My concern with this is that the extended support would need to be very solid (i.e. 100% of all packages get timely updates) - otherwise people would deploy Fedora for production servers in the expect of however many years support, and then get exploited.
The quote "I still think it's better than not getting any security fixes at all" is exactly wrong - thinking you are getting fixes is worse than getting none, as the latter makes people switch to a distro with security fixes.
For those who like the RHEL/Fedora type of distro, I think it currently comes down to the number of packages beyond the RHEL/CentOS list - if you only need a few that are not in a supported repository, you can use the excellent CentOS (or RHEL) and hand roll updates from upstream. If you need a lot, the cost of switching to a different distro with longer term support is probably less, depending on the value of your time.