Applications shouldn't need to care, because the computer should not ever be rebooted for the vast majority of security updates --- the ones that everyone will be fine with (even those who otherwise hate upgrading), the ones that fix things like buffer overflows, the ones that actually matter to security.
It is highly irritating to see that the "patch" to fix one unchecked buffer copy turns out to require half a dozen whole-file-replacements and takes tens of MB, when ultimately only a handful of bytes needs to be changed. Perhaps these companies should learn from the crackers and reverse-engineers and make patches that are actually patches: find and modify the appropriate bytes in memory, and also the file on disk. Those who have used crack/noCD/etc. patchers will know how fast and painless the experience is. The changes are instant and persistent, with no disruption at all.
If such a system was used, I would guess that security updates may, instead of the hundreds of MB or even GB they take today, and take tens of minutes or more to install (not even counting the productivity lost by the obligatory reboots), only be MB at most --- with the majority being several KB, install instantly, and present absolutely no disruption.
drpm files on Fedora 25+ spring to mind, along with jigdo and zsync (Debian, Ubuntu - for full isos). I'm sure they will get there, but then perhaps different installs have a different set of files that need to be replaced?
It is highly irritating to see that the "patch" to fix one unchecked buffer copy turns out to require half a dozen whole-file-replacements and takes tens of MB, when ultimately only a handful of bytes needs to be changed. Perhaps these companies should learn from the crackers and reverse-engineers and make patches that are actually patches: find and modify the appropriate bytes in memory, and also the file on disk. Those who have used crack/noCD/etc. patchers will know how fast and painless the experience is. The changes are instant and persistent, with no disruption at all.
If such a system was used, I would guess that security updates may, instead of the hundreds of MB or even GB they take today, and take tens of minutes or more to install (not even counting the productivity lost by the obligatory reboots), only be MB at most --- with the majority being several KB, install instantly, and present absolutely no disruption.
Related: https://hackertimes.com/item?id=15720923