Support » Plugin: Avatar Privacy » Usage of AP Icon and Name in related open source plugin?

  • dartrax


    I’m about to publish my first extension for Flarum.
    Flarum is an open source forum software that I use together with WordPress.
    Since it is a stand alone software (not a WordPress plugin), some extensions are needed to make an integrated experience for the visitors.
    One part of that is to display the same Avatars on both, WordPress and Flarum. I “created” (forked and customized work by AlexanderOMara) an extension that uses the cached files from Avatar Privacy to display the same avatars in Flarum. (It can do this since the cache url and the salt key is given via an admin setting and the users email address is the same in the user’s profile in flarum)

    So, this extension requires Avatar Privacy in WordPress and extends the functionality of Avatar Privacy to a Flarum Forum.

    My Question is: Do you allow to name that extension “Flarum WordPress Avatar Privacy” and reuse you Avatar Privacy Icon?
    You can take a look here:
    The icon is “icon.png”, it will be shown within the Flarum admin UI and on Extiverse:

    If not, I can easily exchange it to something else. My intention was to make the functional relationship to Avatar Privacy recognizable (and because I’m lazy).
    If yes, do you have an SVG Version of that Icon?

    Please also let me know if I should change the credits in (or somewhere else). Thanks in advance!

    • This topic was modified 2 months ago by dartrax.
Viewing 5 replies - 1 through 5 (of 5 total)
  • Plugin Author pepe


    Hi @dartrax!

    Please do not use the icon (and I really wish you’d waited for my reply on this).

    As for the name, I’m fine with it, though I think it would be better if it stated the relationship more clearly (i.e. that it is an integration layer between to separate ”products”). Hover, I’m not familiar with Flarum naming conventions. That aside, I’d suggest you ask the appropriate channels regarding the use of the WordPress trademark.

    I’ve looked over your repository and I’ve noticed two things:

    1. Your plugin uses MPL 2.0. This means you can’t reuse any GPLed code from the WordPress plugin, even with proper attribution, because the licenses are not compatible (at least not in that direction). (You are not doing that at the moment, but that brings me to my second point.)
    2. The assumptions regarding hash generation will probably not hold forever and so the current implementation is very, very fragile. In fact, it will probably not work for some people today because Avatar Privacy up to and including 2.3.x encodes the “object type” (anonymous comment or registered user) into the subdirectory, without even considering local avatars, default avatars etc.
    Plugin Author pepe


    BTW, you have disabled the issues tracker in the repository (though the README says to open issues).

    Thread Starter dartrax


    Hi @pputzer,
    thanks for your reply!

    • The extension is not yet released or made public to the flarum extension repository (extiverse), I would not have done that without your permission.
      Changing the icon’s color is not enough, I assume? I’ll use some font-awesome-icon, in that case.
    • I’ll update the Tagline beneath the title to better express the relationship.
    • Thank you for even looking into the repository and for pointing out the issue tracker, I’ll enable that.
    • Can you explain how the object type is encoded into the subdirectory? In which file/line can I find that? I do only need the cached avatar urls for registered users, because anonymous avatars are not used at flarum.
    • I know it’s fragile because I do not use an official, documented way to obtain the avatars. I’ve tried to get the avatar url by rest api call, but I’ve got “Sorry, you are not allowed to list users.” for non admins even if I just need the avatar of the logged-in user. So the current way is fast and works for me for now, may be I or someone else comes up with a better solution in future.
    • Should I use any of your or wordpress’ code in future, which license do I need? GPL 2.0 I assume…
    Plugin Author pepe


    Hi @dartrax,

    Unfortunately, changing the colors won’t be enough no. (GitHub is public, too.)

    The subdirectory is generated here, though I’ve removed that logic from (the currently unreleased) version 2.4.0.

    WordPress 5.6 includes application passwords as an authentication method for the REST API, so that may help you here? If not, I think there are plugins to add OAuth2 as an authentication method (in addition to the cookie-based authentication included with Core).

    Using the REST API would certainly be the better approach, because the path to the cached avatars also depends on whether it’s a locally uploaded avatar, a cached gravatar or a default avatar generated for that user.

    As for incorporating parts of WordPress plugins, please always have a look at the included LICENSE and any the licenses of any third-party modules (which may differ, although they must be compatible with GPL overall). WordPress plugins in the repository may be GPL 2.0, GPL 3.0 or GPL x.x-or-later (e.g. GPL 2.0+). If you do copy code, it should be documented in the source file (with original attribution and license provisions) and in the docblocks of the methods/classes/functions containing the re-used code, not just the README. (The classic answer to “May I …” is “It depends”.)

    • This reply was modified 2 months ago by pepe.
    Thread Starter dartrax


    Thank you for your explanations. I hope I’ve changed or at least documented all the new aspects and ideas by now, if that’s the case, you may close the topic 🙂

Viewing 5 replies - 1 through 5 (of 5 total)
  • You must be logged in to reply to this topic.