Issue #9744 duplicate

Fork access management to ANYONE

Gwenaël Hagenmuller
created an issue


In my team, I added several user groups with NO access to team repositories. I overwrite it per repository by giving READ access to specific user groups. A user from one of these user groups can then fork the private repository (except if I didn't allow it from the repository details page). The fork is private like I specified it in the repository details page. Nevertheless, the user can manage access to his/her fork and give access (by mistake) to any group of the team in which he/she is and thus give access to someone who doesn't have access to the main repository. Even worse, he/she can give access (by mistake) to anyone who is not a member of the team.

It's not good at all since he/she will be able to see all the old commits and files of the main repository which are present in the fork.

Please, the owner of a fork of a private repository MUST NOT manage access to his/her fork. Otherwise, I wil have to disable forking for the members of my team and I will have to create forks for them with the team as owner. It doesn't sound like the way to do it.

Comments (4)

  1. Chris Somme staff

    This is a bit of a different take on another feature request.

    These requests boil down to the owner of a private repository having control more control over forks of that repository.

    I'm going to mark this as a duplicate of that request, and we'll take your request in as feedback as we work on the feature. Thanks for the feedback.

  2. Log in to comment