I mean obviously for the community this is bad, but I 100% get that doing anything for free is best effort. They don't even need to have this policy 100% of the time to make large orgs using FOSS with no SLA for vulnerability patching sweat. Which frankly they should.
For real, I'm gonna use this as a tactic to say "we shouldn't rely on software without warranty and support, FOSS or proprietary.". Just to get money flowing to devs, because for it's for real reckless to contribute nothing to keeping pieces of your critical infra secure