For awareness, with my Debian Maintainer hat on and also my upstream pastebinit
contributor hat on:
Today version 1.7.0 of pastebinit was tagged in GitHub. It includes many
improvements since 1.6.2 and includes the dpaste.org addition.
Note that while I think there's specific overrides for
Otto,
Correct me if I'm wrong, but wouldn't this be a Salsa-CI team decision wholly,
and not an Ubuntu one, despite any support downstream?
(My reply to the Salsa issue quotes my opinion on this, but my general opinion,
not one that directly comes with an Ubuntu hat on.)
Thomas
I can affirm with regards to Lubuntu that we are participating in 24.04 LTS,
with a support period of 3 years as typical for Lubuntu.
We are working on getting everything necessary for the Technical Board
recertification and will send that soon as well.
Thomas Ward
Lubuntu Team Lead
Lubuntu
Nor is it likely a community member would be able to solve this.
I just went digging in Cacti, and even Debian was unable to get information
about a pinpoint fix and patchset.
From https://github.com/Cacti/cacti/issues/5523 I am quoting their security /
developers directly:
> Hi Paul,
>
>
If the lists merge, I'm sure Canonical / Ubuntu IS can set up a redirect
so that ubuntu-motu@lists.u.c redirects to
ubuntu-devel-discuss@lists.u.c. Email redirection is fairly trivial
when you have access to control mail flow. So I would not be as
concerned about there being a "lost contact
? If not, why not?
Robie
On Sun, Mar 19, 2023 at 07:55:48PM -0400, Thomas Ward wrote:
I'm following up on this today, because Debian finally got off their lazy
butt and uploaded 0.3.6-2 to Debian that addresses the core problems in
Debian.
However, that does not solve the problems for everyth
Jorgen,
I'm already working on trying to get this approved for SRU. The problem
is it has to go through an MRE and the release and SRU teams have to
approve it, and I have not yet gotten any response or acceptance from
the Release Team or the SRU team and my multiple inquiries, if I don't
In actuality, the current version is 20191025-2 from Debian synced into Lunar
during a time period of which between 2018-04-24 the package was last updated
and now a newer update made in November of 2022.
"dusty" only applies to where the version is the older 20190925-4 version from
2018, and
14:26, Thomas Ward wrote:
Hello, release team.
Pursuant to a recent change for torbrowser-launcher and Tor Browser,
we have a little bit of a conundrum that is leading to a one time
request for SRUing the latest `torbrowser-launcher` to all currently
supported releases.
With Tor Browser 12
to remind people about the CoC and how to be nice towards
others, or at least be constructive without coming off as hostile).
Thomas Ward
Ubuntu Community Council Member
On 3/13/23 14:48, Steve Langasek wrote:
On Mon, Mar 13, 2023 at 06:03:00PM +, Dimitri John Ledkov wrote:
We pushed 6.1 out
to remind people about the CoC and how to be nice towards
others, or at least be constructive without coming off as hostile).
Thomas Ward
Ubuntu Community Council Member
On 3/13/23 14:48, Steve Langasek wrote:
On Mon, Mar 13, 2023 at 06:03:00PM +, Dimitri John Ledkov wrote:
We pushed 6.1 out
Unfortunately here your choices are limited. The ODBC from Microsoft is
different than the one in the repos and the two packages conflict.
>From my experience you will have to pick one or the other - use Microsoft's
>packaged ODBC and no headers, or use the one in the repos with the headers
If the package is not yet in 22.04 it is unlikely to land except via Backports
which is its own process.
Sent from my Galaxy
Original message
From: Kent Kutan
Date: 1/14/23 16:34 (GMT-05:00)
To: ubuntu-devel-discuss@lists.ubuntu.com
Subject: libapache2-mod-shib2 package
You already got a response on this thread from Colin, quoted below:
On Tue, Jan 03, 2023 at 12:04:34PM +0530, probal basak wrote:
> I am getting the below exception while trying to issue apt update:
> Getting this issue since last week. Previously the same thing used to
> work perfectly fine.
