[jondubois]

You should make this service free for individuals (hackers) and charge companies.

Companies which pay for the service will be notified of the vulnerability before hackers.

Basically you foster a community of hackers while at the same time charging companies protection money from your own hackers.

[akerl_]

It's sort of interesting how you imply that individuals would use this service to exploit others. Can you not imagine situations where non-companies would want to use this for their own systems? And do you not think individuals would question the utility of a service that intentionally delayed notifying them of package vulnerabilities? We're not talking about embargoes here either, since Patchwork is scraping from publicly available upstream announcements.

[Shamiq]

Cool idea -- I'll go get the golf clubs!

We'd love to be at the point where Patchwork notifications are ahead of public releases, and get you patched before the vulnerability is widely exploited. In fact, one of the crazy ideas we've been kicking around is how to detect 0days without installing an agent on production machines.