We have been prety conservative in the past disabling all repo that are not sme operated, then we decided to enable the centos upstream ones.
The initial fear was something could break becaus eof upstream, yes it could arise and it happend, but very rarely. The most incriminated package has been samba.
By doing so, we are delaying important security updates. That is why we choosed to enable centos base and update. Now, i think it is time to generalize. Enabling all repo we depend that have no conflicting packages with our repo, and centos.
The repo remi-safe is the best example for that. Only complete base repo, no conflict, provides newer versions of php, which need a close attention in terms of security, hence no delayed updates.
If you have been configuring this repo using the contrib extra repository, it is enabled. If you configured it earlier you might need to enable it, and even should enable it.
And as states John, do not do this for the original remi repo which does not include the word safe in it. It could break your install by replacing some base packages.
Thinking of that, it is time we do a nice table of repo that are safe to keep enable as they do not conflict with base, or could be enabled with an include or exclude condition.