By John Gruber
Kolide — User focused security for teams that Slack.
There’ve been a bunch of stories this week (see: here, here, here, etc.) making hay over the fact that the version of Flash that ships with Snow Leopard is not the very latest, because the very latest version, as usual, fixes security vulnerabilities.
But what exactly should Apple have done differently? According to VersionTracker, Adobe released version 10.0.32.18 of Flash on July 30. Snow Leopard went GM on Friday August 7 (three weeks before it went on sale, which is the same schedule between GM and ship date as the last few major releases of Mac OS X).
I’m not sure how long Apple freezes the components before going GM, but I’m pretty sure it’s more than eight days. Does anyone really think that Apple should have replaced the single-crashiest piece of software in Mac OS X with a new untested version just eight days before going GM? Should Apple have postponed Snow Leopard for another month? Should Apple allow Adobe to set the schedule for Mac OS X updates?
Update: Several readers have emailed to suggest that the problem isn’t that the latest version of Flash isn’t included with Snow Leopard 10.6.0, but rather that if you’ve already upgraded to the latest version manually, that the Snow Leopard installer overwrites the version you installed with the older version from the base 10.6.0 system. That’s just how the installer works. The same is true for any component you manually upgrade. Like, say, if you overwrote the system version of Python with version 2.6.2 — when you upgrade to Snow Leopard, the installer will give you the system standard version (2.6.1). The installer gives you an entire system that has been tested and whose components are known to work as expected, and Flash, whether we like it or not, is part of the system.
(Thanks to Matt Deatherage, via the subscribers-only MacJournals-Talk mailing list, for much of the gist of this piece.)