That's why I think such OSS packages should use licenses that force large companies to pay (moderate) fees for maintenance. I assume such sums of money won't even tickle them.
Imagine 10 large companies, each pay $1000 a month for critical packages they use. For each developer, that's $10,000 they can either use to quit their current job or hire another person to share the burden.
You may as well just slap a "no commercial use" restriction on it. It takes months to go through procurement at the average big company, and still would if the package cost $1. Developers at these companies will find something else without the friction.
I’m not an expert on this. if it ticks all the legal and other issues big companies need to deal with in a frictionless manner, then that’s good. If not, maybe a different solution is needed.
You are conflating convenience with necessity. Currently large companies also use xz simply because it is configured to be the default in many distributions. If it charges them money, they will just move to zstd, brottoli, gzip or 7z. The first two are backed by large companies themselves who will not adopt these kind of licenses ever.
If someone else can pay to maintain it, but you get the benefits, then it's the obvious strategy to use.
And also, there's zero evidence that proprietary software won't have these backdoors. In fact, you can't even check them for it!