search

pypi / warehouse

The Python Package Index
https://pypi.org
Apache License 2.0
3.58k stars 964 forks source link

A local alternative to gravatar #8211

Open isik-kaplan opened 4 years ago

isik-kaplan commented 4 years ago

What's the problem this feature will solve? Currently users have to[1] have a gravatar account in order to change their profile pictures, which then requires a wordpress account. That is way too much third-party accounts for something as simple as changing your profile picture.

Describe the solution you'd like Ideally users should be able to add either links on image files to pypi, with some basic cropping to fit the avatar size of the website. And there would be a handful of default pictures from which we can choose even if we choose not to upload a custom avatar.

Additional context Even if the described solution is too much work, then, at least a basic image upload with automatic cropping to the center to fit the image would be far better than the only option being gravatar.

[1]: If this is not required and I couldn't find how to change my profile picture without gravatar, pardon me. If this is the case, I think it is not obvious from the UI, but from the other issues I've read, I think gravatar is a must have to be able to change the avatar.

aschrijver commented 3 years ago

There is an additional consideration that makes a local alternative quite valuable. Gravatar is not 'eternally free' as they claim, because its use comes with trackers that are added to your site (see Privacy and Cookie policies). PyPi doesn't seem to have Gravatar amongst its trackers, so maybe you do a one-time grab of the avatar (I didn't check). But gravatar is ad-tech, where "less is more" :)

ewjoachim commented 3 years ago

Yep, avatars are loaded through a proxy (https://github.com/pypa/warehouse-camo). As far as I can tell, this removes most of the opportunity for Automattic to grab our users data while browsing PyPI.

I do understand that there can be very good reasons for not wanting to create an Automattic account.

Though I'm not sure how detrimental it is that one would not be able to set up an avatar on the website given user profiles on PyPI are not a very prominent feature. Especially given that the bandwidth for developments/maintenance is not that high, and this would add new file storage requirements, which would tap on the free budget we get from our infrastructure sponsors (some of which, you'll note, are also in the ad-tech business).

Having local avatars was definitely considered at some point. If any interested party intends to work on this, I'd guess we'd welcome it, but I'm not sure I'm convinced we should make it a priority for the active team. But I'm not the one making calls :)