NixOS on the side…
Patches should only be applied if they support an operational or business outcome.
This seems like an ill-posed sentence… I’m sure the argument here is that maintaining application security and integrity is an “operational or business outcome”, but I strongly suspect that a lot of people are going to read this as “don’t patch things that aren’t directly related to a measured operational or business outcome.”
This section harkens back to Amazon’s conception of “one-way doors” and “two-way doors”. Small, reversible changes are “two-way doors”, and are thus generally preferred for reasons of business (and engineering!) agility.
This isn’t just about deploying into a parallel environment and then cutting over when ready: It’s also about using partial cut-overs to test the new environment, and about keeping the old environment around after cut-over in order to enable faster roll-backs.