There’s no perfect system. Patches are not perfect and can add security holes. The old code is imperfect too, and if you do not patch those holes will remain. One needs to weigh the risks against each other. It’s an optimization problem.

If and when security is a primary objective, limiting patches to what’s necessary is a good idea. Best of both worlds.

Legally, technically: no.

Philosophically, practically: if you believe it’s murder when you do it, you are a murderer mentally. You decided to kill a person, then followed through with it. And the first time is always the hardest.