I don't think that "charging for services you said you would charge for" is anywhere near reason enough to revoke a root certificate. I would be very disappointed by Debian if they actually went through with this.
From the customer’s point of view there’s not much to complain about.
If you’re maintaining a CA trust store, it might be a little different. The CA can adopt any pricing structure they want, but the one they’ve chosen will lead some customers to not revoke their certificates, resulting in potentially compromised certificates being used in a way that could have been avoided.
This could definitely factor into your judgment of whether it’s a good idea to trust certificates signed by that CA.
If you’re maintaining a CA trust store, it might be a little different. The CA can adopt any pricing structure they want, but the one they’ve chosen will lead some customers to not revoke their certificates, resulting in potentially compromised certificates being used in a way that could have been avoided.
This could definitely factor into your judgment of whether it’s a good idea to trust certificates signed by that CA.