1. Bitbucket
  2. Public Issue Tracker
  3. master
  4. Issues


Issue #6500 duplicate

Limit possible pull request reviewers on private repositories (BB-7691)

Dominick DeStastio
created an issue

It's awesome that you can add reviewers to pull requests now; however, for private repositories there's no reason that the typeahead should include users with no access to the repository. This is particularly problematic for common names.

Comments (8)

  1. James Jensen

    Big vote for this issue. I don't know what happens if you actually choose a user outside the private group, but that's definitely a security issue if it lets you submit the pull request that way.

    At the very least, it makes the Pull Request feature seem poorly done. I've been playing around with pull requests lately, and so far this is the major reason I'm not encouraging our team to use them more often.

  2. Log in to comment