>> where's the repo for that code? > > svn://anonscm.debian.org/svn/secure-testing > (as listed on the bottom of the security-tracker pages) In particular the Makefile, which fetches and parses the package archive data. Best wishes, Mike