I just wanted to chime in way down deep in this comment chain because my thought only makes sense in the context of your comment right here.
I think there may be a special mode of operation of Firefox that may need to be considered here.
You said, "Even if you had no internet connection, your addons would have stopped working when the certificate expired."
This seems like an unfortunate design flaw to me. Consider a Firefox, kitted out with specific set of add-ons setup to the user's liking. Then, the network that Firefox is located on becomes permanently cutoff from the internet and can no longer make contact with the Mozilla mother ship. Maybe it's running in a VM, or maybe it's running in a country with an oppressive regime. I can think of many scenarios where a Firefox would be cutoff.
I think it is a reasonable expectation that the marooned Firefox should continue to run indefinitely without failure. Perhaps the user could be occasionally (monthly, yearly) flagged with warnings that the mother ship could not be contacted, but other than that, nothing should fail.
Please consider this and share it with your teams when the post mortem is discussed.
> I think it is a reasonable expectation that the marooned Firefox should continue to run indefinitely without failure.
I personally agree this is a worthwhile goal. The blog post talks about "tracking the status of everything in Firefox that is a potential time bomb and making sure that we don’t find ourselves in a situation where one goes off unexpectedly." I expect once that is done we'll be positioned to evaluate if and how we could support this.
I just wanted to chime in way down deep in this comment chain because my thought only makes sense in the context of your comment right here.
I think there may be a special mode of operation of Firefox that may need to be considered here.
You said, "Even if you had no internet connection, your addons would have stopped working when the certificate expired."
This seems like an unfortunate design flaw to me. Consider a Firefox, kitted out with specific set of add-ons setup to the user's liking. Then, the network that Firefox is located on becomes permanently cutoff from the internet and can no longer make contact with the Mozilla mother ship. Maybe it's running in a VM, or maybe it's running in a country with an oppressive regime. I can think of many scenarios where a Firefox would be cutoff.
I think it is a reasonable expectation that the marooned Firefox should continue to run indefinitely without failure. Perhaps the user could be occasionally (monthly, yearly) flagged with warnings that the mother ship could not be contacted, but other than that, nothing should fail.
Please consider this and share it with your teams when the post mortem is discussed.
Thanks! I'm a loyal user since before Firefox.