No it won't. It will be unsupported. Bugs and security vulnerabilities will accrue making it less and less valuable over time. It's funny how the very people whose livelihood depends on perpetual software growth and maintenance are the first ones to claim FOSS is okay stuck at a particular version. Every company keeping their stack stuck on the permissive license is risking a log4j style event in the future.
That's true, but also very much independent from whether a once-free software went non-free or not. Log4j was absolutely a free software when that event happened. The same thing would happen if the maintainer don't see any more value in maintaining an FOSS software (including but not limited to monetary reasons) and stops doing so.
> It will be unsupported. Bugs and security vulnerabilities will accrue making it less and less valuable over time. [...] are the first ones to claim FOSS is okay stuck at a particular version. Every company keeping their stack stuck on the permissive license is risking a log4j style event in the future.
Your example shows the opposite of what you intended to show. It was the people stuck at a particular version of log4j (the old unsupported log4j 1.x branch) who avoided the vulnerability, while the ones who kept up-to-date with the maintained log4j 2.x branch were vulnerable. And it also shows the power of a permissive license: for those stuck at the older log4j 1.x branch, which had been abandoned by its maintainers, there's now a fork by someone else (https://reload4j.qos.ch/) which is being maintained.
That would be a much more relevant concern if we were talking about a database or library or something. In this particular case, mold is a linker, and I think people here are dramatically overestimating how likely there are to be security vulnerabilities in a linker or how little work is needed to keep it working at it's current level.
If commercial entities can do it, so can the FOSS community.