Comment by ocdtrekkie

When you talk about there being risks to both short and long lived certificates, that is true, but it's omitting very important detail: Short-lived certificates have practical, real-world risks that are actually happening every day. People die when the Internet breaks. Long-lived certificates have some imaginary and hypothetical security risks that the CAB is very scared of but mostly don't happen.

In any good risk management scenario you have to weigh the cost/benefit of a change in terms of what benefits it offers and what tradeoffs it has. The CAB has repeatedly demonstrated complete inability to consider the risk profile of their behavior. They are unqualified for the job, and unfortunately, accountable to noone.