Similar to INFRA-19327 <https://issues.apache.org/jira/browse/INFRA-19327>, I would like to see if the committers are interested in seeing github security vulnerability notification.
The Hadoop project has it enabled for all Hadoop committers already. If people think this is a good idea, I will then go ahead and file another INFRA jira. Otherwise, every committer can decide to enable notification for him/herself by filing an INFRA jira too. Thanks, Weichiu
