I think I'd be against adding it to the policy, the aim of the policy has always been to keep it simple which licence to use so ensure code and be swapped around within and outwith KDE with minimal worry about different licences. Apache 2 doesn't add any useful use case to our licences that isn't already covered by another one, it's just a bit more explicit about the intended uses.
There's no problem with linking to Apache 2 code such as openssl. When Apache 2 licenced code is included in KDE because of policies used by other projects that share the code such as aether-ssas or mycroft that shouldn't be a problem, we can just note the reason why it's used and make clear the different licence. Jonathan
