Split update mechanism into core and security updates
make it sense to split the update mechanism into core and security updates?
IMHO a virtual/physical pfSense router must be updated quickly if security is impacted and cannot be bundled
with core bug fixing or package updates, that can broke the system.
Another thing to consider is a dual boot (SystemA, SystemB) mechanism where the pfSense router can be reverted
to a functioning boot bundle if things messed up.
For 2.3.0 and 2.3.1 we have been releasing smaller "patch" updates with security fixes between regular releases. You might have seen them as 2.3.1_5 for example. They were smaller updates and did not have much if any negative impact.
NanoBSD dual boots as you suggest but it's been a source of problems over the years and is being phased out. It was more trouble than it was worth.
We will have the capability for things like ZFS snapshots on 2.4 which may prove to be more worthwhile.