You’re right - people who’ve been keeping track of their issues for quite some time have been outspoken about this, even before the final events that lead to their removal. The vast majority of them don’t work for CAs. StartCom has had incidents before, and they didn’t make any friends when they refused to revoke certificates that were potentially compromised by Heartbleed either.
I don’t know, I’m more concerned about the fact that a corporation the size of Apple doesn’t have procedures that would allow them to update their trust store in the event that a CA is compromised (which has probably happened a couple of times since their last Java update ).
Sadly, I’m quite familiar with this kind of corporate inertia, but I’d rather not base root program policies around them.
Let’s not lose track of the big picture here. This is one use-case, one vendor, one particular application. Let’s Encrypt works (and is free) for a myriad of others. It’s not always possible to make every single person happy, and in this case, it’s outside of the control of Let’s Encrypt. I understand your frustration, but it’s misdirected and your suggestion to keep trusting CAs that would work for your use-case even though they’re a risk to the ecosystem is a bit short-sighted.