I don't think anyone ever intended to release this under GPL or LGPL, and I don't think anyone believes that anyone released it under GPL or LGPL.
I hate to get into such an argument, but I don't know that.
To me, the pom accompanying the jar in maven central is much clearer evidence of intent than the text on the findbugs web site.
This pom? http://search.maven.org/#artifactdetails%7Ccom.google.code.findbugs%7Cjsr305%7C1.3.9%7Cjar Maybe I'm missing something, but it seems awfully unclear (claims to be ASLv2, points to a website which says lgpl/gpl in the first paragraph, but actually is BSD).
even though we know that there is no fire
I don't agree with your analogy here, again, because I do not accept that it is clear-cut that it obviously is BSD licensed. Additionally, I'm calmly asking a question – no jumping at all
There is a cost to transitioning to Stephen Colebourne's version: we stop using the javax.annotation package name, so we are no longer compliant with JSR-305.
This is true – I'm not sure if/how it would affect the maven-findbugs-plugin or other static analysis tools.