I'd like to get the HybridAuth distribution on the packaging whitelist so that it can be used in makefiles for Drupal install profiles.

It is dual-licenced with MIT and GPLv3
It is accessible at ^http://sourceforge.net/projects/hybridauth/files/hybridauth-.+\.zip/download$

Maintainers, if there's no reason why this isn't a good idea, I think you can move this issue over to the drupalorg_whitelist queue.

Comments

Project:HybridAuth Social Login - Facebook, Google, Twitter and more» Drupal.org Library Packaging Whitelist
Version:7.x-2.x-dev»

+1, Drupal commons is looking at using hybridauth for the distribution.

Drupal commons is looking at using hybridauth for the distribution.

Wow, this is pretty cool :) Looking forward to it - let me know if I can be of any help for it to happen (I'm the author and maintainer of HybridAuth 7.x-2.x and 6.x-2.x branches).

Status:Active» Needs work

Unfortunately while the HybridAuth code is MIT/GPL2, it includes libraries licensed as Apache v.2.

https://github.com/hybridauth/hybridauth/blob/master/hybridauth/Hybrid/t... (Apache v.2
https://github.com/hybridauth/hybridauth/blob/master/hybridauth/Hybrid/t... (Apache v.2 according to https://code.google.com/p/oauth/)

http://www.apache.org/licenses/GPL-compatibility.html

While an MIT license like https://github.com/hybridauth/hybridauth/blob/master/hybridauth/Hybrid/t... (MIT according to https://code.google.com/p/simple-linkedinphp/) can be relicensed as GPLv2 (ie. JQuery), Apache v.2 MUST remain Apache v.2. While they can be packaged with a GPLv3 project, they are NOT relicensed as GPLv3.

This licensing incompatibility applies only when some Apache project software becomes a derivative work of some GPLv3 software, because then the Apache software would have to be distributed under GPLv3. This would be incompatible with ASF's requirement that all Apache software must be distributed under the Apache License 2.0.

GitHub does NOT subscribe to the same licensing theory as Drupal.org. The act of committing the code to a repo does NOT change its license which is why code licensed as Apache 2 can be packaged with HybridAuth which uses the more flexible MIT/GPLv2 combo.

:(

I wanted to investigate hybridauth for future Kickstart branches too, it looks very smooth.

Status:Needs work» Needs review

Regarding the Facebook SDK being Apache v2 - just did a quick search for "Facebook" in the issue queue:
#1948982: Request to add Facebook PHP SDK to whitelist - closed and fixed, Apache v2 as already noted above...

So what should be our actions here? Revisit the issue I found or re-evaluate the HybridAuth library once again?

AndyB

We want to add the HybridAuth module incl. the library in the OpenideaL distribution, but unfortunately the library is not whitelisted.

As duozersk already mentioned, the Facebook PHP SDK is in the whitelist, so I wanted to ask again, if the library could be re-evaluated.

Thanks,
Raphael

Issue summary:View changes
Status:Needs review» Active