apt-get update/upgrade is good enough for me as a way to keep up with security updates at the binary level, but what's the best way to keep up with source-level security updates (e.g. patches to the kernel or to compiled-in modules)? [Since applying these patches can be very inconvenient, it would be good to know what packages I really use, so I can safely ignore patches that do not affect these packages.] Thanks! Kynn