In trading an email off-list a little bit about this subject, I just realized something:

On Fri, Apr 28, 2017 at 7:08 AM, Jim Jagielski <> wrote:
As a developer as well as end-user, and as someone who works
at a company that leverages FOSS, s/w obtained from the ASF
has always been "safe" in that there were always expectations
related to the s/w... one of which, as I have phrased it
before, is that it is "brain dead easy", legal-wise, to
consume it; that there's nothing in there that would cause lawyers
to get itchy.

Inclusion of non-OSI approved licenses make lawyers itchy.

I would only agree with this if we have evidence that OSI is trusted more than the ASF.

I don't think that is necessarily true. If the ASF provides a release and says "ALv2", then why not trust that?