On 2013-04-09 09:21:00 -0500 (-0500), Matthew Thode wrote: > I've been packaging openstack in Gentoo but have been relying on others > to watch you guys for security bugs. What would be the best way for me > to get notification when a security bug is fixed (when a security patch > is accepted), so that I may update the packages. Subscribe to the openstack-announce mailing list and look for OSSA tags in the subject lines. It's a very low-volume list--for example over a third of the posts last month were security advisories: http://lists.openstack.org/pipermail/openstack-announce/2013-March/thread.html OSSA details are also posted to other relevant places, notably the oss-security mailing list: http://oss-security.openwall.org/wiki/mailing-lists/oss-security -- Jeremy Stanley