-potential.

Notwithstanding anything else (see below), tagging it
'regression-potential' is absolutely correct.

 I personally would always hesitate to re-open a bug once it is marked
 Fix Released, and would prefer to file a new bug. The designers of
 the Apport retracer see matters differently. Are the changes in
 status to the old bug the best way to signal that it once again
 requires attention? Is there a better way?

This is one of the cases where it is difficult to say which would be
the best way (and I cannot be precise because you did not give us a
link to this particular bug). But the following may help:

(a) if a regression (potential or confirmed) is found within a release
cycle *and* there is a bug, fixed in this cycle that theoretically
addresses it, *then* reopening the bug is a good first approach;

(b) if a regression (potential or confirmed) is found on a newer
release *and* there is a bug, from a previous release that
theoretically fixed this issue, *then* open a _new_ bug (and refer to
the previous one in it): it is possible that the package was changed in
between, and the regression re-introduced.

In your case -- and still with the caveat that I do not know the real
issue, package, etc -- I would rather open a new bug (and refer to the
old one): the original bug addressed a previous (k)ubuntu release and
Kubuntu has been going through many updates, ergo probably
re-introduced.

I hope this helps.

..C..

p.s. thank you for helping!



signature.asc
Description: PGP signature
-- 
Ubuntu-devel-discuss mailing list
Ubuntu-devel-discuss@lists.ubuntu.com
Modify settings or unsubscribe at: 
https://lists.ubuntu.com/mailman/listinfo/ubuntu-devel-discuss

Re: Please Consider Taking a Minute to Answer This Ubuntu User Survey

[C de-Avillez]

On Wed, 24 Mar 2010 05:46:16 +
daen...@gmail.com wrote:

This survey should take you only about two minutes
 and is designed to understand the computer usage of Ubuntu users and
 devs. Thank you in advance for your time.

Good.

Now, what is the objective? Where will results be published? In
general, why?

I do not like filling surveys that pretty much start by do you earn
money by doing this? -- my wacko-alarm rings, correctly or not.

Regards,

..C..


signature.asc
Description: PGP signature
-- 
Ubuntu-devel-discuss mailing list
Ubuntu-devel-discuss@lists.ubuntu.com
Modify settings or unsubscribe at: 
https://lists.ubuntu.com/mailman/listinfo/ubuntu-devel-discuss

Re: Upstart (now, a very modest suggestion)

[C de-Avillez]

On Fri, 05 Mar 2010 13:54:48 -0500
Ben Gamari bgamari.f...@gmail.com wrote:

 Excerpts from Patrick Goetz's message of Fri Mar 05 13:27:52 -0500
 2010:
  So of course it only took a little digging to discover that smbd
  and nmbd are now services started separately, and that (bizarrely)
  there is now a winbind daemon which is still started
  from /etc/init.d, but nevertheless a bit unnerving. (And why and
  since when has winbind been a separate daemon, anyway?! But I
  digress.)
 
 With all due respect, you are using alpha software. Documentation is
 generally one of the last things to be completed. I would hope these
 init changes will be thoroughly documented before release. Moreover,
 it sounds like most of what confused you were changes in Samba's
 packaging, not upstart itself.

At the same time, it never hurts to be reminded, most of all about
missing docs.

snip/

  
  Again, some people, possibly myself, are old, feeble-minded, and 
  distracted with lots of problems that go beyond the function of
  basic linux server services, hence discomfited when
  start/stop/restart commands that have worked for 10 years are
  suddenly missing with no explanation of how to proceed in the new
  world order.
  
 Certainly, but if you are having difficulty with this, you probably
 ought to stick with releases.

I am sorry, but I do not agree. The difficulty one (be it Patrick, or
whoever) is having on a development release will probably be even
greater after a release. Even more, we *need* testers, and we *need* to
have feedback. Feedback after the release of a version will probably
only be acted on for the next release, while feedback during
development allows for (possible) action in time for the release.

I would rather have a lot of (even misguided) feedback than none at
all (and, by the way, I think Patrick is raising some good
points).

