My distribution (archlinux) notifies of critical vulnerabilities that require user action. There’s a news mailing list.
After that I rely on social network (Mastodon mostly) or lemmy for news, as vulnerabilities often get some conversation. Apart from that, software i’m really interested in I also follow through RSS so I get news when they update for their vulnerabilities -that is when the vulnerabilities are not self inflicted as the xz case-.
My distribution (archlinux) notifies of critical vulnerabilities that require user action. There’s a news mailing list.
After that I rely on social network (Mastodon mostly) or lemmy for news, as vulnerabilities often get some conversation. Apart from that, software i’m really interested in I also follow through RSS so I get news when they update for their vulnerabilities -that is when the vulnerabilities are not self inflicted as the xz case-.
Arch Linux (like some other distros) also has a security tracker: https://security.archlinux.org/