We do something similar to what you are asking - basically a poor-man's satellite server.
Every quarter, I download all the available RHEL patches for a specific architecture (x86, x64) with a script like:
#!/bin/bash
for varPACKNAME in `up2date --showall`; do
varCOMPLETE="$varCOMPLETE $varPACKNAME"
done
up2date --get $varCOMPLETE
Then I used createrepo to create the needed repo files and copy all of this to an FTP location available to all my servers. I might call this may2008 packages.
Then, after testing and as I get approval to apply the latest patches to each server, I change their /etc/yum.conf to something similar to:
[May2008]
name=RHEL4-May2008 Updates i386
baseurl=ftp://username
assword@ftpserver/may2008/i386/
enabled=1
gpgcheck=0
protect=0
so that they look at the new location. The reason I do this is so I can have a consistant and static group of packages each quarter that can be tested against and then applied to prod. servers. I currently only use RHEL4 servers and this involved getting yum.rpm's external to RH to install. We do have RHEL licenses for each server still and each is still registered with RHN, though this is not needed to make the solution work. This is a requirement of using RHEL software as opposed to Centos.