@thomasfuchs That's thanks to a MacOS security feature introduced in Sierra 10.12 called "Gatekeeper*" that requires whole disk images to be signed to protect from being modified. It means even small patches have to completely replace large chunks of the system to update.
*Gatekeeper has technically been around for a while, but only added that extra feature starting in Sierra.