Page MenuHomePhabricator
Create Task
Maniphest T256541

Fix the problem with gravatar and mailman3
Closed, ResolvedPublic
Actions

Description

It's basically this issue in hyperkitty: https://gitlab.com/mailman/hyperkitty/-/issues/303

If we don't fix this. Seeing mailing lists archives will be broken because hyperkitty doesn't work without gravatar:

image.png (307×660 px, 15 KB)

From: https://lists-beta.wmflabs.org/hyperkitty/list/test-high-volume@lists.beta.wmflabs.org/thread/TOFSYCOMTGUWZPXNZGGIK3TBRCYAKAQJ/

Enabling gravatar is not an option. Privacy Policy. One idea would be to have a small service as a proxy between gravatar.com and our users which would comply with privacy policy (and has been in several other places too). But that needs approval from legal and SRE before moving forward. If all fails, we can fix hyperkitty ourselves. It shouldn't be too hard.

Related Objects
Search...

Event Timeline

Ladsgroup created this task.Jun 27 2020, 4:17 PM
Restricted Application added a subscriber: Aklapper. · View Herald TranscriptJun 27 2020, 4:17 PM
Tgr added a comment.Jun 29 2020, 1:00 PM

It would be great if the gravatar proxy were a service available for all kinds of tools, as there are plenty of potential applications (T191183: Enable avatars in gerrit for example).

jcrespo moved this task from Backlog to Mailman v3 on the Wikimedia-Mailing-lists board.Jul 8 2020, 10:05 AM
herron triaged this task as Low priority.Jul 27 2020, 7:38 PM
Ladsgroup added a comment.Aug 8 2020, 8:57 PM

I just realized by adding this js snippet we can fix it for now:

$('.gravatar').remove();
Platonides subscribed.Aug 8 2020, 11:38 PM

There is no need to actually proxy gravatar. We could have our own instance. Gravatar is just a service mapping email md5 to an uploaded image. Is people still uploading their avatars there? Didn't that stop like a decade ago? Even if some people have an image there, it seems saner to use our own "wikimedia avatars". I'm not particularly happy on using the (hashed) email as primary key, but that seems to be what they are working with.

Ladsgroup added a comment.Aug 9 2020, 8:49 PM

I filed https://gitlab.com/mailman/hyperkitty/-/issues/306 for custom CSS for now.

Ladsgroup mentioned this in T191183: Enable avatars in gerrit.Sep 17 2020, 4:27 PM
Tgr mentioned this in T263161: Set up a Gravatar proxy in Wikimedia production.Sep 17 2020, 5:29 PM
Aklapper merged a task: T263355: Hyperkitty in Mailman 3 shows no profile pictures.Sep 20 2020, 3:31 PM
Aklapper added a subscriber: Kizule.
Peachey88 subscribed.Sep 20 2020, 8:33 PM
Legoktm added a project: Upstream.Dec 25 2020, 2:04 AM
Ladsgroup added a comment.EditedJan 30 2021, 3:40 PM

So the fix is merged upstream, we can probably package it and deploy it?

Quiddity awarded a token.Feb 3 2021, 8:12 PM
Aklapper moved this task from Backlog to Patch merged upstream on the Upstream board.Feb 10 2021, 11:21 AM
Krinkle awarded a token.Feb 17 2021, 2:21 AM
Joe subscribed.Feb 25 2021, 9:33 AM
In T256541#6789243, @Ladsgroup wrote:

So the fix is merged upstream, we can probably package it and deploy it?

Does the fix cleanly applies to the packaged version? if so, it would be enough to just add one further debian patch and rebuild the package.

Ladsgroup added a comment.Feb 27 2021, 8:21 PM
In T256541#6860002, @Joe wrote:
In T256541#6789243, @Ladsgroup wrote:

So the fix is merged upstream, we can probably package it and deploy it?

Does the fix cleanly applies to the packaged version? if so, it would be enough to just add one further debian patch and rebuild the package.

Just tried it. It doesn't apply cleanly (the patch is rather big and touches lots of places). One way to do it is to actually just package 1.3.4 altogether for buster and use that instead? That's the version that's going to go to bullseye and 1.3.4 has the fix. I don't think it'd be that different to cause issues with mailman itself and they communicate through REST APIs so I hope it'd be stable.

Ladsgroup mentioned this in T276687: Backport hyperkitty 1.3.4 for buster.Mar 6 2021, 11:06 PM
Ladsgroup added a subtask: T276687: Backport hyperkitty 1.3.4 for buster.Mar 10 2021, 1:17 PM
Ladsgroup closed subtask T276687: Backport hyperkitty 1.3.4 for buster as Declined.Mar 25 2021, 7:32 AM
Legoktm closed this task as Resolved.Mar 25 2021, 7:44 AM
Legoktm claimed this task.
Legoktm subscribed.

We ended up patching out gravatar instead: https://salsa.debian.org/legoktm/hyperkitty/-/commit/de3e8a12825907180949d3f6983dfbdaea1f547a - there's some weird whitespace in a few places but better than before.

Aklapper added a comment.Mar 25 2021, 10:46 AM

Related, mentioning just for cross-linking: T263161: Set up a Gravatar proxy in Wikimedia production

Content licensed under Creative Commons Attribution-ShareAlike (CC BY-SA) 4.0 unless otherwise noted; code licensed under GNU General Public License (GPL) 2.0 or later and other open source licenses. By using this site, you agree to the Terms of Use, Privacy Policy, and Code of Conduct. · Wikimedia Foundation · Privacy Policy · Code of Conduct · Terms of Use · Disclaimer · CC-BY-SA · GPL · Credits