Issue privacy does not default to align with access policy, potentially leaking confidential information
Summary
Issue privacy should more strongly track the privacy setting of the repository.
Steps to reproduce
Create a private repository, create an issue. I must be checked to be made confidential.
What is the current bug behavior?
Issues must be flagged confidential each time. This that can lead to unnecessary and damaging leaks of information to those without appropriate access.
What is the expected correct behavior?
The default setting should be for issues to be confidential and visible to team members with at least reporter access – always – with the option of turning this off – though I cannot see who would want this.