Issue #3020 invalid

private repository commit messages appear in (public) RSS feeds

J.S. Oishi
created an issue

I have both public and private repositories. However, my Newsfeed by default publishes all commit messages, including those to private repositories. In my case, I would like to keep the existence of a few repositories private, but htis is not possible, because now anyone who reads my RSS feed knows about them.

Comments (1)

  1. dylantest

    Hi J.S.

    There is no need to worry. The reason you see your private activity in your RSS feed is because you have access to those repositories. Anyone who follows you will also have permission checks done on each feed item to determine if they should be able to see it or not. They can see your activity only on repos that they have read permission to or that are public.

    The link we provide to your RSS or ATOM feeds contain a token that identifies you to Bitbucket. You should not hand out your RSS link as that is basically handing out a version of your login for Bitbucket.

    The way the RSS is ment to work is that other will follow you and then activity will show up in their RSS event feed.

    So as long as you do not hand out your link with your token you can be sure others will not see your private activity.

    Cheers,

    Dylan

  2. Log in to comment