Until now I have always used the SecurityFocus mailing lists to keep myself informed about the possible need of upgrading my server packages. The main problems I have with using this method:
- Massive amount of items every day. I simple don't have the time to read every one of them
- A lot of uninteresting / irrelevant items.
- It's easy to overlook the interesting items between the plethora of other items
In the ideal situation, I'd get information about only the packages I am interested in (in most cases, the packages that I have installed on my servers)
The information related to this packages would include a short description of the update and possibly a changelog (too often, I upgrade my server packages without even looking at the actual changes)
Am I overlooking a major source, tool or system that could help me staying up to date?
It kind of depends on your environment, and if you are a system administrator, or the security person, or a developer. If you are just a system admin you may find it easier to simply subscribing to the security lists/feeds for your distro, and any of your mission critical applications instead of subscribing to general security lists.
Ubuntu warns me when there are updates specific to my OS version and installed applications.
Updates can be configured to be applied automatically but I prefer to click the update button manually as a prevention if something goes wrong when I am in the middle of some project. I just hold on until I know I can afford a few hours of troubleshooting. Just in case.
For a single computer apt-get is a simple tool; configure it to fetch security updates only and you've got a notification whenever a new version is available due to security.
Redhat has RHN, and Canonical offers Landscape. They're both tools for managing servers in aggregate. You can also set up nagios to check apt or yum for available updates.
Something similar to what you use now would be to find your distributions mailing list for security or uploads and implement a mail filter. By making the filter explicit you're forced to take inventory of what you need and won't have to worry about the extra fluff. procmail is the standard tool for UNIX, but I'm sure whatever tool you might use supports intelligent filters.