I've always felt a little in the dark about applying errata versus simply yum updating all packages. I think I understand the theory now, but wanted to run it by here for a sanity check.
When we publish and promote a content-view, we're fixing that version of our repos' packages in place so all the servers that subscribe to that CV have the same versions and they don't change until we're ready to do the next update.
When we sync the repos, publish the CV, and update the server, there should be 0 errata at that point. As packages in the repos are updated, some of these will be errata. Errata differ from other updates in that they are bugfixes, security patches, etc. - rather than enhancements. So, if we so choose, we can apply the errata (or a subset of the errata) to our servers without actually publishing a new CV version.
And that's the point of errata: being able to keep up with security issues without deviating, more than is absolutely necessary, from the standard CV we've tested.