FYI that's MOST vulnerability scanners. Most of them do not have privileged
access nor the database of ubuntu patch info in them so report solely on the
exposed version number and thats it. It leads to a lot of false positives and
then questions like these. ;)
Sent from my Galaxy
To which SSL issues are you referring, in which Ubuntu releases?
There is a fix in the works for the SSL EOF client issues, if you have a
specific CVE or information you need to link here please. CVEs are
typically patched by the Security Team without any change to the actual
version of the
Alex,
I believe that OP is referring to the last set of CVEs listed here[1] announced
on the 14th. So forgive me while I poke the thread with additional
information. I think the original ask was about those.
--
CVE-2022-37434 was announced on the 14th. And is patched already in
As of the July 25th DMB meeting, this Core Developer application was
approved, and we welcome Mattia into the ranks of the Ubuntu Core
Developers.
Congratulations, Mattia!
Thomas
Ubuntu DMB Member
On 7/13/22 12:13, Mattia Rizzolo wrote:
Hi DMB!
I decided to finally send in my core-dev
Regarding your first question about why we don’t update directly to newer
versions, etc.:
Once a version of OpenSSL (or most libraries) is released in Ubuntu, like many
other pieces of software they’re more or less ‘version locked’. For the most
part, this answer on Ask Ubuntu is still more
Mark,
I'm tempted to start the migration to Kea, but the documentation is
extremely vague on proper migration. If we intend to move in that
direction, we'll need to have a migration guide of some sort, so that
it's a more seamless transition for people. Just a thought.
Thomas
On
If you are in doubt for any reason, this is where you need to work with
a lawyer in your own jurisdiction to determine the legality.
None of us are lawyers, so any advice we give should be taken with a
grain of salt. I don't think VMware will come after you though for
using it to test Ubuntu
The package in Ubuntu for rlwrap is fed from Debian with no change
rebuilds as needed it seems, and in Debian there is not a newer version
packaged. While it would be nice to get newest software, it looks like
the package might not be maintained since 2018 in Debian. And there's a
bug in
Generally speaking, could we not ship an apparmor profile with it in
Ubuntu specifically to prevent default usage of -R and ptracing for the
application?
If so, then a default apparmor profile to prevent usage of -R (depending
on how they do it) might be prudent.
I can see this being useful
On 3/21/22 09:21, Amit wrote:
On Mon, Mar 21, 2022, 6:36 PM Joel Rees wrote:
On Mon, Mar 21, 2022 at 11:55 AM Amit
wrote:
>
>[...]
>
> There is no menu in the default Ubuntu desktop GUI.
Menu?
I suppose it is not technically a menu, but there is that
Okay, guys, with my community leadership hat on: before you read any
further on this, don't take shots at each other, we're all on the same
side here. If you want to argue different points of view, do it in a
civil tone, please don't call people "bogus" or fight with people about
hardware,
On 3/9/22 09:18, Sebastien Bacher wrote:
Hey Robie and DMB members,
Le 01/03/2022 à 16:51, Robie Basak a écrit :
Candidates must expect to be able to attend the majority of DMB
meetings. Currently these take place on IRC, are scheduled on alternate
Mondays with each meeting alternating
Is there a Debian or Ununtu bug for this? For tracking purposes for a fix and
such.
Sent from my Galaxy
Original message
From: Reginaldo Silva
Date: 3/3/22 11:59 (GMT-05:00)
To: ubuntu-devel-discuss@lists.ubuntu.com
Subject: CVE-2022-0543 also applies to Ubuntu
Hi,
Not to mention, the rdepends of the package:
# apt-cache rdepends chromium-browser
chromium-browser
Reverse Depends:
chromium-browser-l10n
gnome-shell-extension-gsconnect-browsers
|gnome-core
chromium-chromedriver
chrome-gnome-shell
chrome-gnome-shell
We'd have to do some erasure of
CCing ubuntu-devel-discuss for the wider devel audience to weigh in on.
