Right, the "reason" for that in the report was they couldn't extricate the 70 certs from the critical infra from the other 80k OEM certs.
I'm trying very hard to be charitable. I don't know anything about digikey. But it could be incompetence; legal dept getting cold feet because someone filed a TRO in a court against the company; malice?
Incompetence from a CA isn't an excuse, it's a breach of the contract (the baseline requirements) & a reason to distrust them. Likewise for malice. The legal department getting cold feet would be a really bad reason to risk the entire business by violating the contract, only an incompetent legal department would recommend breaking the contract that the business depends on to exist. DigiCert (not DigiKey, they're an unrelated electronics component supplier) is in the business of selling certificates; that depends entirely on them remaining trusted to issue certificates.
i don't disagree with what you're saying, either; digicert never really answered why they couldn't get the other 83k revocations done faster, hoping "we couldn't do it, sorry" in the revocation bug report would suffice.
I'm trying very hard to be charitable. I don't know anything about digikey. But it could be incompetence; legal dept getting cold feet because someone filed a TRO in a court against the company; malice?