Summary:<p>- Next version will be 3.0.0 which is major.minor.patch (v2 was used for OpenSSL FIPS). The letter will not be used anymore.<p>- Next version will be under the Apache 2.0 license instead of "Apache License 1.0 and 4-clause BSD License"[1].<p>The main difference between Apache License version 1 and 2 is that v2 is compatible with GPLv3. There are some other changes like clarifications and requiring a patent if you contribute code that would infringe a patent that you own. For an overview of Apache2, see [2].<p>Overall, doesn't sound like a large change.<p>[1] <a href="https://en.wikipedia.org/wiki/OpenSSL" rel="nofollow">https://en.wikipedia.org/wiki/OpenSSL</a><p>[2] <a href="https://choosealicense.com/licenses/apache-2.0/" rel="nofollow">https://choosealicense.com/licenses/apache-2.0/</a>
Regarding this text in the announcement:<p>"In practical terms our “letter” patch releases become patch numbers and “fix” is dropped from the concept. In future, API/ABI compatibility will only be guaranteed for the same MAJOR version number. Previously we guaranteed API/ABI compatibility across the same MAJOR.MINOR combination."<p>Does this mean 3.0.0, 3.0.1, 3.1.0 and 3.1.1 will all be ABI/API compatible?<p>This reads a bit ambiguously at face value in the announcement.
This is nice that it in theory removes the need for the OpenSSL exception, <i>except</i> that Apache 2.0 is still incompatible with GPLv2 so many projects will still need the OpenSSL exception. I wonder whether the common OpenSSL exception wording will cause problems with older projects that cannot update their exception (in particular the "modified versions with the same license as OpenSSL" section).
So they had to get rid of all the original Eric Young code?<p>Interesting that a reason it couldn't "just" be relicensed maybe dates back to RSA patent issues. <a href="https://lwn.net/Articles/428666/" rel="nofollow">https://lwn.net/Articles/428666/</a> comment from eay