MOST security scanners do NOT take into account the Ubuntu USNs for
security release patching and go *strictly* on version number strings -
in almost ALL of these cases, 'version based scanning' for
vulnerabilities
Due to extreme amounts of spam in the past, the Wiki is locked down so
you need to apply for rights. You need to have a Launchpad account and
then apply to join the wiki editors team -
https://launchpad.net/~ubuntu-wiki-editors - once added there you can
create your application page.
What exactly do you mean by 'version updates for the NGINX package'?
'Version updates' are based on what NGINX Stable is in each release
development cycle, it is not regularly 'updated' after the fact other
than security patches or cherry-picked bug fix patches as needed at that
point.
On 7/28/21 11:40 AM, Dan Streetman wrote:
mapreri, teward, any preference on the day and/or time for the first
mtg? Does Wed, Sept 8 at 14:00 UTC sound ok?
Thanks,
Robie
That works for me, but no earlier than that on that day. Any time later
in the day is sufficient for me.
Thomas
FYI, though it was via IRC and not Email due to my email being fubar at
the time:
On 7/28/21 10:20 AM, Robie Basak wrote:
On Thu, Jul 22, 2021 at 05:00:26PM -0400, Dan Streetman wrote:
- mapreri volunteers for day-to-day role (thanks Mattia!)
- this email thread seems like a good enough call
I will make a couple notes here:
(1) You're running Pop OS which DOES have a different DE than wallch was
developed for.
(2) wallch appears to run fine in the current Ubuntu. Which suggests
that the issue is in whichever DE Pop OS uses. And is why it hasn't
been removed yet. (I tested
On 7/19/21 9:48 AM, Robie Basak wrote:
Separately, I'm unhappy about continuing any process which gives some
set of privileged people access to upload to backports but is
effectively closed to everyone else. This isn't very Ubuntu. Either the
privileged people need to sort out an effective
On 7/19/21 8:05 AM, Robie Basak wrote:
Thomas Ward last proposed an effort to revitalise it over two
years ago, but with no response. I believe he's no longer available to
contribute now.
Mostly only because I now sit on the Community Council, and there's been
pushback from certain community
Expanding on this Seth...
On 5/13/21 6:51 PM, Seth Arnold wrote:
In the last week I've seen four different conversations about how to
properly start a service only 'after the network is up', and the different
people had different ideas of what this meant for their service:
- one wanted LAN up
: firebird3.0 install on
Ubuntu 16.04.7 LTS (Xenial Xerus) On Fri, 23 Apr 2021 17:27:30 -0400, Thomas
Ward wrote:>Be aware though: 16.04.7 goes past End of Standard Support this
month>- you should consider upgrading 16.04 to 18.04 before the end of>standard
support happens.Doesn't d
I agree with Damyan, this looks to be fixed in later versions of Firebird.
Be aware though: 16.04.7 goes past End of Standard Support this month -
you should consider upgrading 16.04 to 18.04 before the end of standard
support happens.
Thomas
On 4/22/21 5:00 AM, Damyan Ivanov wrote:
-=|
You should file a bug against the package, then, rather than email the
devel discuss list. This is the type of thing where you should file a
bug, rather than just an email.
Thomas
On 3/19/21 12:55 PM, Jason Gallicchio wrote:
The gr-iio package is compiled in a way that's compatible with
This list is for Development Discussion.
Technical support questions like this belong on the Ubuntu Users list
(ubuntu-us...@lists.ubuntu.com) or on another support mechanism such as
Ask Ubuntu or the Ubuntu Forums (https://ubuntuforums.org)
Thomas
On 2/9/21 10:24 AM, Yvonne van Rooijen
They might be complaining about the Focal versions, vs. what's in
Hirsute or in Debian.
In those cases, the question I linked to on Ask Ubuntu would answer why
it's not in the latest version of curl ;)
Thomas
On 1/8/21 10:01 AM, Mattia Rizzolo wrote:
On Wed, Jan 06, 2021 at 06:07:33PM
If you are intending to target the Debian versions, you're in the wrong
mailing list, as this is for Ubuntu.
