The survey provides two options: “For urgent security updates to Rocky Linux, ahead of updates in RHEL, would you prefer they be “default” (in the normal repositories) or require manual intervention to install (in a separate repository)?”
Option 1 - currently at 67%, is that taking no action, hosts will automatically get Urgent security patches outside the Upstream. There is no easy way to Opt-Out.
Option 2 - Currently at 33% would place Urgent security patches in a separate repo which you can opt in to, If you point your hosts at this repo, you would automatically get these. A simple Opt-In.
I feel strongly that Option 2 is the best for my use case. I also believe that most will agree when considering it outside the current panic this particular CVE has triggered.