doc,meta: codify security release commit message

The release commit message for security releases have conventionally started with the phrase `This is a security release.`. Codify this as part of the release process so that the distribution indexer can use this to detect and mark releases as security releases. Fixes: nodejs/Release#437 Refs: nodejs#27612 (comment) Refs: nodejs/nodejs-dist-indexer#9 PR-URL: nodejs#27643 Reviewed-By: Sam Roberts <vieuxtech@gmail.com> Reviewed-By: Beth Griggs <Bethany.Griggs@uk.ibm.com> Reviewed-By: Franziska Hinkelmann <franziska.hinkelmann@gmail.com> Reviewed-By: Anto Aravinth <anto.aravinth.cse@gmail.com> Reviewed-By: Colin Ihrig <cjihrig@gmail.com> Reviewed-By: James M Snell <jasnell@gmail.com> Reviewed-By: Ruben Bridgewater <ruben@bridgewater.de> Reviewed-By: Rich Trott <rtrott@gmail.com>
Trott · May 13, 2019 · b3be0bf · b3be0bf
1 parent 97815bd
commit b3be0bf
Showing 1 changed file with 15 additions and 0 deletions.
diff --git a/doc/releases.md b/doc/releases.md
@@ -345,6 +345,21 @@ Notable changes:
 * Copy the notable changes list here, reformatted for plain-text
 ```
 
+For security releases, begin the commit message with the phrase
+`This is a security release.` to allow the
+[distribution indexer](https://github.com/nodejs/nodejs-dist-indexer) to
+identify it as such:
+
+```txt
+YYYY-MM-DD, Version x.y.z (Release Type)
+
+This is a security release.
+
+Notable changes:
+
+* Copy the notable changes list here, reformatted for plain-text
+```
+
 ### 6. Propose Release on GitHub
 
 Push the release branch to `nodejs/node`, not to your own fork. This allows