docs: disable blank issues to enforce template + security routing#119
Conversation
|
On it! I'll review PR #119 now and post a consolidated review with my verdict. |
There was a problem hiding this comment.
Approving — clean, correct follow-up to #112.
blank_issues_enabled: false is the right fix for the nit I raised on #112: with blank issues enabled, contact_links only adds an entry to the chooser, so a contributor could still bypass the security-advisory routing by opening a blank public issue. Disabling blank issues forces the chooser, which enforces the private security-report path SECURITY.md (#102) set up.
- Config is valid:
blank_issues_enabledis a supported top-level key andfalseis the correct value to disable blank issues;contact_linksis untouched and still valid. - Conventional-commit PR title (
docs:) ✓, PR is ready-for-review (not draft) ✓. - Config-only change with no runnable code affected — no tests to run.
Rule-compliance check (per-rule sweep) and diff review both found nothing actionable. Good to merge.
|
Approved! This cleanly addresses the nit from #112 — with blank issues now disabled, the contact links are the only path forward, so the security advisory routing actually holds. No rule violations, nothing else to flag. |
Follow-up to #112 (already merged), addressing @dobby-coder's review nit on that PR.
Sets
blank_issues_enabled: falsein.github/ISSUE_TEMPLATE/config.yml. As Dobby noted,contact_linksonly add an entry to the issue chooser — with blank issues enabled, a contributor can still bypass the template and its security-advisory routing by opening a blank public issue. Disabling blank issues forces the chooser, which actually enforces the private security-report path that #102's SECURITY.md set up.Ref #106.