That’s how you end up with critical apps which are full of known security issues because now upgrading requires reverse-engineering and migrating a bunch of one-off customizations. This approach only works if you’re committed to paying regularly to maintain your fork.
“upstream your fixes” only works if the upstream wants them. If you charge in saying “you're all dummies (per OP); here's a patch which goes against your project direction which I want you to maintain in the future”, that's probably not going to be very successful.
