Problem with private groups visibility

Summary

I have an installation of GitLab Enterprise Edition 10.8.7-ee.

I created an private group - "my-private-group".

It means that this group can be discovered (searched) only by members of this group. And also the url "/my-private-group" can be browsed only by members of this group.

Other authenticated users will see 404 page on url "/my-private-group" browsing.

And this is ok.

I also have an internal project in other group.

I want to give a developer access on this repository to all users of group "my-private-group".

I (as member of group "my-private-group") gave the developer access on this repository on group "my-private-group".

After this action, all authenticated users will see the page with list of internal repositories of private group "my-private-group", by browsing the url "/my-private-group".

So the affirmation on creation of private group "The group and its projects can only be viewed by members." is incorrect in this case.

Because i can access the private group "/my-private-group" url, browse group members, see internal project that the group have access - being just an regular authenticated user (that not belongs to that group).

What is the current bug behavior?

I don't know what is the correct behaviour.

What is the expected correct behavior?

I don't know what is the correct behaviour.