Cheers,

..C..





signature.asc
Description: PGP signature
-- 
Ubuntu-devel-discuss mailing list
Ubuntu-devel-discuss@lists.ubuntu.com
Modify settings or unsubscribe at: 
https://lists.ubuntu.com/mailman/listinfo/ubuntu-devel-discuss

Re: Question about this list

[C de-Avillez]

Amahdy wrote:
 Maybe I'm missing something here (like I said in my early first post), but I
 even don't know how to set a total delivery for all messages sent here, I
 only receive a digest and there is no option to receive
 instant-notification, although I believe mailman has this option but maybe
 the case here was disabled by an administrator or I'm doing something wrong
 and I can't find the way to do it... please advise?
   
Yes, mailman has this option, and no, it was not disabled. As far as I
can remember, the default is *individual* messages. If I am correct,
then you are receiving a digest because -- at some point in time -- you
so chose.

Anyway. At the very bottom of the email you should see the following
four lines (without the hash sign on the first line):

#--
Ubuntu-devel-discuss mailing list
Ubuntu-devel-discuss@lists.ubuntu.com
Modify settings or unsubscribe at:
https://lists.ubuntu.com/mailman/listinfo/ubuntu-devel-discuss


All you need to do is follow the link on the very last line, and edit
your settings.

Now, perhaps you do not see these lines -- which would, then, point to a
problem with your email client (be it a real client, or Google, or whatever.

Regards,

..C..



signature.asc
Description: OpenPGP digital signature
-- 
Ubuntu-devel-discuss mailing list
Ubuntu-devel-discuss@lists.ubuntu.com
Modify settings or unsubscribe at: 
https://lists.ubuntu.com/mailman/listinfo/ubuntu-devel-discuss

Re: making a workaround web page for bugs, in LTS release, not fixed

[C de-Avillez]

On 01/08/10 00:58, Marco Pallotta wrote:
 2010/1/7 Charlie Kravetz c...@teamcharliesangels.com:
   

 Ubuntu bugsquad already has a policy that workarounds should be
 identified and moved into the bug description. If that was happening,
 it should be easy to grab the section labeled WORKAROUND:, right?
 

 Well,

 I saw not many of these labeled bugs. I think we whould start a
 different process to identify a workaround solution for an issue that
 will not be fixed.
   

Yes, they are used far less than ideal. Still, they should be used (and
when I find a bug that is missing a workaround in the description, I add
it in).

But still, we could have a workarounds page in the Wiki (perhaps either
*or*, or *also*, in answers.lp). There we could put the most important
issues, and their workarounds. But not all, I think. There are some very
technical issues that -- if you are hit with it, you most probably also
know where to look for an asnwer.

It is unrealistic to expect all Ubuntu users to browse lp.net/ubuntu/bugs.



signature.asc
Description: OpenPGP digital signature
-- 
Ubuntu-devel-discuss mailing list
Ubuntu-devel-discuss@lists.ubuntu.com
Modify settings or unsubscribe at: 
https://lists.ubuntu.com/mailman/listinfo/ubuntu-devel-discuss

Re: proper procedure regarding bug reports

[C de-Avillez]

On 01/05/2010 02:56 PM, Patrick Freundt wrote:
 On Tue, Jan 5, 2010 at 9:43 PM, Remco remc...@gmail.com wrote:
   
 You can start a topic on ubuntuforums.org if you're not comfortable with IRC.
 
 Just so I get this straight - you aswell as Brian Murray suggest, that
 bug reporting can not be handled within launchpad alone, and instead I
 should wear myself out on IRC or forums, until I collected enough
 people who will flame the heck out of that Canonical guy who took a
 political decision and set the bug status to invalid?

 Well, ok. If that is how Ubuntu works, then good luck guys :)

 P.

   

No, this is not correct. You do not need to wear yourself out on IRC or
the forums.

And there is no flaming needed. In fact flaming (or aggressiveness) is
not, usually, a good way to get constructive attention.

You reported a bug. Good. Now, what usually happens is (eventually) some
people will look at it, and add their comments/views on the issue. It
may take a time -- we have more bugs, and bug reporters clamoring for
attention than we have people available.

A bug will, eventually, be confirmed by *other* people having the same
issue, or by a triager that is able to reproduce it. It is not just
because one feels it is a bug, someone else *must* feel the same. Which,
BTW, does not really make it --yet -- in a real bug. This is how it
works. What Brian and Remco suggested was for you to spearhead the
process -- which you do not want to do. No problems, you can just wait.
But you do *not* want to wait. You want the maintainer, and only the
maintainer, to look at it.

