Surely it is an issue of style and not substance, is it not? If a bugfix is later
shown to be a security fix as well, should it be rewritten to indicate it as such,
or is it not easier to just track this elsewhere where commits can be
unambiguously referred to? If the issue is that security fixes and commits
aren't being disseminated or discussed, surely that can be addressed outside
of commit messages.