Bug#927012: Redesign of libravatar.cgi and testing

2022-04-14 Thread Oliver Falk 
Hi!

Yes, libravatar never had the option to query with the plaintext identity
for good reasons.

Again, if there is anything I can do, please let me know!

Oliver

On Sat, Apr 9, 2022 at 6:09 AM Don Armstrong  wrote:

> On Fri, 08 Apr 2022, Oliver Falk wrote:
> > When I checked it yesterday, the script was still called with the mail
> > address !?
>
> The script is, but libravatar and gravatar are no longer called with the
> mail address; they're all using the md5 of the e-mail address now. [The
> script caches responses from libravatar and gravatar and serves them
> directly, so there's limited leakage of information on who is visiting a
> specific page.]
>
> > Let me know if I can help you in some way, I'm happy to do so if I
> > know what exactly is required.
>
> Thanks! To be honest, I haven't looked at the issue recently, so I'll
> have to dig in to see what was failing. [It's probably time to just have
> it use mod_perl directly instead of the CGI-based mod_perl.]
>
> --
> Don Armstrong  https://www.donarmstrong.com
>
> If you wish to strive for peace of soul, then believe; if you wish to
> be a devotee of truth, then inquire.
>  -- Friedrich Nietzsche
>
> --
> To unsubscribe, send mail to 927012-unsubscr...@bugs.debian.org.
>
>

-- 

Oliver Falk, RHCE

He/Him/His

Manager Customer Success - Germany

Red Hat 

fa...@redhat.com

M: +436641665645 IM: ofalk
@RedHat    Red Hat
  Red Hat



Red Hat Austria GmbH, Legal form: Limited company ("Gesellschaft mit
beschränkter Haftung") Registered seat: Vienna
Commercial registry file: FN 479668w, Commercial Court ("Handelsgericht") Vienna

Red Hat GmbH, http://www.de.redhat.com/, Registered seat: Grasbrunn,
Commercial register: Amtsgericht Muenchen, HRB 153243,
Managing Directors: Charles Cachera, Laurie Krebs, Michael O'Neill, Brian Klemm

Bug#927012: Redesign of libravatar.cgi and testing

2022-04-08 Thread Don Armstrong 
On Fri, 08 Apr 2022, Oliver Falk wrote:
> When I checked it yesterday, the script was still called with the mail
> address !?

The script is, but libravatar and gravatar are no longer called with the
mail address; they're all using the md5 of the e-mail address now. [The
script caches responses from libravatar and gravatar and serves them
directly, so there's limited leakage of information on who is visiting a
specific page.]

> Let me know if I can help you in some way, I'm happy to do so if I
> know what exactly is required.

Thanks! To be honest, I haven't looked at the issue recently, so I'll
have to dig in to see what was failing. [It's probably time to just have
it use mod_perl directly instead of the CGI-based mod_perl.]

-- 
Don Armstrong  https://www.donarmstrong.com

If you wish to strive for peace of soul, then believe; if you wish to
be a devotee of truth, then inquire.
 -- Friedrich Nietzsche

Bug#927012: Redesign of libravatar.cgi and testing

2022-04-08 Thread Oliver Falk 
On Fri, Apr 8, 2022 at 6:27 AM Don Armstrong  wrote:

> The basic code is working, but we were having performance issues which
> is why it was disabled on bugs.debian.org.
>
> I haven't had a chance to dig into exactly why it was failing, though
> now that everything is using md5sum of the e-mail addresses, I think the
> privacy concerns that were mentioned previously have been addressed.
>

When I checked it yesterday, the script was still called with the mail
address !?


> It's not super high on my priority list to fix, but I'll try to get to
> it when I have some time.
>

Let me know if I can help you in some way, I'm happy to do so if I know
what exactly is required.

Oliver

Bug#927012: Redesign of libravatar.cgi and testing

2022-04-07 Thread Don Armstrong 
The basic code is working, but we were having performance issues which
is why it was disabled on bugs.debian.org.

I haven't had a chance to dig into exactly why it was failing, though
now that everything is using md5sum of the e-mail addresses, I think the
privacy concerns that were mentioned previously have been addressed.

It's not super high on my priority list to fix, but I'll try to get to
it when I have some time.

-- 
Don Armstrong  https://www.donarmstrong.com

"You know," said Arthur, "it's at times like this, when I'm trapped in
a Vogon airlock with a man from Betelgeuse, and about to die from
asphyxiation in deep space that I really wish I'd listened to what my
mother told me when I was young."
"Why, what did she tell you?"
"I don't know, I didn't listen."
 –- Douglas Adams _The Hitchhikers Guide To The Galaxy_