Eventually someone would get there. But you wanted to speed up the
process, and you got some answers on how to do it. And you dismissed
them. I do not understand your reasoning here.

Anyway.

You reported a problem. The issue is now understood. Someone took a
decision on it. You do not agree with it but, (again) instead of
reasoning, you keep on being aggressive.

Ah well.

..C..

p.s. by the way, I agree with your bug point -- I do not like programmes
calling home, or elsewhere, without my explicit consent. But I do not
see this as a such a big issue -- I can always stop using the package,
or configure it *not* to do that






signature.asc
Description: OpenPGP digital signature
-- 
Ubuntu-devel-discuss mailing list
Ubuntu-devel-discuss@lists.ubuntu.com
Modify settings or unsubscribe at: 
https://lists.ubuntu.com/mailman/listinfo/ubuntu-devel-discuss

Re: is anyone ever going to fix this major bug?

[C de-Avillez]

Paul Smith wrote:
 On Tue, 2009-12-08 at 12:30 -0800, Brendan Miller wrote:
   
 This bug more or less makes apt-get unusable on 64 bit systems and has
 been in for a long time now:

 https://bugs.launchpad.net/ubuntu/+bug/402833
 

 Is this still a problem in Karmic?  I don't have that file on my system,
 and a search of packages available doesn't give any package named
 ia32-libs-tools. It came to Ubuntu Jaunty (Universe) via Debian unstable.   
 It was also -- and consequently -- dropped from Ubuntu.
   
This package has been dropped from Debian -- completely, including
removing the source packages. Debian considered (right or wrong, it is
not the point here) the approach kludgy/unmaintainable. Additionally,
the Debian maintainer orphaned the package. See [1] for the thread in
Debian. The consideration is that the 'multiarch' package will
(eventually) replace it.
 Not saying it shouldn't be fixed in Jaunty, I'm just wondering if
 there's an issue in Karmic as well--if so I think it must be different
 (different package names, etc.?) than the Jaunty issue.


   
As already stated in this thread, given that the package was removed
(and orphaned), it will need a volunteer willing to work on it for
Ubuntu -- for Jaunty only.

Cheers,

..C..



signature.asc
Description: OpenPGP digital signature
-- 
Ubuntu-devel-discuss mailing list
Ubuntu-devel-discuss@lists.ubuntu.com
Modify settings or unsubscribe at: 
https://lists.ubuntu.com/mailman/listinfo/ubuntu-devel-discuss

Re: is anyone ever going to fix this major bug?

[C de-Avillez]

Brendan Miller wrote:
 Ah, Ok. I haven't updated any of my systems to 9.10, so I didn't
 realize that 32 bit compatibility had been removed... Given that, I
 probably just won't update since it would break adobe air and all my
 third party stuff...

   
I am afraid there is a misunderstanding here. 32bit compatibility has
*not* been removed -- it is provided by the 'ia32-libs' and
'ia32-sun-java6-bin' packages, on both Jaunty and Karmic.

On the other hand, if you have third-party packages, nothing is certain.
The best course for you is to contact the third-party providers, and
enquire about compatibility with Karmic (or about a Karmic version).

The 'ia32-libs-tools' package is to be used by those needing to
*transform* an existing 64bit library package (and *not* provided by the
two packages above) into a 32bit one. I would expect that most of the
Ubuntu 64bit users do not need this tool.

Anyway. I found what seems to be the latest (and last) 'ia32-libs-tools'
in Debian [1]. Obviously, I do not know how long it will survive there,
since it has been dropped.

Cheers,

..C..

[1]
http://mentors.debian.net/cgi-bin/sponsor-pkglist?action=details;package=ia32-libs-tools




signature.asc
Description: OpenPGP digital signature
-- 
Ubuntu-devel-discuss mailing list
Ubuntu-devel-discuss@lists.ubuntu.com
Modify settings or unsubscribe at: 
https://lists.ubuntu.com/mailman/listinfo/ubuntu-devel-discuss

Experiences on using the alternate amd64 install daily CD

[C de-Avillez]

For the record, this is the CD available on cdimages.ubuntu.com, dated of
20090929-2. This was the latest daily CD this morning (US-CDT time).