For Ubuntu, this may be relevant:
https://askubuntu.com/questions/151283/why-dont-the-ubuntu-repositories-have-the-latest-versions-of-software
Thomas
On 1/6/21 9:07 PM, Paul Hoffman
File a bug against qgis with `ubuntu-bug qgis` on the command line. Emailing
this list doesnt really help get you support with the package nor get it fixed.
Bugs are where to report package issues and where we can collect information
about bugs to debug and potentially fix packagea.
Thomas
I've only seen ICS file support in various specific mail/calendar
clients. Which mail client(s) or calendar clients are you using?
(Thunderbird + calendar plugins seem to work fine)
On 10/15/20 3:13 PM, Matej Kovacic wrote:
> Hi,
>
> any idea when Ubuntu will have decent ICS support?
>
> I am
What version of Ubuntu are you working with? `cfengine` has been
removed from Debian since 2006, and consequently from later Ubuntu
versions as well. It has not been available since Feisty, and therefore
is not installable.
Debian indicated the following at the time of the removal
Robie and everyone else:
On 9/23/20 1:41 PM, Robie Basak wrote:
> ## torbrowser-launcher (Focal)
>
> I helped the contributor with this one previously, and am pleased to see
> it's been sponsored. Unfortunately it's missing the LP bug reference,
> but also the contributor has since mentioned in
I am working on SRUing the fixes - patience please as it needs my eyes and also
SRU team eyes for approvals.
Get BlueMail for Android
Original Message
From: LinusMcFly42
Sent: Fri Sep 25 14:55:13 EDT 2020
To: "ubuntu-devel-discuss@lists.ubuntu.com"
Subject: Bug in
Just a heads up on a bit here...
On 9/23/20 1:41 PM, Robie Basak wrote:
> ## torbrowser-launcher (Focal)
>
> I helped the contributor with this one previously, and am pleased to see
> it's been sponsored. Unfortunately it's missing the LP bug reference,
> but also the contributor has since
Those packages are available on Focal 20.04, and not earlier.
You will need to be using Ubuntu 20.04 to get those packages.
Thomas
On 8/21/20 4:47 AM, jjes...@free.fr wrote:
> I need some packages:
>
> - lsb 11.1.0ubuntu
> - lsb-base 11.1.0ubuntu
> - lsb-printing
Hiya, Niels!
This discussion came up a while ago as to whether to ship it with Ubuntu
or not. A long while ago back in the 14.04 cycle, a similar module,
called nginx-naxsi, was shipped in the Ubuntu packaging of NGINX. It
was also shipped in Debian. Maintaining this was considered too
Or potentially the ubuntu-users list, which is an email mailing list for
general support. ubuntu-us...@lists.ubuntu.com.
Thomas
On 8/14/20 3:48 PM, Gabriel Staples, ElectricRCAircraftGuy.com wrote:
> Bill, The best place to do that would be Ask Ubuntu:
>
> https://askubuntu.com/
>
> -
Just to make a note here:
The patch you refer to was rejected. The merge request to fix the
problem in another way, via
https://gitlab.gnome.org/GNOME/NetworkManager-fortisslvpn/-/merge_requests/15,
has been sitting for two months without any movement and has NOT been
accepted by Upstream yet.
Keep in mind that in later versions of chromium-browser in some releases that
is simply a stub / metapackage to transition to the chromium snap and just
installs chromium via the snap store. As such it may not be that simple to
provide debug symbols.Sent from my Sprint Samsung Galaxy Note10+.
-rootfs (+5/-0, two votes not cast
because overwhelming majority/quorum reached)
Congratulations Robert Jennings for a successful PPU application!
Thomas
--
Thomas Ward
LP: ~teward
Ubuntu Developer Membership Board
signature.asc
Description: OpenPGP digital signature
--
ubuntu-devel mailing
Hi, Ptitjoz.
The Kexi package has not been updated in Debian since November 2018,
which is why it hasn't been directly updated in Ubuntu since then, and
why it's not yet in the repositories.
I have CC'd the Debian QT/KDE team on this message so they're aware the
package is outdated. If this
I have to 100% agree with Ralf here.
