Why CLAs aren't good for open source (Opensource.com)

The other remedy is to fork the last Open Source licensed version and maintain that separately, as a community. OpenSSH was created like that, when the ssh.com license changed. Illumos was created like that when the OpenSolaris license situation changed. It's a lot more work than just distributed copyright preventing that license change. But for a project sufficiently important to the wider community it is possible.

More generally I think distributed copyright license grants that are "license FOO or other similar licenses" would be a more useful distributed copyright approach than strict licensing under the exact original project license, especially if (like OpenSSL) the original project is "home grown" rather than one of the handful of very widely accepted community derived licenses (BSD / MIT / GPL / MPL / maybe one or two others). The FSF recommended "GPL v2 or later" style approach is basically that, for the same reason, but "similar license" or something like it both constrains the next license to a similar spirit (preventing complete changes of direction) and also allows more flexibility, assuming broad community consensus (but maybe not *everyone* having to formally agree) that the replacement license is an acceptable substitute that is "similar" enough.

Ewen