Provide downstream notification to forks of security issues/vulnerabilities when they become public

[david-a-wheeler]

Please support downstream notification to forks of security issues/vulnerabilities when they are made public. This could perhaps be done via a specific vulnerability tag like “security”, but really any implementation would be fine.

[jeffmcaffer]

Great one. The new security advisories work may address this though I'm not sure that forks are informed. @jhutchings1 may know

[jhutchings1]

That's not functionality we support in the security advisories beta, but it's very good feedback for us to consider for later. Thanks!