> including WordPress, do this in their administration sections. The only > trick, I think, is Aggregator.module's dependence on cron. Until a user > configures that bit of the system, they won't get any security > announcements. Maybe the initial install could also give you an initial cron run? --mark