A brief introduction.

My laptop has been going through version upgrades since Hardy; I have been
running Karmic on it since pretty much the start. From last Monday I started
having serious issues with the system, and this morning I decided it was
high time for me to format the system partitions, and reinstall Karmic. The
disk is partitioned as follows:

sda1 - Dell diagnostics partition, FAT16, around 50M.
sda2 - /boot, 1G
sda3 - swap, 5G
sda4 - LVM, rest of the disk.

Under LVM we have:

/
/usr
/usr/src
/opt
/var
/srv
/tmp
/home

All of these are logical partitions under LVM.

I decided to format /, /usr/, /var, /tmp, and /home. /opt, /srv, and
/usr/src would be maintained, and I carefully saved what I wanted from /home
into /usr/src (I did not have access to any other media this week, and I
need the system).

Then, to install. Again, this is the alternate install for ADM64.

Booted the CD, no problems, went into partitioning.

Prob #1: my /opt, /var, and /usr/src are original ext3, upgraded to ext4. So
I got the following issues:
#1.1 If I mark the partitions above as EXT4 -- which they are --, they are
marked as needing formatting.
#1.2 if I mark the partitions above as EXT3 -- which they are *NOT* -- they
are not marked as needing formatting, but fail to validate at the end of
partitioning.

Bypass to #1.1 and #1.2: do not mount the partitions during install. I do
not know, yet, what will happen *after* the install.

Prob #2: I wanted to encrypt only two of the partitions, /home and swap. So,
when I was done setting up the parttions I went into encryption, and marked
BOTH /home and swap to be encrypted. I then got prompted for the encryption
key for /home *ONLY*. Gave it, and got to an error screen stating swap was
not encrypted, so the install could not go on.

After a series of tries, I found I would be able to encrypt the swap only
by:
(a) mark the swap as whatever other type of FS. I chose FAT32;
(b) write the partition;
(c) go back to partition, mark the swap as swap, then select to encrypt it.

This *would* be a bypass, but during this process the installer lost track
of the /home partition, and I was then warned that the partition that would
be /home was not mounted on any mount point.

Prob #3: if you mark a partition for encryption you CANNOT edit or change
the mount point.
Bypass: reboot, start from scratch, do NOT select any partitions to be
encrypted.

Right now I do not know how the tale will end. I am still installing. But I
wonder if I will lose my partitions I wanted to keep. Please do not waste
time stating this is alpha, etc, etc. I know. I know the risk I was
running in. It is worth noting, though, that this is the first time since
Hardy that I can lose an existing partition.

I will open bugs on these if they are considered real issues.

Regards,


-- 
..hggdh..
-- 
Ubuntu-devel-discuss mailing list
Ubuntu-devel-discuss@lists.ubuntu.com
Modify settings or unsubscribe at: 
https://lists.ubuntu.com/mailman/listinfo/ubuntu-devel-discuss

Re: Downgrading packages after removing a repository

[C de-Avillez]

On Thu, 2009-08-06 at 01:08 +0300, Dmitrijs Ledkovs wrote:
 2009/8/1 Andrew Sayers andrew-ubuntu-de...@pileofstuff.org:
  When you add a repository to your computer, then remove that repository,
  it's not obvious how to downgrade packages that are no longer available.
 
 
 https://edge.launchpad.net/~xorg-edgers/+archive/ppa/+files/ppa-purge_0.2.2~jaunty.dsc
 
 Removes a ppa and downgrades that was pulled from it.
 
 AWESOME =)

Indeed Dima!

Seb had also pointed me to it today. But, still, Michael's observations
still apply: we must be careful on downgrading, pretty much like we are
careful when upgrading, possibly even more: differences on configuration
files, or how data is handled, may cause serious problems.

It *is* possible, and the ppa-purge script shows it. But... much more
care will have to be taken to get from this point to something that can
be provided to not-so-experienced-users-if-at-all.

But I was really happy to see that we (up to now, Andrew, Michael,
myself, and you; well, and Sebastien) were not the only ones thinking
about it (even if Seb, like Michael, is unsure).

