We discuss playing Tomb Raider, OEMs “making distros” is so hot right now, RED make a smartphone from the future, Skype gets an update and users hate it, Gangnam style loses its YouTube crown.

It’s Season Ten Episode Nineteen of the Ubuntu Podcast! Alan Pope, Mark Johnson and Martin Wimpress are connected and speaking to your brain.

In this week’s show:

That’s all for this week! If there’s a topic you’d like us to discuss, or you have any feedback on previous shows, please send your comments and suggestions to [email protected] or Tweet us or Comment on our Facebook page or comment on our Google+ page or comment on our sub-Reddit.


2 Comments » for S10E19 – Inconclusive Squalid Driving
  1. So for each release of VLC in all four supported Ubuntu releases, my process was the following:
    1. Get the package locally and see if there were any notes from upstream about any of the CVEs not being applicable (that was the case for one of them in Trusty).
    2. I did this once and I just kept the packages in a separate directory, but using Quilt, get all 6 patches from upstream, move them into debian/patches/, and use my goto guide for updating patches in Debian/Ubuntu packages ( https://raphaelhertzog.com/2012/08/08/how-to-use-quilt-to-manage-patches-in-debian-packages/ ) to see if any of them were reverse applicable (and to refresh them for that release of VLC). Remove the ones that were, and make a note in the bug report if they were.
    3. Make a new entry in debian/changelog with the proper format for an SRU, set the urgency to high, and use the same general template to make it clear it’s a security release. For all except the development release, make the release name $CODENAME-security For the development release, just artful.
    4. Upload it to my PPA (which has all architectures enabled that I can as a non-Canonicaler, s390x is not one of them, it would really give me more peace of mind if they would just finish the security things they need to do for that so contributors like me could know that it doesn’t randomly fail on an arch that very few people have hardware access to… :/) and make sure there are no build errors. Get an ISO of that release of Lubuntu on my system, boot up the ISO on my laptop, enable the PPA, and install VLC. I tested the parts of VLC that I patched and in general played around with each one for about 10 minutes. YMMV irt how much time you spend testing it, as long as you make sure 100% that there are zero regressions.
    5. Get a debdiff and attach it to the bug report. I always mess this part up and end up having to upload a second one because I forget to run debuild -S. I’m getting better about remembering though. sigh 😛
    6. Jump into #ubuntu-hardened on IRC and tell the channel the fact that I have patches for VLC ready to be sponsored. Each week, the member of the security team assigns a team member to process community updates that come in, and their name is always in the topic (I didn’t ping Emily, she just saw the message in the channel). She uploaded my patches and gave me a ping that she did so.

  2. samvde says:

    Martin asked the audience about the message that was given by Canonical wrt. them withdrawing from the mobile marketspace. I want to reply because I think there is a big problem in Linux.

    I think that the message from Mark S. was a bit vague, but simple in the end: “We withdraw from Mobile and Convergence, we still want to be invested in shipping the best desktop OS”. And it seems what we’ll get is exactly that. No news there.

    What we then saw unfortunately were a lot of podcasters and news sites big and small jumping on this like maniacs, being extremely vocal and loud in giving their version of the intentions of Canonical and spreading FUD that the Ubuntu desktop was now officially dead. I have mentioned it several times in the past and I still consider this extremely poor quality of coverage of Linux news damaging to the larger ecosystem. Give facts and opinion, but don’t present the opinion as fact. It is not that hard really.

    As to System76. I sincerely hope Canonical had the insight of discussing this strategic decision and especially the element of uncertainty it brings with their most important partners beforehand. If not, I would conclude someone dropped the ball big time, or indeed System76 is not that important to Canonical after all.

Leave a Reply