I'm not 100% sure, but I think that the Mac update system actually uses this code - if it starts failing they can't send out any more signed updates to people. Far better to wait one or two days more to make sure that you're not about to break some of the more important functionality in the OS, I would think.

> Better to break everyone's TLS connections than leave them vulnerable.

It's better to leave them vulnerable than to leave them vulnerable?