[kibwen]

Anyone with a potential copyright claim on the source can take legal action if they believe that their rights have been violated. If you object to OpenSSL relicensing and have contributed to it, you can sue them if they go through with it. Likewise, if you violate the license of any other software project, that project can sue you. OpenSSL is betting that the vast majority of contributors will agree, and that the rest will either not care or won't sue, and if someone does sue they're hoping that person's contributions are minimal enough that they can be removed from the codebase.

[gizmo686]

The problem is that this can happen at anytime. As a user of OpenSSL, I have no guarantee that a contributor won't, at some point in the future, decide to sue over this. Once that happens, I would have to remove their contributions from my copy [0], or risk being sued. Further, if enough time passes, and there are contributions under the new license, I would have to comply with both licences (which are incompatible).

The core problem here is not that they are changing the license. It is that it is now not clear what license is actually in effect; and it could very possibly end up being both.

The upside to this is that no one enforces these licenses anyway.

[0] Which might be a bigger deal in other contexts, for a security library, I should be staying up to date anyway.