True, you'll remain able to get the old version out of the repository, because it has all the past versions. If you intend never to change anything ever again, I guess that's enough.
Good luck with that.
It will be enough if they wish to have an unusable coin with confirmations being processed at a practically unusable speed for at least 2 weeks, and than slow as molasses for another 2 weeks. It may take many months with more miners dropping off with fear before they reach equilibrium due to the retarget limits set in the current source code.
This is why I was offering some friendly advice for them to get ready to create their own hard fork and migrate it to a new github so they have a chance of surviving during the brutal transition they will witness.
Ooooh yeah. Been there, explained that. Best case scenario with 5% of the hashing power is dropping 6 out of every 7 transactions on the ground. And it'll take a hell of a lot longer than 2 weeks to get 2016 blocks.
But, you know, I'm waiting to see how they cope with Berkeley Database 4.8, and OpenSSL version 1.01k, and how things are going to fail when google changes the format of its protocol buffers, and how other things are going to fail with the next revision of boost, and .... well, ALL of that stuff I keep pointing to and saying we need to fix? All of the stuff that, until it gets fixed, is going to give us occasional maintenance jobs, some of which are emergencies?
When software depends on a property of a library which is not important to the main purpose of that library and which may be changed at any moment, it is vulnerable to version breaks. And right now, Bitcoin has several version breaks.
Berkeley Database is one that happened a while ago but we've never cleaned it out of the code. OpenSSL broke just last month. Protocol buffers and Boost haven't broken yet, but the people who maintain them WILL change them eventually. Protocol buffers, in particular, are going to be a semi-emergency when it happens (same as OpenSSL was) because we have a dependency on the binary form of the data; if it changes, our signatures break, so we can't just convert data.
But hey, if you're committed to never changing the software? I guess you never have to build it either. Just static-link that sucker and wait for the next Heartbleed bug....