Hell, *I* am unsure! But it would really be nice. In my case, I am
usually on the road, so I only have my personal laptop as a testbed.
Being able to test/try something, and revert back with minimal effort,
is a really good gain.



signature.asc
Description: This is a digitally signed message part
-- 
Ubuntu-devel-discuss mailing list
Ubuntu-devel-discuss@lists.ubuntu.com
Modify settings or unsubscribe at: 
https://lists.ubuntu.com/mailman/listinfo/ubuntu-devel-discuss

Re: Downgrading packages after removing a repository

[C de-Avillez]

On Sat, 2009-08-01 at 19:49 +0100, Andrew Sayers wrote:
 I've found a bug (or maybe it's a feature request) in apt (or maybe it's 
 in software-properties-gtk).  I'd like to get people's opinions about 
 where this is best reported, and what the report should say.
 
 When you add a repository to your computer, then remove that repository, 
 it's not obvious how to downgrade packages that are no longer available.
 
 Normally this is a minor irritant, but it can be a security issue, or 
 can even make recovery very hard indeed.  Here are three user stories to 
 illustrate the issue:

I am sort of surprised that there has been no comments here about it.
This is -- at least for me -- a clear need, and the user cases are
consistent with my own experience. If we add in the mix the usual
testing with PPAs, having a *standard* way of going back is not only
desirable, but actually needed.

I would say that a blueprint would be a good way to formalise this.

 Would you find this too intrusive?  Not intrusive enough?  Should I 
 forget about Synaptic now that AppCenter is coming along, or should I 
 focus on getting functionality into APT that can later be made available 
 through the GUI?

I do not know if too much/little intrusive, but I certainly like the
idea, and I do think having a way of returning to a known,
fully-supported state should be a *basic* requirement. This not only
helps the casual user, as those that live on the bleeding edge.

Thank you for the proposal.




signature.asc
Description: This is a digitally signed message part
-- 
Ubuntu-devel-discuss mailing list
Ubuntu-devel-discuss@lists.ubuntu.com
Modify settings or unsubscribe at: 
https://lists.ubuntu.com/mailman/listinfo/ubuntu-devel-discuss

Re: Downgrading packages after removing a repository

[C de-Avillez]

On Tue, 2009-08-04 at 17:56 +0200, Michael Bienia wrote:
 On 2009-08-01 19:49:33 +0100, Andrew Sayers wrote:
  When you add a repository to your computer, then remove that repository, 
  it's not obvious how to downgrade packages that are no longer available.
 
 Downgrades are not supported, while in practise they work in most cases.
 Offering such a downgrade option will probably lead to bugs about broken
 downgrades as people will assume that it should work.
 
 Downgrade will certainly fail if the format of user data has changed
 (e.g. a new database format or config file format). Assuming that the
 new version will upgrade the data to new format on the first run, the
 data won't be usable after a downgrade anymore (the old version doesn't
 understand the new format).

Indeed. Some options seem to apply, though: offer to replace the current
configuration with the maintainers one; warn the user the the current
user data format is incompatible with the one provided in this version,
and that the user will have to *manually* recover; etc, etc.

Still, this is not a reason *not* to provide such service. We already
provide a similar service in the other direction. Also, I am not aware
of API/ABI changes *within* a version (or Ubuntu release) being a common
case. So, for most cases, we are talking only about updates/downgrades
*within* a version/release.

Nevertheless, I agree that downgrading to a *previous* version is a
potentially dangerous situation, and should not be offered to either the
casual or experienced user.

 
 While not the best solution, make downgrades only available to those
 who know that downgrades might fail and that they're left alone in such
 a case, will hopefully prevent that people assume that downgrades will
 always succeed.

Although this is the current practice everywhere (not only on Ubuntu),
and I am not aware of any implementation of this idea, the proposal
still *can* bring value to the table. I certain would love it. And I
think that this would bring even more value for Ubuntu.

 
  Anna added a PPA through Synaptic  Settings  Repositories, which 
  upgraded emacs.  She didn't like the upgraded version, so she removed 
  the repository.  She scrambled around for a while, before realising she 
  could get her old emacs back by removing it then reinstalling.
 
 Anna certainly won't be happy when she realizes that her fine emacs
 config is gone because the new version upgrade it to a new format the
 old version can't understand.
 
