No event for private repositories should appear in public feeds

Evax Software avatarEvax Software created an issue

It seems that actions on private repositories appear nonetheless on public feeds (at least on the repository's owner's page), leading to private information leak (commit messages, activity, etc...)

Comments (3)

  1. Brodie Rao

    Can you provide an example of where this is happening?

    Keep in mind that what you see when you're logged in isn't necessarily what everyone else sees. We display events for repositories that you have access to.

  2. Evax Software

    Now those events are too old (more than 7 days) and do not show up anymore.

    Here are the steps I followed:

    • created a private repository
    • cloned it and pushed some changes
    • logged out
    • went to my account's public page
    • private repository events were showing (creation, and commit with commit message)
  3. Log in to comment
Tip: Filter by directory path e.g. /media app.js to search for public/media/app.js.
Tip: Use camelCasing e.g. ProjME to search for
Tip: Filter by extension type e.g. /repo .js to search for all .js files in the /repo directory.
Tip: Separate your search with spaces e.g. /ssh pom.xml to search for src/ssh/pom.xml.
Tip: Use ↑ and ↓ arrow keys to navigate and return to view the file.
Tip: You can also navigate files with Ctrl+j (next) and Ctrl+k (previous) and view the file with Ctrl+o.
Tip: You can also navigate files with Alt+j (next) and Alt+k (previous) and view the file with Alt+o.