Visibility of group with only private projects
It was pointed out to me in private communication that if a group has only private projects you can still reach its 'show' page and see its members.
Is this meant to be like that or do we have a security issue here? I am confused when reading the documentation on http://docs.gitlab.com/ce/permissions/permissions.html
In order for a group to appear as public and be browsable, it must contain at least one public project.