blog.glock.co.za

During UDS Karmic I was listening to the security remote audio stream where  a concept of automatically identifying security fixes in Debian and identifying exact version matches in Ubuntu was discussed.  I decided to give it a try and managed to hack something together.

The result is that we managed to sync approx 45 source security packages from Debian into Ubuntu (all releases) and have identified many 'easy' security merges.

You can currently view the outstanding list here (although the location may be moving in the future)

LP API
The python LP API is great for working with launchpad. If you need to do something with data in launchpad, i would recommend you check it out.  I had some issues with it though - staging was often down or unavailable for some reason or  other (may have been transient).  The getPublishedSources method returns all the versions. I was unable to get the latest version only. At the end i ended up reading the sources into a sqlite database to find the latest version.

Other nifty stuff
- pyparser to parse the DSA (Debian Security Announcement) list. I had never used it before and its pretty funky!
- lxml.html to screenscrape the Ubuntu CVE status. (ok, so maybe i still don't know how this works)
- jquery to do table sorting on the web page.
- jdstrand wrote a script for archive admins to do this fake security sync in a sane way (naming, testing etc)

Some issues
Whenever the program runs, it needs to get all the information from launchpad again, screen scrape and then compare.  I plan on modifying this (hopefully on the weekend) to keep the complete state in the sqlite database and then only compare new dsa entries.

How you can help
There are many easy security fixes that require a merge from Debian to Ubuntu. One of the most challenging parts to fixing a security bug is identifying the relevant fix. The good part is, this is already done! Its in Debian and we just need to merge it into our Ubuntu version. Drop by #ubuntu-motu for some assistance and check out the security team wiki for preparation info and some detailed instructions.

Code
Currently the code is located here - bzr branch lp:~stefanlsd/+junk/d2u
Please do excuse my basic python skills, this project was more about learning and I realise there must be so many ways to make it better.

Thanks
Thanks go to jdstrand & kees (concept ideas, debugging help), dash (#python helping with lxml), jamesw & wgrant (lots of launchpad help).

We just held South Africa's (possibly Africa's) first PackageJam! I would like to thank everyone who attended for making it such an enjoyable event.

There were 10 of us that made it, and although only planned for a morning, we ended up staying until late afternoon.

My personal aim for the event was to just assist enough to get people over that first 'i don't know whats going on hump' and hopefully encourage and get some more developers and MOTU's from South Africa!

Very often the MOTU wiki pages can appear daunting, but its really not that bad, but you have to just start somewhere.

We started with general introductions, watched all the awesome dholbach MOTU videos and landed up in the lab where everyone looked at packaging specific things they were interested in.

We had the upstream author of 'gosmore' and 'virtaal' and also two bzr developers which was awesome!

Although nothing was actually packaged on the day, im hoping to be sponsoring some stuff really soon!

Rock on guys :)

More photo's can be found here: http://www.flickr.com/photos/35619044@N07/sets/72157620498148669/

--

Some resources that we used:

https://wiki.ubuntu.com/MOTU/GettingStarted
https://wiki.ubuntu.com/UbuntuDevelopers
https://wiki.ubuntu.com/Teams
https://wiki.ubuntu.com/UbuntuDeveloperWeek
http://daniel.holba.ch/harvest
http://packages.qa.debian.org/
http://qa.ubuntuwire.com/uehs/
https://wiki.ubuntu.com/PackagingGuide/Basic

Thanks to the guys that attended the Global Bug Jam - Johannesburg, South Africa!

Although there were only 4 of us, we had an awesome time and managed to do 71 bugs in the couple of hours we were together. I also think we were the only group to do something officially on the African continent (I hope i'm wrong though).  I hope that the stuff learnt today will continue to be used to improve our great distribution.

Some more pics from the event are located here... http://picasaweb.google.com/stefan.lsd/GBJ2009

With 71 bugs, you will be pleased to know that the ZA team is 5th on the list! (I suspect this may change as the US wakes up!)

Preliminary stats can be found here - http://daniel.holba.ch/five-a-day-stats/

We were watching the bugjam video by Daniel Holbach, and the one thing that I took from it was that fact that it doesn't matter how many bugs you fix, but as long as you get together and have a good time. I think everyone had a good time, all learnt and happily managed to give something back to Ubuntu.

Special props to Robyn (rpenhall) as a first time launchpad user (and even non Linux user!). She registered a LP account this morning and despite not knowing Linux or Ubuntu at all, did amazingly and was able to contribute to Ubuntu. It really just shows that anyone, doesn't matter what kind of experience you have, is able to join in.

I really hope to see more of the same and new guys next time! (We have a package jam in planning that is going to rock!)

I think a highlight for me was joining the streaming video from the 'Brummie Jam' - I have no idea where that was, but they sounded english! It really felt as if it was a global effort watching the English eating chocolate cake and chatting about bugs.

Thanks everyone for all the work (and don't stop now!!)

PS: For the guys that didn't come, you can still contribute! Add your name to https://wiki.ubuntu.com/Bugs/Events and help give some bugs some love! https://wiki.ubuntu.com/Bugs/HowToTriage may be useful!

PPS: This is actually my first post to Planet Ubuntu, although I have been a member for some time.