Only maintainers can open merge requests from private forks to public projects
Private forks are typically private because they contain confidential changes. We should prevent any developer from exposing those changes by opening a public merge request
Further details
GitLab wants to be able to fix security issues on gitlab-ce
on GitLab.com rather than using a second private instance. Initially we will use a private fork (e.g secure-ce
).
When engineers are working on security fixes on secure-ce
we need to make sure changes aren't accidentally merged into gitlab-ce
Proposal
Only allow maintainers to open merge requests from private projects to public projects.
Links / references
Edited by James Ramsay (ex-GitLab)