From 28bf56b8718fc545ed94e3fdb09a3cfa446ca61e Mon Sep 17 00:00:00 2001 From: Lars Ingebrigtsen Date: Wed, 29 Jul 2020 08:47:29 +0200 Subject: [PATCH] Don't default to librgravatar, since there are security implications * lisp/image/gravatar.el (gravatar-service): Change the default from libravatar, since that has privacy concerns (bug#40676). --- lisp/image/gravatar.el | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/lisp/image/gravatar.el b/lisp/image/gravatar.el index ff59a72ac87..5b5c27dbe17 100644 --- a/lisp/image/gravatar.el +++ b/lisp/image/gravatar.el @@ -125,11 +125,14 @@ a gravatar for a given email address." (libravatar . ,#'gravatar--service-libravatar)) "Alist of supported gravatar services.") -(defcustom gravatar-service 'libravatar +(defcustom gravatar-service 'gravatar "Symbol denoting gravatar-like service to use. Note that certain services might ignore other options, such as `gravatar-default-image' or certain values as with -`gravatar-rating'." +`gravatar-rating'. + +Note that `'libravatar' has security implications: It can be used +to track whether you're reading a specific mail." :type `(choice ,@(mapcar (lambda (s) `(const ,(car s))) gravatar-service-alist)) :version "28.1" -- 2.39.2