I'd like to get the HybridAuth distribution on the packaging whitelist so that it can be used in makefiles for Drupal install profiles.
Maintainers, if there's no reason why this isn't a good idea, I think you can move this issue over to the drupalorg_whitelist queue.
Name: HybridAuth
Repository:
https://github.com/hybridauth/hybridauth
https://packagist.org/packages/hybridauth/hybridauth
License files:
https://hybridauth.github.io/license.html
https://github.com/hybridauth/hybridauth/blob/master/COPYING.md
https://github.com/hybridauth/hybridauth/tree/master/src/Thirdparty
https://github.com/hybridauth/hybridauth/blob/master/src/Thirdparty/OAut...
https://github.com/hybridauth/hybridauth/blob/master/src/Thirdparty/Open...
License identifiers: MIT
Size: 128 Kbyte
Need: https://www.drupal.org/project/hybridauth
Comments
Comment #1
duozerskSure, no issues from my side.
Here are some required links:
GitHub repo - http://github.com/hybridauth/hybridauth
License - http://hybridauth.sourceforge.net/licenses.html
HybridAuth module - http://drupal.org/project/hybridauth
Download links (latest versions) - http://sourceforge.net/projects/hybridauth/files/hybridauth-2.1.2.zip/do... and http://sourceforge.net/projects/hybridauth/files/hybridauth-additional-p...
Regexp for links - ^http://sourceforge.net/projects/hybridauth/files/hybridauth-.+\.zip/download$
Thanks
AndyB
Comment #2
japerry+1, Drupal commons is looking at using hybridauth for the distribution.
Comment #3
duozerskWow, this is pretty cool :) Looking forward to it - let me know if I can be of any help for it to happen (I'm the author and maintainer of HybridAuth 7.x-2.x and 6.x-2.x branches).
Comment #4
kreynen CreditAttribution: kreynen commentedUnfortunately while the HybridAuth code is MIT/GPL2, it includes libraries licensed as Apache v.2.
https://github.com/hybridauth/hybridauth/blob/master/hybridauth/Hybrid/t... (Apache v.2
https://github.com/hybridauth/hybridauth/blob/master/hybridauth/Hybrid/t... (Apache v.2 according to https://code.google.com/p/oauth/)
http://www.apache.org/licenses/GPL-compatibility.html
While an MIT license like https://github.com/hybridauth/hybridauth/blob/master/hybridauth/Hybrid/t... (MIT according to https://code.google.com/p/simple-linkedinphp/) can be relicensed as GPLv2 (ie. JQuery), Apache v.2 MUST remain Apache v.2. While they can be packaged with a GPLv3 project, they are NOT relicensed as GPLv3.
This licensing incompatibility applies only when some Apache project software becomes a derivative work of some GPLv3 software, because then the Apache software would have to be distributed under GPLv3. This would be incompatible with ASF's requirement that all Apache software must be distributed under the Apache License 2.0.
GitHub does NOT subscribe to the same licensing theory as Drupal.org. The act of committing the code to a repo does NOT change its license which is why code licensed as Apache 2 can be packaged with HybridAuth which uses the more flexible MIT/GPLv2 combo.
Comment #5
bojanz CreditAttribution: bojanz commented:(
I wanted to investigate hybridauth for future Kickstart branches too, it looks very smooth.
Comment #6
duozerskRegarding the Facebook SDK being Apache v2 - just did a quick search for "Facebook" in the issue queue:
#1948982: Facebook PHP SDK - closed and fixed, Apache v2 as already noted above...
So what should be our actions here? Revisit the issue I found or re-evaluate the HybridAuth library once again?
AndyB
Comment #7
Raphael Dürst CreditAttribution: Raphael Dürst commentedWe want to add the HybridAuth module incl. the library in the OpenideaL distribution, but unfortunately the library is not whitelisted.
As duozersk already mentioned, the Facebook PHP SDK is in the whitelist, so I wanted to ask again, if the library could be re-evaluated.
Thanks,
Raphael
Comment #8
z.stolar CreditAttribution: z.stolar commentedComment #9
kreynen CreditAttribution: kreynen commentedThe Facebook SDK should have never been approved. Nothing that is really licensed as only Apache 2, GPLv3 or LGPLv3 is GPLv2 compatible. While the Facebook SDK could potentially be re-added if we #1449452: Give installation profiles/distributions GPLv3+ license as option for packaged downloads, if we're not going allow that then all Apache 2 entries need to be removed.
#2307465: Update Whitelist License Taxonomy to Match Allowed Licenses
Comment #10
gisleThe sourceforge repo: https://sourceforge.net/projects/hybridauth/ is now empty, the main public repo is GitHub: https://github.com/hybridauth/hybridauth
The entire package (including OAuth and OpenID) is now under the MIT license
There are no longer any submodules with any diverging license.
The links in #4 no works.
It is also available from https://packagist.org/packages/hybridauth/hybridauth
Whitelisted: https://www.drupal.org/node/3078747