Well, I mostly use Debian and Arch:

Debian isn't low volume: https://lists.debian.org/debian-security-announce/2014/threa...

Arch isn't high volume enough(!) https://mailman.archlinux.org/pipermail/arch-security/

Arch recommends the oss-security list, which is all too high volume http://www.openwall.com/lists/oss-security/2014/09/

I guess you want to filter eg the Debian list by the packages you have installed ideally. An API to the same info would be nice.

Or filter the NVD feeds from http://nvd.nist.gov/download.cfm ?

For Debian that would be debian-security-announce [1], I try to read every post from that list.

1: https://lists.debian.org/debian-security-announce/