Understood, and I explained a bit more of my thoughts in another comment.
I understand I'm being a bit pedantic. But, as a user who is pretty concerned with a CA having a certificate issue of this scale, which affected this many people, I don't care about the authors respectful intent to their colleagues. Tell them in person, in an internal memo, whatever. It's simply not a lesson learned.
Likewise, I'm sure he cares more about keeping good working relationships with his colleagues than about what the reader thinks of his choice of paragraph order. A manager who makes his team feel insulted is not conducive to producing better software (which is presumably what you care most about here).
Mozilla, unlike all of the other major Trust Stores does not actually operate a publicly trusted CA.
Microsoft, Apple, and Google all do, the biggest Trust Store I can think of that does NOT operate a CA other than Mozilla is Oracle (who manage the default Java trust store)
This puts Mozilla in a good situation of independence IMNSHO.
At Google we know it takes actual effort to make sure that corporate firewalls protect the Trust Store function from being sabotaged by the convenience of, say, Google's Cloud function or people in their SRE wanting to keep the lights on for Chrome users. One day Google's CA people accidentally minted certs that Chrome wouldn't trust for Google web sites, and there had to be mechanisms in place to ensure that "Just tell the Chrome engineers to ignore it" wasn't a viable fix, because that would be _easier_ but it destroys any value in that trust store.
I understand I'm being a bit pedantic. But, as a user who is pretty concerned with a CA having a certificate issue of this scale, which affected this many people, I don't care about the authors respectful intent to their colleagues. Tell them in person, in an internal memo, whatever. It's simply not a lesson learned.