On 8/12/19 1:13 PM, Ralf Mardorf wrote:
> installing "alien" packages, based upon a different package management
> via apt, is a bad idea. This is not functional, it's dysfunctional.
This is well known to not mix and match different packaging styles.
Some
Digging into this, this package is *automatically* imported from
Debian. It looks to me like the last update that went into Debian was
in 2009 with packaging updates since. So I would say that this package
is orphaned up in Debian.
That said, I would open a bug in Debian indicating that it is
According to Steve on Ubuntu Discourse [1]:
> I’m sorry that we’ve given anyone the impression that we are “dropping
support for i386 applications”. That’s simply not the case. What we are
dropping is updates to the i386 libraries, which will be frozen at the
18.04 LTS versions. But there is
Thank you, Lukasz, mwh, and everyone else! Glad to be a part of the team!
Thomas
On 6/17/19 4:12 PM, Michael Hudson-Doyle wrote:
> Congrats!!
>
> Cheers,
> mwh
>
> On Mon, 17 Jun 2019, 21:01 Lukasz Zemczak,
> mailto:lukasz.zemc...@canonical.com>>
> wrote:
>
> Hello everyone,
>
>
My apologies for a slower reply, been messing with my mail gateways and
had to deal with that first.
On 2/7/19 11:01 AM, Robie Basak wrote:
> Minor comments on some aspects of your proposal below.
>
> On Mon, Jan 14, 2019 at 04:39:32PM -0500, Thomas Ward wrote:
>> Backporti
bmitting this,
in order to better phrase and construct this proposal in an acceptable
manner.)
--
Thomas Ward
Ubuntu Server Team Member
LP: ~teward
[0]:
https://wiki.ubuntu.com/UbuntuBackports#Continued_Functionality_of_Reverse-Dependencies
[1]:
https://lists.ubuntu.com/archives/ubuntu-dev
types of conflicts).
Thomas
On 12/6/18 10:44 AM, Thomas Ward wrote:
>
> In case it wasn't clear, I am officially volunteering to assist with
> clearing out the backports queue.
>
> I have been working with the Server Team specifically with NGINX since
> 2014, but I am well versed
Can you open a bug for this against the package please, for tracking purposes?
Sent from my Sprint Samsung Galaxy S9+.
Original message From: "Greg W." Date:
12/12/18 18:18 (GMT-05:00) To: ubuntu-devel-discuss@lists.ubuntu.com Subject:
missing deb dependency for
of the backporters team to
help clear out the pending backports queues. This way, Backports can be
seen as a potentially viable method of getting newer software features
into older releases where SRUs are not a viable solutions.
Thomas
On 11/29/18 12:07 PM, Thomas Ward wrote:
>
> I took
I took a look at the backports projects today, and the queues there.
The backports queues seem to be pretty siaable, and nobody's really
taking the time to take a look at them (73 in Xenial backports, 11 in
Bionic, 100+ in Trusty, etc.).
I haven't taken a look in-depth on the backport requests
All:
I hate to interject this late in the thread, but I think we need to
clarify what the discussion actually entails.
On the #ubuntu-release IRC channel, it became clear that the purpose of
this thread was not entirely clear, so we need to clarify specifically:
Are we discussing dropping
All:
I hate to interject this late in the thread, but I think we need to
clarify what the discussion actually entails.
On the #ubuntu-release IRC channel, it became clear that the purpose of
this thread was not entirely clear, so we need to clarify specifically:
Are we discussing dropping
It's already been patched.
The Ubuntu CVE tracker shows this [1], but also the relevant USN [2]
indicates that the issue is already 'fixed' in Ubuntu. (It doesn't
always result in a software version bump, sometimes it's just patches
getting applied to 'fix' the issue in the given version of the
It's already been patched.
The Ubuntu CVE tracker shows this [1], but also the relevant USN [2]
indicates that the issue is already 'fixed' in Ubuntu. (It doesn't
always result in a software version bump, sometimes it's just patches
getting applied to 'fix' the issue in the given version of the
Let's take a quick look at this though.
