> Would you rather than when (e.g.) there is a security patch for OpenSSL, that you have to wait for all software using OpenSSL to deploy updates?

Would you rather that a compromised jquery.js at <insert CDN provider> affect a huge number of sites? ;)