  Tim added a repository from a random website through System  Admin  
  Software Sources, then updated and was notified that a new version of 
  debconf was available.  He installed the upgrade, then realised that the 
  upgrade had been downloaded from the new repository.  Realising he'd 
  been tricked, he removed the new repository and assumed that debconf had 
  been uninstalled as well.
 
 We can't protect the users from themselves. I'm sorry, but if Tim add a
 random (untrusted) package source without thinking, then he deserves a
 little pain in undoing it. Otherwise people won't learn it if Ubuntu
 makes everything ok what they break.
 

Although the example of a random package may be a bit extreme, the
concept still survives.

  Bob, thinking that a Debian-based distribution should be okay with 
  Debian packages, followed command-line instructions to create 
  /etc/apt/sources.list.d/debian-unstable.  Once his Ubuntu/Debian hybrid 
  was installed, he rang his technical friend to clear up the mess.  The 
  friend tried every apt-get command he knew, before gradually realising 
  that he had to run apt-cache showpkg name, find the package version, 
  do apt-get install name=ubuntu version, and repeat many, many times.
 
 There a way too many ways to break a installation. Who breaks it, can
 keep the parts.

I respectfully disagree. 

User Case. Jacob upgraded to a -updates package. This upgrade seems to
have broken something (perhaps a regression), and he wants to get back.

If what you state were to be generically valid, then Ubuntu must keep
the parts.



signature.asc
Description: This is a digitally signed message part
-- 
Ubuntu-devel-discuss mailing list
Ubuntu-devel-discuss@lists.ubuntu.com
Modify settings or unsubscribe at: 
https://lists.ubuntu.com/mailman/listinfo/ubuntu-devel-discuss

Re: Standing in the street trying to hear yourself think

[C de-Avillez]

On Thu, 2009-07-09 at 08:13 +0800, Onno Benschop wrote:
 My experience in this scenario is that if you go down the path of
 individual pairing that paired support person becomes the single
 contact
 point for that user from then on. It happens today when a support
 request gets resolved the user comes back with while you're here, or
 can I ask you this in private, or you helped me so much yesterday,
 can I ask you another question or any number of variations on that.
 
 While in itself rewarding, I find myself avoiding the channel for the
 next week because I'm someone's new best friend - which is not
 constructive, nor is it productive.

Yes -- this is also my experience on technical support (although I was
*not* a manager, just a lead, and usually ended up called in by a direct
customer request -- which we might ignore, or not.).

I am sorry I did not go over it. I was thinking on the -- now getting
more common in the US -- option you sometimes see on a web site: chat
with an agent. This was, I guess, what I had in mind by my or something
like that.

In this scenario you do not have a fixed IRC channel to get in -- you
are put into a new, dynamic, channel, with your helper. As such, the
requester cannot choose. One can look at this as a randomiser.

Of course, when you are bumped to next-level-of-support, things *may*
get more personal.





signature.asc
Description: This is a digitally signed message part
-- 
Ubuntu-devel-discuss mailing list
Ubuntu-devel-discuss@lists.ubuntu.com
Modify settings or unsubscribe at: 
https://lists.ubuntu.com/mailman/listinfo/ubuntu-devel-discuss

Re: Standing in the street trying to hear yourself think

[C de-Avillez]

On Wed, 2009-07-08 at 12:47 -0400, Evan wrote:

 
 The only issue I can find with this approach is that many new
 users are
 coming from windows. Have you tried using windows help? It
 does use
 an approach similar to this, and I would be afraid that many
 of those
 users will dismiss this as soon as it starts. Everytime I have
 attempted to use the help in windows, the Q  A ends with
 frustration
 on my part when it says basically can't figure out what is
 wrong.
 
 If those new users can be convinced this will not be the
 results every
 time in Ubuntu, this could be an excellent help system.
 
 You have a point. Hopefully the addition of a Get Live Help button
 will mitigate the problem though. Even if the automated help doesn't
 give any useful suggestions, it should be able to reliably determine
 where it ought to put you in IRC. How bad would it be for it to say
 Sorry, the automated system couldn't solve your problem. Please wait
 while I connect you to a human who should be able fix it. ? 
 

I can see something like this working -- as long as the requester gets
paired with one single person, in a PVT IRC session (or something
similar). If we just drop the requester into, say, the #ubuntu channel,
then we will not have accomplished anything.

