[dchanm]

We're working something similar at Patchwork (https://patchworksecurity.com/) . You tell us what packages are installed and we notify you when a new security update is released. Right now we're focusing on distro package managers, but plan to add support for monitoring upstreams like nginx.

The big issue we see with RSS / mailing lists is a problem of discoverability and noise. Not all software has an easy to digest format for security changes. We want to do the scraping / parsing once and make it consumable by others. General lists such as OSS and distro specific security announce lists tend to have more noise. Most people only care about packages installed on their machines, which is why we filter our results based on your set of packages.