I think you need something like this: http://www.svn2rss.com
But it would be nice, to build a simple site, something like TV Calendar September 2022 - Prime Time TV Schedule & TV Episode Calendar: Track your favourite TV shows, but instead for svn commits instead of tv series.
mmm ... that sounds to me like a debian package 
but ... i dont think a mailing list or feeds are good solutions for this. Both aproaches need an extra effort from developers and for users.
gem is good enough for this task, using version numbers to indicate security fixes is what we should do, but for now gem is not smart enough to do something like this:
$ gem --update --security [gem list / all by default ]
and gem should update all installed gems with only an increment in the patch number. I mean, if there is a gem call mygem 2.0.0 and my gem 1.2.4, and you have installed mygem 1.2.3, using the security flag gem should install 1.2.4 instead of 2.0.0 as gem actually do.