Edit: I'm so dumb. It's obvious they'd check original developer's repo or issue tracker. I'm sorry
I don't know... I guess in mailing lists and pages like RSS feed from main enterprises like SuSE, Red Hat and Canonical
You can track this kind of stuff on Mastodon also, join into a security instance (like https://infosec.exchange/explore) or start following them from another instance.
Then, what does a package maintainer rely on?Edit: I'm so dumb. It's obvious they'd check original developer's repo or issue tracker. I'm sorry
I don't know... I guess in mailing lists and pages like RSS feed from main enterprises like SuSE, Red Hat and Canonical
You can track this kind of stuff on Mastodon also, join into a security instance (like https://infosec.exchange/explore) or start following them from another instance.