Ask HN: How do you keep up to date with security advisories?

7 points by duck237 ↗ HN

5 comments

[ 3.2 ms ] story [ 22.5 ms ] thread
Mailing lists.

I subscribe to the Debian security advisory mailing list, and when new updates are released I ensure all that are appropriate are updated upon my systems.

I also use an RSS to XMPP gateway so that that the RSS feeds of Debian, Ubuntu, *BSD, etc are posted to an internal chatroom. Generally automated updates are applied every day, but sometimes it is nice to do them immediately.

(I also pay attention to oss-security, full-disclosure, etc, etc, but these tend to be less useful.)

How about smaller libraries, that might not have mailing lists? i.e. packages on pip, npm, or projects on GitHub that have made their way into your application?
Thats where oss-security, and similar lists tend to be useful.

But to be honest once you've got an RSS to email/chat gateway you can subscribe to new releases and similar with ease. So you tend to find you're updated almost by accident.