Problem to solve
Sometimes an issue is public, but implementation details are not.
It should be possible to create confidential comments/discussions from non-confidential issues.
All users with Reporter access or higher (as per the current confidentiality rules)
Use cases could include anything from test credentials to discussing the issue behind the user's back.
Add a confidential checkbox next to the Create Comment/Discussion button, similar to the one on the create issue page.
Confidential comments should have the confidential eye icon in front of the user's name.
Permissions and Security
Only users with reporter access or higher should be able to create and read confidential comments - same as confidential issues.
Updates would be required to the pages regarding documentation. The APIs would probably need updating to include information about whether a ticket is confidential.
The biggest risk I can think of, is that any integration that mirrors comments may make the mistake of broadcasting what should be confidential comments due to the flag not previously being present.
What does success look like, and how can we measure that?
Success would be the ability to add comments on a public issue with the confidence that non-reporter+ users have no visibility to it.
Links / references
JIRA has this functionality, in the form of "Developer Only" comments.