I think, that the biggest problem is the status of updates. Many people ask for an update, when a new vulnerability was found. I think the best solution would be a list with all current and past vulnerabilities and their status on a SuSE web page (preferable machine parseable). E.g. "sendmail dns bug, CERT id xxx, under investigation" By looking at the web page, everybody can see if SuSE know's about the problem and maybe when it should be released. Of course this is stressfull for the people doing updates, but it should also prevent people from asking (and at least someone who is not from SuSE can tell where the information can be found and what the status is). Markus -- __________________ /"\ Markus Gaugusch \ / ASCII Ribbon Campaign markus@gaugusch.at X Against HTML Mail / \