The Apache to AGPL re-licensing seems OK - considering that many other projects in similar situation chose non-FOSS licenses like BSL. But CLA replacing DCO? What will prevent the project from going closed-source in the future, without the approval of the contributors? This doesn't look good for the project.
From reading some of the comments on this at HackerNews from others and from the CEO (username is Arathorn there), I think it is a change that needed to happen - though not an ideal one at first glance. I agree with twicetwice's take most of all. For what it's worth I 100% believe that they have everyone's best interests at heart right now, and that they're using the CLA to save themselves from getting buried by their proprietary opponents. I don't make a habit of trusting anyone though, and I would really prefer to see this revisited in the future if at all possible. In the unlikely event that they flip the license to closed, I think the open-source side of Matrix should still live on through alternative implementations and nothing will be irreparably lost?
Moving to AGPL means enterprises stop using your software and improving it in-house with the possibility of patches “leaking” out when there isn’t a clear OSS contribution model. Going AGPL does prevent AWS from turning Matrix into Opentrix, but it also just focuses the major hosts on platforming your community product instead of improving your product. Their inspiration is Grafana. Time will tell if that’s going to pan out. The enterprises I’ve consulted for use hosted Grafana like Amazon Managed Grafana, not Grafana Cloud.
I personally am very wary of any AGPL project in any corporate setting. I’ve convinced companies to move the other way, from AGPL to Apache, because I also warn companies AGPL poses a compliance risk.