"follow" leaks repository information when creating private repo

Issue #8369 resolved
Oz Linden
created an issue

Using the web interface to fork an existing repository to a private copy, other users receive notices containing the name of the new repository.

In my case, I forked from the team lindenlab/viewer-release to a repo in another hidden team account. Users not in either team received notices containing the name of the hidden team and the newly created hidden repository. Since they could not see either the team in which the repository was created, nor the resulting repo, they should not have received any notice.

Comments (6)

  1. Marcus Bertrand staff

    Can you confirm if the users who received the notification were followers of the repository that was forked? In other words, did Bitbucket appear to alert only the followers of the repo that the fork was from xx -> yy?

    Or, did a different set of users receive the notification? Once we understand who got the notice, and shouldn't have, we can start work on ensuring we are giving the right information to the right people.

  2. Log in to comment