-The risk is that a site might have `allowed_attachments` set to "templates/*"
-or "*.tmpl" something like that. I think such a configuration is the *only*
-risk, and it's unlikely enough that a NEWS warning should suffice.
+The risk is that a site might have `allowed_attachments` set to
+`templates/*` or `*.tmpl` something like that. I think such a configuration
+is the *only* risk, and it's unlikely enough that a NEWS warning should
+suffice.