Recently Firefox has been approaching the date when expiration of CA TLS certs will break much of the browser's functionality for many users. https://support.mozilla.org/en-US/questions/1468274 . This is caused by the baking-in of CA TLS certs for the add-ons site (and DRM? And ...?). CA TLS certs have an inherently short lifetime and consideration should be made for the ability to replace/update them when they expire as is done in other parts of Firefox.
We can't go back and fix the past so the problems above cannot really be fixed (except by providing unbranded builds of older versions, which should also happen). But we can avoid these inevitable issues in the future. CA TLS certs should be made replaceable. Is there any reason why this is not the case?
As it is now, without changing this, Firefox becomes shareware/trialware of a sort with a built in limited lifetime.
p.s. locking the public facing thread for policy discussion on the topic on the blog post 2 days before it happens could be interpreted as a sleezy move. Effectively no one will read *this* thread.
