2. Product is a smart fridge or whatever, reasonable users might keep it offline for 5+ years.
3. New homeowner connects it to the internet.
4. Security update fails because the security update server's SSL cert isn't signed by a trusted root.
We do car recalls all the time. Just send out an email or something with instructions of what to put on a USB, it's basically the same thing.
Yes it's inconvenient for consumers and annoying but the alternative is worse. Essentially hard coding certificates was always a bad idea.
2. Product is a smart fridge or whatever, reasonable users might keep it offline for 5+ years.
3. New homeowner connects it to the internet.
4. Security update fails because the security update server's SSL cert isn't signed by a trusted root.