I think we should remove CentOS Stream from our set of officially supported distributions. It is still good for development, as it is the “preview release” always aligned at the last dev’s commit. Some times however the last commit still needs some fix, so it is not polished enough for production.
Yes, for just the time to test them, like for any other package update. But as security updates do not affect stability, probably they are that kind of update that can be tested and released really fast.
Note that public mirrors will be offered only for Rocky Linux, that is used to build the VM image.
Nothing is impossible, but this seems to me unlikely to happen, for a security update.
I can’t see a real disadvantage here. Containers add more software, but they add also more isolation.
…but we had problems with minor updates (7.2, 7.3, 7.4…)! The idea of public mirrors for Rocky Linux comes straight from it.