I hesitate to compare this to Apple calling themselves “courageous” when removing the headphone jack, but in this case, I think the word is appropriate. I’ll happily stand behind you guys if you take some PR hits while forcing the rest of the industry to make DNS safer – since it is understandable, admittedly, for users to conclude that “Cloudflare is blocking websites, sound the alarms!” at first glance.
Your boss is talking about not "violating the integrity of DNS" and presents this case where upstream archive.is name servers return unexpected data. He proposes that CloudFlare cannot "just fix it" because doing so "would violate the integrity of DNS and the privacy and security promises we made to our users when we launched the service". However, Cloudflare chose to "just fix it" back then by "slapping a bandaid" on something your team saw as a problem instead of abiding by the proper change process. And Cloudflare did so not because of some critical security flaw, but as a cost-cutting measure.
Even if we limit what it means to "violate the integrity of DNS" to the first definition mentioned above (and completely ignore this second definition), Cloudflare "slapped a bandaid" on a PR problem it had a couple of years ago and decided to "just fix it" and "block a domain" by removing the domain and its assets from Cloudflare's infrastructure. 
Cloudflare has "violated the integrity of DNS" on more than one occasion using more than one of its own definitions.
Cloudflare "MUST" either adhere to the specification and its change process, or not adhere to the specification and its change process. Cloudflare "CANNOT" choose for both of these statements to be true, and one of them constitutes "violating the integrity of DNS".