Hackers have a lot of odd superstitions about software licensing. I was reminded of this recently when a project maintainer asked me whether he needed to get a sign-off from each and every one of his contributors before switching from Apache v1 to Apache v2. Here’s what I told him:
My opinion is this. Under U.S. law — and I believe European codes are not different in this respect, because both are controlled by the Berne convention — a license change on a collection is grounds for protest or legal action only if the rights of the contributors are materially affected by the change. That is, a court would have to be persuaded that the change caused a monetary loss or at least damage to a contributor’s public reputation. If there is no such possibility, then there is no harm and no grounds for complaint.
It is clear that there is such a claim when a license is changed from open source to proprietary, or from proprietary to open source, without the author’s consent (the legal categories that apply are “unjust enrichment” and perhaps “conversion”). But no such claim can plausibly be made about Apache v1 to v2. A court would laugh at you if you tried. The applicable rule in English and American common law is called “De minimis non curat lex” – “The law does not concern itself with trifles.”
I think the closest an open-source license change might come to meeting the “materially-affected” test would be a change from an infectious license like GPL to a non-infectious one. Even that, I think, is doubtful.
Hackers have some weird superstitions in this area – they behave as though they think modifying a license even trivially is some sort of soul-stealing evil voodoo against the person who attached it, and they think the law treats license attachments as sacred and immutable. It doesn’t – certainly not for collective works.
So I’m telling you that you may have gone beyond what the law requires by asking about the GPL-to-Apache-v1 license change, and you are certainly beyond it in worrying about Apache v1 to v2,
I think you did right in respecting hacker customs by going beyond the law in the first case, but to worry about the second would be excessive.
UPDATE: Yes, the maintainer had previously changed the project from GPL to Apache v1. Then, another project that he wanted to amalgamate code with switched to Apache v2.