Description
Security policies are important documents, and the policy file named something like SECURITY or security.txt or SECURITY-POLICY.md should be highlighted when users view a release.
At the moment, it does not show the policy at all and the user needs to browse the release files to see it.
Note that a guide to including a security policy with distributions has been added to the CPAN Security Group (CPANSec) page at https://security.metacpan.org/docs/guides/security-policy-for-authors.html and GitHub also recommends adding a security policy to repositories now.
The rationale is to let users know how to report a security issue with the software, what will be supported, and what response they can expect.
Common names for it (case-insensitive) would match m/security(\.(txt|md|pod))?/in e.g.
- SECURITY.md
- security.txt
- Security.pod
- SECURITY
Note: as of 6 January there were at least 63 distributions with SECURITY.MD and this is starting to get traction, e.g. on Reddit here and there,