A “patch” or “software patch”, in the context of patchable software systems, has two meanings. One meaning is a verb that refers to adding, modifying, or removing files or settings on a system via a program designed and tested to run on a target machine. The second meaning is a noun that refers to the aforementioned program itself as the delivery mechanism for the change described in the first meaning. Both meanings are relevant to the descriptions herein.
The word “deliverable” is used to refer to files or settings contained within a given patch. System state, state (by itself), or target machine state all refer to a describable set of files and settings on a given system or target machine. Uncontrolled change in a system refers to any modification of state that removes the ability of a patch to determine a system or target machine's state. Any reference to system is intended to mean a collection of files or settings spanning one or more target machines (e.g., servers or computers).
Patching an existing system typically involves establishing a known state of operation on the target machine. That means one knows the state of all files and settings that may be impacted by the patch prior to applying or removing the patch to maintain a consistently running software system or product. Adding any change “manually” to a system (i.e., without a programmatic interface for detecting or controlling those changes) places the system in an unknown state. That makes the addition of a patch potentially unsafe because the files being patched may have been added, altered, or removed from the expected system on which the patch is designed to run and may have been tested in the same context.