That would be the most obvious solution for me as well. I fully expected a complete, 1:1, bug-for-bug coherence with RHEL when I went into Rocky, so having to wait for a patch to flow downstream is part of that expectation. But I understand why someone would want critical patches rolled out before RHEL gets to it.
So it feels like an extra repo would give both groups what they want with minimal worry. Doesn’t really matter if it’s opt in or out, as long as there’s some way to control what you’re getting.
But honestly I would be completely fine with Rocky not supplying extra patches as well. It’s kinda what we signed up for here