Amidst the maelstrom of complaint about the way Apple have handled recent security problems John Gruber has complained about Apple viewing security updates as a marketing problem, in Security cannot be spun. One of his complaints was the way about the that the 10.3.4 update was announced, merrily trumpeting that it included 'recent security updates'. As he says (near the bottom of the article):
'Includes recent Mac OS X Security Updates' does not mean the same thing as 'Includes all recent Mac OS X Security Updates'.
But regardless if the statement can be defended as technically (or should I say 'theoretically'?) true, it's undeniably misleading. Especially given the amount of publicity it garnered just a few days before 10.3.4 shipped, it's easy to see how a reasonable person would assume that 'recent Mac OS X Security Updates' would include the one recent security update that everyone is talking about.
The truth would not have hurt. As conjectured earlier, it's almost certainly the case that Mac OS X 10.3.4 was done and in testing by the time Security Update 2004-05-24 was issued. It was simply too late for inclusion. A simple, explicit note that you still needed Security Update 2004-05-24 in addition to 10.3.4 is all it would have taken.
Well, now that explicit note has been added to the release notes. I don't know if John's post was the driving force behind this change, but I do know that the world could do with more intelligent analysis like his.