[19:36] <sarnold> blahdeblah: hah, that sentence has always struck me as strange. Launchpad of course tracks when packages are copied or moved into the -updates or -security pockets, and launchpad queries could answer that question. The archive's dists/focal-security/main/binary-amd64/Packages.gz  sorts of files get updated every time a package is moved into or out of the pocket, and snapshots of these could be 
[19:36] <sarnold> collected daily or something similar, if a historical view is desired..
[19:37] <sarnold> blahdeblah: my gut feeling is that they didn't want to write a tool for it and didn't way to say so
[19:46]  * genii checks backscroll for context but doesn't find any
[19:47] <genii> Oh, two days ago
[19:55] <Odd_Bloke> IIUC, the baseline is from when the _advisory_ was published, not when the packages became available.  It looks like there is a specific file which contains this metadata, which they parse: https://en.opensuse.org/openSUSE:Standards_Rpm_Metadata_UpdateInfo
[19:55] <Odd_Bloke> So I think the equivalent would be USN metadata, not packaging metadata.
[20:02] <Odd_Bloke> And I _think_ those metadata files come from the repositories that the packages come from too: USN data (via OVAL, most likely) would be from a different source (and so might not be valid if you aren't using a full and up-to-date mirror of the archive?).
[20:15] <rbasak> Odd_Bloke, sarnold: yeah I think the information they need is available by API or other sources, but they expect to consume it only from apt metadata or something, and it's not there.
[20:20] <sarnold> I wouldn't blame them for not wanting tens of millions of instances of that implementation