None of this affects what happened “back in the day” which is what I was talking about.

That said, my understanding of the current packaging philosophy of RHEL/CentOS Stream is that embargoed security fixes go in to RHEL first, then to CentOS Stream once the embargo is lifted (that’s pretty much as you’d expect), otherwise everything goes in to CentOS Stream first. Unless you have counter-examples I’ve not heard of?

Paying for services isn’t philosophically incompatible with FOSS, that’s how companies like RedHat broke through back in the day, but paying for “quick and high-quality security updates” strikes me as alarming. Am I to take from that that they’re holding back high-quality security updates from some users? Unless maybe we’re talking about extended support for EoL software.