But... for this to work we will need to create a group of responders;
this group would have to accept being available to answer questions
during some time every so often, etc, etc. This *is* volunteer work, but
the success of such an approach depends on *always* having people
available.

The logistics are most certainly going to be complex, and should be
discussed.

Again, as commented on this thread some times already, we at least need
some basic requirements as far as *documnetation* is concerned:

(a) comb through the forums, bugs, answer.launchpad, and others for
issues worth being cataloged; 
(b) organise them in a more user-friendly search structure (subject
matter, keywords, version, level of expertise required, etc, etc).
(c) re-word and clean up (including adding a reference to the original
source).





signature.asc
Description: This is a digitally signed message part
-- 
Ubuntu-devel-discuss mailing list
Ubuntu-devel-discuss@lists.ubuntu.com
Modify settings or unsubscribe at: 
https://lists.ubuntu.com/mailman/listinfo/ubuntu-devel-discuss

Re: Standing in the street trying to hear yourself think

[C de-Avillez]

On Fri, 2009-07-03 at 12:36 -0400, Andrew SB wrote:

 
  I like this. So maybe a rating system more along the lines of, Did
  this answer fix your problem?, instead of, Digg it.
 
 Some thoughts:
 
 This sounds just like Launchpad Answers to me. How would the idea
 you're talking about differ?
 
 What could we do to encourage more people to use LP Answers?
 
 What does it lack, or is it simply a matter of promotion / awareness?

It is not as much promotion/awareness (although it always help), as far
as I can see. One of the issues I have found is that it is not *that*
easy to find a question/answer that would apply to a given problem, and
there is no guarantee that the answers are correct. For the former... it
is well-known, for those that have worked on designing a Bug Tracking
System, that users tend to describe an issue/problem in many different
ways, with many different synonyms employed.

For the latter, we should have a review group to:
* look at the questions/answers, and 
* verify correctness,
* edit if needed (clarifying the question and answer), and
* classify the question following a (given) taxonomy.

Following from here:

* once a question/answer has been reviewed and approved, it could be
locked against changes, and clearly marked reviewed (seal of
approval);
* an action this answer is wrong should be provided, with a text entry
for explanations. This action should be available for *every* Q/A,
irrespective of status;
* the taxomony should be widely published, and adhered to everywhere
(*including* Mallone). This would provide us with consistency.  The
Wikipaedia classification [1] would probably be useful to us, at least
as a starting point. Other examples are the ACM classification [2], the
AMS one [3], etc, etc.

..Carl..

[1] http://en.wikipedia.org/wiki/Wikipedia:Categorization (and links)
[2] http://www.acm.org/about/class/
[3] http://www.ams.org/mathscinet/msc/msc.html





signature.asc
Description: This is a digitally signed message part
-- 
Ubuntu-devel-discuss mailing list
Ubuntu-devel-discuss@lists.ubuntu.com
Modify settings or unsubscribe at: 
https://lists.ubuntu.com/mailman/listinfo/ubuntu-devel-discuss

GPG and SHA1

[C de-Avillez]

Hi,

With the current trend in Debian to move out of DSA into RSA [1], and
considering the theoretical (and probably correct) attack just presented
[2], what are we planning to do? 

I am curious about the potential impacts -- compatibility, cost (both
CPU-wise and conversion-wise), and proposed Ubuntu standard. Notice that
this might as well involve a change to the gpg defaults, key generation
utilities (seahorse, and equivalents), etc. In other words, it can have
a high impact both for our internal usage (maintainer keys) as for the
end-users.

I am not advocating either way: 2^52 is still a large value (and, as
such, still costly to attack); but it is safe to state that the time to
move out of SHA1 is coming sooner than later, and we might get it done
right if we start thinking about it now.

Thanks,

[1] http://www.debian-administration.org/users/dkg/weblog/48
[2]
http://eurocrypt2009rump.cr.yp.to/837a0a8086fa6ca714249409ddfae43d.pdf



signature.asc
Description: This is a digitally signed message part
-- 
Ubuntu-devel-discuss mailing list
Ubuntu-devel-discuss@lists.ubuntu.com
Modify settings or unsubscribe at: 
https://lists.ubuntu.com/mailman/listinfo/ubuntu-devel-discuss