Hi, I'm working on a RHSA tracking tool, named Sarah. It allows you to build a local RHSA database of different RHEL releases and then allows you to verify systems for compliance (and lists applicable RHSA and required packages). But before releasing my prototype, I would like to know what requirements people have. How they would be using such a tool and what for reports they need to extract. My main reason for writing such a tool is to automate reports to send out to customers for getting approval for updates during planned maintenance. My aim is to list the risk and information based on information provided by Red Hat. Another use case would be to send out emails either when new RHSAs are released or updates are made to existing RHSAs or sending out daily or weekly mails for systems that are lacking certain security updates. I bet other people have other requirements, so I like to hear about those. PS You may wonder what it offers on top on RHN. In fact it doesn't offer much more than RHN already provides. But in our environment, we don't have RHN access for our systems (some of them are not even connected to the Internet) and security policy does not allow this anyway. Plus a CLI tool that is able to access and process this information allows for some specialized use that RHN may not provide. Bright ideas are welcomed. Kind regards, -- dag wieers, dag at wieers.com, http://dag.wieers.com/ -- [all I want is a warm bed and a kind word and unlimited power]