I'm old fashioned, I guess. I deploy my apps on Debian stable, and they (like most distros) have a competent security team which stays on top of all this stuff. I have a script running on all my servers which looks for available security updates to my installed packages every few hours and emails me in the event.
Sidenote: This is one reason why I avoid virtualenv and its ilk for my apps unless I absolutely have to use them (e.g. need a newer version of something to get a feature I can't live without) -- I don't toss aside the good work of vigilant security pros lightly.
Sidenote: This is one reason why I avoid virtualenv and its ilk for my apps unless I absolutely have to use them (e.g. need a newer version of something to get a feature I can't live without) -- I don't toss aside the good work of vigilant security pros lightly.