I've been using Debian stable since 2007. Before that (2000-2007), I used RedHat, Mandrake, and Gentoo, among others. I teach, therefore my only requirement is that printing must not, under any circumstance, fail. Debian stable is the ONLY distribution which comes even close to guaranteeing this, in my years of experience. The common practice of updating a package and all its dependencies nearly destroyed my career (OK, I'm exaggerating). Teachers, and others who work on long-term projects, can not tolerate these random "minor" hiccups that result from constant updates.

Your point about security is well-taken, but I'd like to see proof that constant updates provides better security, as a whole. For certain types of workers, there has to be a distribution which provides some guaranteed level of security with near zero chance of updates screwing things up.

Also, you failed to emphasize the upside of Debian working with/against upstream authors. Here's an example of "antagonizing upstream", as you say:

https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=781566

The author of Apophenia (statistical library) used FSF licenses combined in a way one Debian developer considered invalid for distribution. Upstream disagreed, of course, but the situation was resolved. Even though the subject line of the bug was somewhat rude, upstream nevertheless adjusted the license. This is good for everyone, in my opinion.

I think the auditing done by Debian developers is an invaluable public service. And as far as I know, Debian does way more helping than "antagonizing".