Wouldn't it make sense to announce buildd outages on debian-security-announce? If such announcements are sent, system administrators will know when they have to roll their own security updates. (IMHO, A similar announcement should be sent if a security updated is substantially delayed, but the underlying vulnerability is publicly known.)