>RHEL is built from CentOS Stream, so nothing can go into CentOS Stream that wouldn't go into RHEL.
This isn't strictly true. The main problem with CentOS Stream is that embargoed security updates don't go into Stream until after they ship in RHEL. This means that if the developer responsible for the patch forgets to commit it to Stream, it can take weeks or even months until somebody at Red Hat notices and the patch goes out to Stream users. As one example, a couple months ago basic packages like httpd and php were 4 and 5 months behind RHEL, respectively.
This isn't strictly true. The main problem with CentOS Stream is that embargoed security updates don't go into Stream until after they ship in RHEL. This means that if the developer responsible for the patch forgets to commit it to Stream, it can take weeks or even months until somebody at Red Hat notices and the patch goes out to Stream users. As one example, a couple months ago basic packages like httpd and php were 4 and 5 months behind RHEL, respectively.