New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Replace google2fa library #14074

Closed
ibennetch opened this Issue Mar 12, 2018 · 7 comments

Comments

Projects
None yet
3 participants
@ibennetch
Member

ibennetch commented Mar 12, 2018

The google2fa library license has been corrected and it's now GPLv3. We'll need to replace it with something else.

References: https://lists.phpmyadmin.net/pipermail/developers/2018-March/020580.html antonioribeiro/google2fa#95

This blocks 4.8.0.

@ibennetch ibennetch added this to the 4.8.0 milestone Mar 12, 2018

@ibennetch

This comment has been minimized.

Member

ibennetch commented Mar 15, 2018

Looks like this is going to be resolved by google2fa relicensing as MIT: antonioribeiro/google2fa#100. Hurray!

@antonioribeiro

This comment has been minimized.

antonioribeiro commented Mar 15, 2018

It's resolved, we got the approval of the original developer of the Google2FA class, Phil, and the majority (98%) of contributors (by contributions), but still hoping to reach 100%.

@ibennetch

This comment has been minimized.

Member

ibennetch commented Mar 16, 2018

Thanks @antonioribeiro, we're thrilled to be able to include this in the upcoming release (version 4.8.0, probably due late this month). We appreciate your work to change the license!

@ibennetch ibennetch self-assigned this Mar 16, 2018

@ibennetch ibennetch closed this Mar 16, 2018

@ibennetch ibennetch removed their assignment Mar 16, 2018

@ibennetch

This comment has been minimized.

Member

ibennetch commented Mar 16, 2018

We still need to upgrade our usage to version 3.0.1 or later since the old version is GPL3. Reopening for now.

@ibennetch ibennetch reopened this Mar 16, 2018

@ibennetch

This comment has been minimized.

Member

ibennetch commented Mar 16, 2018

I see a change for version 3 "It's now mandatory to enable Google Api secret key access by executing setAllowInsecureCallToGoogleApis(true);" but other than that, I don't see any obvious change. I don't know whether that affects us; we might be able to just bump the version in composer.json without making changes.

@nijel nijel self-assigned this Mar 16, 2018

@nijel nijel closed this in adf30f1 Mar 16, 2018

@antonioribeiro

This comment has been minimized.

antonioribeiro commented Mar 16, 2018

setAllowInsecureCallToGoogleApis(true); is mandatory only if you are using Google API to generate QRCodes, but I usually tell people to create and inline it themselves. That's why I still keep bacon/bacon-qr-code in the suggestions.

@nijel

This comment has been minimized.

Member

nijel commented Mar 19, 2018

Yes, we do use bacon-qr-code for that.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment