Please add a security policy

[robrwo]

What enhancement would you like in DBD::mysql?

Please add a SECURITY or SECURITY.md file to the distribution and software repository that explains how to report a security vulnerability.

Other information

CPANSec has a guide for adding a security policy [1] and also links to software to generate security policies when you rebuild a distribution for release.

You can enable private vulnerability reporting in your GitHub repository [2]. This allows people to create private issues for security vulnerabilities, and lets your collaborators work on private forks. (GitHub also treats security policies as "first class" files along with the README and LICENSE files.)

[1] https://security.metacpan.org/docs/guides/security-policy-for-authors.html

[2] https://docs.github.com/en/code-security/security-advisories/working-with-repository-security-advisories/configuring-private-vulnerability-reporting-for-a-repository

Note: this issue is part of a project by CPANSec to encourage popular CPAN distributions to add a security policy.

[dveeden]

Looks like DBD::CSV is the only other DBI related project that has a security policy.

[dveeden]

@robrwo please have a look at #478 and let me know if you have any comments