We import packages from Debian. 1.4 is an old version present only in Xenial:
weechat | 1.4-2| xenial/universe | source, all
weechat | 1.4-2ubuntu0.1 | xenial-security/universe | source, all
weechat | 1.4-2ubuntu0.1 |
If you need the nonstandard python I would suggest rolling a virtualenv for
Python in your system. It works fairly well - i’ve got multiple newer Python
running on my Xenial box for things that need it.
*Sent from my iPhone. Please excuse any typos, as they are likely to happen by
Consider that vulnerability scanners are 99% of the time **unaware** of
how the Ubuntu Security Team does updates.
Please compare what vulnerabilities are being reported against the
corresponding CVEs on the Security Team CVE tracker
(http://people.canonical.com/~ubuntu-security/cve/) and then
I would strongly suggest that you download the owncloud client from their
repositories on OpenSUSE’s servers - that is the fastest way to get an updated
version.
Backporting that piece of software is a manual optional process and not done
automatically. Therefore, there are no plans to
Based solely on the CVE information, I'd surmise we aren't affected by
CVE-2017-3733, because we don't have any OpenSSL 1.1.0 in the
repositories - anywhere. The original Apache announcement also
indicated that 1.0.2 is not affected, and the Security Team made a note
that only OpenSSL 1.1.x is
== Meeting information ==
* #ubuntu-meeting: ubuntu-server-team, 22 Aug at 16:01 16:37 UTC
* Full logs at
[[http://ubottu.com/meetingology/logs/ubuntu-meeting/2017/ubuntu-meeting.2017-08-22-16.01.log.html]]
== Meeting summary ==
=== Review ACTION points from previous meeting ===
The
You will need to look into the packages themselves, including the debian/rules
file inside the source package.
(I'd give more details but it's a pain to type on my phone)
*Sent from my iPhone. Please excuse any typos, as they are likely to happen by
accident.*
> On Aug 16, 2017, at 13:52,
Hello!
The version of Keepass2 in the Repositories is synchronized to Ubuntu
from Debian. Currently, Debian only has 2.35 out and available. Zesty
and Artful both have the most recent sync from Debian - 2.35.
For an older version to be in Ubuntu, it'd either need to be backported
or have a PPA
You add that PPA as a PPA dependency in your PPA itself. Then it includes that
repo in the builds environments and you then just refer to CMake as normal or
define a version equality in the control file.
There's nothing you do in your package's control file though - it's in the PPA
settings
I heard Thursday, on the IRC channel for the Release team.
*Sent from my iPhone. Please excuse any typos, as they are likely to happen by
accident.*
> On Feb 14, 2017, at 10:52, Ramon Marquez wrote:
>
> When it's going to be released the ISO Ubuntu 16.04.2? Had been
Steve,
On 04/18/2016 02:10 PM, Steve Langasek wrote:
> Hi Thomas,
>
> On Mon, Apr 18, 2016 at 02:00:43PM -0400, Thomas Ward wrote:
>> On 04/08/2016 12:39 PM, Steve Langasek wrote:
>>> Thanks to some stellar work by Dimitri Ledkov and Colin Watson, and as
>>> discus
Steve,
On 04/18/2016 02:10 PM, Steve Langasek wrote:
> Hi Thomas,
>
> On Mon, Apr 18, 2016 at 02:00:43PM -0400, Thomas Ward wrote:
>> On 04/08/2016 12:39 PM, Steve Langasek wrote:
>>> - If you are updating a package that carries a delta to its
>>>build-dep
Steve,
On 04/08/2016 12:39 PM, Steve Langasek wrote:
> ...
>
> Thanks to some stellar work by Dimitri Ledkov and Colin Watson, and as
> discussed on ubuntu-devel over the past couple of months[1,2], a change has
> been landed to Launchpad and the archive reports[3] to allow packages in
> main to
Forgive me for my comments, but let me backtrack a little on the email
chain a little and make a comment here...
I see that Ursula said there's a policy to get teams added to the
bugsquad team if they're upstream teams. That's not exactly correct,
you probably meant bugcontrol based on the
84 matches
Mail list logo