Context
PR #390 converted all 4 issue templates from Markdown to YAML forms. During review, @sonupreetam suggested adding a config.yml to the issue template directory. This was agreed as valuable but out of scope for that PR.
Without config.yml, users can bypass all template validation by filing blank issues. Most mature orgs (Kubernetes, Grafana, Next.js, OTel) include this file to enforce template usage and surface contact links for security reports.
Suggested implementation
Create .github/ISSUE_TEMPLATE/config.yml:
blank_issues_enabled: false
contact_links:
- name: Security Vulnerabilities
url: https://github.com/complytime/org-infra/security/policy
about: Report security vulnerabilities through our security policy
Downstream impact
This file is not currently listed in sync-config.yml. Decide whether to sync it to all org repos or keep it org-infra-only. If synced, downstream repos that lack a SECURITY.md or security policy will need one added first.
References
Context
PR #390 converted all 4 issue templates from Markdown to YAML forms. During review, @sonupreetam suggested adding a
config.ymlto the issue template directory. This was agreed as valuable but out of scope for that PR.Without
config.yml, users can bypass all template validation by filing blank issues. Most mature orgs (Kubernetes, Grafana, Next.js, OTel) include this file to enforce template usage and surface contact links for security reports.Suggested implementation
Create
.github/ISSUE_TEMPLATE/config.yml:Downstream impact
This file is not currently listed in sync-config.yml. Decide whether to sync it to all org repos or keep it org-infra-only. If synced, downstream repos that lack a SECURITY.md or security policy will need one added first.
References