PackageKit has an application called pk-update-icon that is run once per session automatically. It is a lightweight binary that just calls into PackageKit and watches for status changes. It initiates the Refresh (non-forced) and GetUpdates after login and periodically checks for updates every couple of hours. This isn't configurable, but it would be trivial to hook up to gconf.
It has two status area icons, one for PackageKit current status and one for updates. Hold the pitchforks.
The PackageKit status icon only appears when a job is in progress, for instance a cog icon appears when doing an rpm install. It disappears when PackageKit is shutdown, which is currently after 60 seconds idle. It's basically a way of seeing what PackageKit is currently doing.
The update icon only appears when there are updates available, and additionally a libnotify window appears if there are critical updates available. Below is the dummy backend displaying the data, as yum doesn't seem to know if an update is security sensitive or normal. Ideas welcome on how to fix this.
Code is in git. My English spelling and grammar are crap (as usual), and nothing is localized, but that can be fixed later. Or alternatively, I accept patches.
Have you looked at the design of the Windows XP security updater? It's pretty good in my opinion and we could do worse than emulate it. For example, displaying technical goo like “gtkhtml2” is: * not useful to people who don't know what it is * not useful to people who do – what is interesting is what changed (if I really care to look, not that I usually do)