Comment 1 for bug 1057832

I see two options to resolve this inconsistency:

1. we implement the same kind of server-side fetching and caching of arbitrary third-party images
2. we drop the SHA256 hashes and redirect everything through Gravatar

Option #2 would of course be undesirable since it leads to a feature loss (and the MD5 problem is only going to get worse as time passes), but option #1 has several problems in our distributed environment:

- an attacker could abuse this server-side fetching and DoS the server's bandwidth or disk space by causing it to download lots of large images (Gravatar is affected by this problem, but they have more money!)
- it makes third-party implementations a lot harder