I didn't quite understand Jacob's question about better alerting when packages were outdated. pip already provides a pip list --outdated option, but Jacob's interested in getting better notification of security issues at that kind of thing (he clarified this in his OWASP top 10 talk which followed mine).
We're hopeful we'll eventually be able to do something along those lines using the metadata extensions feature in PEP 426.