Page MenuHomePhabricator

Fix the problem with gravatar and mailman3
Closed, ResolvedPublic

Description

It's basically this issue in hyperkitty: https://gitlab.com/mailman/hyperkitty/-/issues/303

If we don't fix this. Seeing mailing lists archives will be broken because hyperkitty doesn't work without gravatar:


From: https://lists-beta.wmflabs.org/hyperkitty/list/test-high-volume@lists.beta.wmflabs.org/thread/TOFSYCOMTGUWZPXNZGGIK3TBRCYAKAQJ/

Enabling gravatar is not an option. Privacy Policy. One idea would be to have a small service as a proxy between gravatar.com and our users which would comply with privacy policy (and has been in several other places too). But that needs approval from legal and SRE before moving forward. If all fails, we can fix hyperkitty ourselves. It shouldn't be too hard.

Event Timeline

It would be great if the gravatar proxy were a service available for all kinds of tools, as there are plenty of potential applications (T191183: Enable avatars in gerrit for example).

I just realized by adding this js snippet we can fix it for now:

$('.gravatar').remove();

There is no need to actually proxy gravatar. We could have our own instance. Gravatar is just a service mapping email md5 to an uploaded image. Is people still uploading their avatars there? Didn't that stop like a decade ago? Even if some people have an image there, it seems saner to use our own "wikimedia avatars". I'm not particularly happy on using the (hashed) email as primary key, but that seems to be what they are working with.

So the fix is merged upstream, we can probably package it and deploy it?

So the fix is merged upstream, we can probably package it and deploy it?

Does the fix cleanly applies to the packaged version? if so, it would be enough to just add one further debian patch and rebuild the package.

So the fix is merged upstream, we can probably package it and deploy it?

Does the fix cleanly applies to the packaged version? if so, it would be enough to just add one further debian patch and rebuild the package.

Just tried it. It doesn't apply cleanly (the patch is rather big and touches lots of places). One way to do it is to actually just package 1.3.4 altogether for buster and use that instead? That's the version that's going to go to bullseye and 1.3.4 has the fix. I don't think it'd be that different to cause issues with mailman itself and they communicate through REST APIs so I hope it'd be stable.

Legoktm claimed this task.
Legoktm added a subscriber: Legoktm.

We ended up patching out gravatar instead: https://salsa.debian.org/legoktm/hyperkitty/-/commit/de3e8a12825907180949d3f6983dfbdaea1f547a - there's some weird whitespace in a few places but better than before.