Re: what I'd like to see
Check the archives of Mozilla's dev-security-policy mailing list, where all actions are discussed according to the Mozilla CA policy.
http://www.mail-archive.com/dev-security-policy@lists.mozilla.org/
https://lists.mozilla.org/listinfo/dev-security-policy
https://www.mozilla.org/en-US/about/governance/policies/security-group/certs/policy/
Check the "bugs" in the "CA Certificates" in the bugzilla.mozilla.org system, where all interaction with CAs is publicly tracked, e.g. a search for "1024" within that component:
https://bugzilla.mozilla.org/buglist.cgi?list_id=11029197&short_desc=1024&query_format=advanced&short_desc_type=allwordssubstr&component=CA%20Certificates
Biting the hand that feeds IT
