That reasoning is wrong in my opinion. Firstly, that way you are making your work unreliable and useless in a business environment. There are plenty of small- and medium sized businesses still running XP who would find it very useful to be able to easily get all the XP updates in one package.
Secondly, there are hobbyists, enthusiasts, diehards and others, not necessarily in a business environment, who use XP with a lot of functionality, including Active Directory. Again, you are making your set of updates unreliable for them.
The bottom line is: I don't think you should make a selective decision about which updates your users may or may not want. That choice is your users', not yours. You should create a complete set.
As far as I'm concerned, knowing that you are arbitrarily choosing to exclude certain security updates, and that this is not even mentioned anywhere in an obvious place, just made your list of updates completely unreliable for me. How can I even find out which updates you chose to exclude, so that I can manually download those? Do you have a list somewhere?
If I hadn't accidentally realised that KB2933528 is missing, I would have never known that some security updates are not included in your update list.
I would like to politely urge you to reconsider your policy and include ALL security updates in your list, regardless of what functionality they target. Bear in mind that, as you publish your final XP list, it will become a lasting product that many people will rely on now and in the future.
Edited by Legorol, 09 April 2014 - 06:37 AM.