HybridAuth library on packaging whitelist

Sure, no issues from my side.

Here are some required links:
GitHub repo - http://github.com/hybridauth/hybridauth
License - http://hybridauth.sourceforge.net/licenses.html
HybridAuth module - http://drupal.org/project/hybridauth
Download links (latest versions) - http://sourceforge.net/projects/hybridauth/files/hybridauth-2.1.2.zip/do... and http://sourceforge.net/projects/hybridauth/files/hybridauth-additional-p...
Regexp for links - ^http://sourceforge.net/projects/hybridauth/files/hybridauth-.+\.zip/download$

Thanks
AndyB

+1, Drupal commons is looking at using hybridauth for the distribution.

Drupal commons is looking at using hybridauth for the distribution.

Wow, this is pretty cool :) Looking forward to it - let me know if I can be of any help for it to happen (I'm the author and maintainer of HybridAuth 7.x-2.x and 6.x-2.x branches).

Unfortunately while the HybridAuth code is MIT/GPL2, it includes libraries licensed as Apache v.2.

https://github.com/hybridauth/hybridauth/blob/master/hybridauth/Hybrid/t... (Apache v.2
https://github.com/hybridauth/hybridauth/blob/master/hybridauth/Hybrid/t... (Apache v.2 according to https://code.google.com/p/oauth/)

http://www.apache.org/licenses/GPL-compatibility.html

While an MIT license like https://github.com/hybridauth/hybridauth/blob/master/hybridauth/Hybrid/t... (MIT according to https://code.google.com/p/simple-linkedinphp/) can be relicensed as GPLv2 (ie. JQuery), Apache v.2 MUST remain Apache v.2. While they can be packaged with a GPLv3 project, they are NOT relicensed as GPLv3.

This licensing incompatibility applies only when some Apache project software becomes a derivative work of some GPLv3 software, because then the Apache software would have to be distributed under GPLv3. This would be incompatible with ASF's requirement that all Apache software must be distributed under the Apache License 2.0.

GitHub does NOT subscribe to the same licensing theory as Drupal.org. The act of committing the code to a repo does NOT change its license which is why code licensed as Apache 2 can be packaged with HybridAuth which uses the more flexible MIT/GPLv2 combo.

:(

I wanted to investigate hybridauth for future Kickstart branches too, it looks very smooth.

Regarding the Facebook SDK being Apache v2 - just did a quick search for "Facebook" in the issue queue:
#1948982: Facebook PHP SDK - closed and fixed, Apache v2 as already noted above...

So what should be our actions here? Revisit the issue I found or re-evaluate the HybridAuth library once again?

AndyB

We want to add the HybridAuth module incl. the library in the OpenideaL distribution, but unfortunately the library is not whitelisted.

As duozersk already mentioned, the Facebook PHP SDK is in the whitelist, so I wanted to ask again, if the library could be re-evaluated.

Thanks,
Raphael

The Facebook SDK should have never been approved. Nothing that is really licensed as only Apache 2, GPLv3 or LGPLv3 is GPLv2 compatible. While the Facebook SDK could potentially be re-added if we #1449452: Give installation profiles/distributions GPLv3+ license as option for packaged downloads, if we're not going allow that then all Apache 2 entries need to be removed.

#2307465: Update Whitelist License Taxonomy to Match Allowed Licenses

The sourceforge repo: https://sourceforge.net/projects/hybridauth/ is now empty, the main public repo is GitHub: https://github.com/hybridauth/hybridauth

The entire package (including OAuth and OpenID) is now under the MIT license

There are no longer any submodules with any diverging license.

The links in #4 no works.

It is also available from https://packagist.org/packages/hybridauth/hybridauth

Whitelisted: https://www.drupal.org/node/3078747