Hi, I sent the below message to the help-gnu-emacs mailing list, but I wanted to also raise the same question on the emacs-devel list, as it's more related to potential feature improvements in emacs. ---------- Forwarded message --------- From: Gulshan Singh Date: Tue, Jul 12, 2022 at 1:54 PM Subject: Should package.el support notifying on package security updates? To: Hi, I recently reported a security issue for a package on MELPA, where even though I trusted the package author, if I used the package to process untrusted data that data code be crafted in a way to execute arbitrary code on my system. This led me to wonder if there was any mechanism for package.el to distinguish between regular updates and security updates, and I wasn't able to find any information on this. Has there been any past discussion on this? As an example, on Ubuntu you can see how many of the pending updates are security updates as opposed to regular updates, and you can configure the system to auto-update just the security updates. I feel like the package manager in emacs should have something similar, but maybe I'm missing something about why this functionality isn't included.