Private Repo Forks should be visible by default to members of the parent repo
Everyone can contribute. Help move this issue forward while earning points, leveling up and collecting rewards.
Problem to solve
We have a private repo, we encourage members to fork the repo to make their branches against their fork to keep the main repo "clean". When a member of the group submits a Merge Request (MR), others cannot checkout that branch unless the member that made the MR grants the other user explicit permission to access their fork.
Members of the parent repo should automatically be able to access the forks of the parent repo.
Also, just in case it's not already possible. Once a member is no longer part of the parent repo's group, their fork should no longer be accessible.
Intended users
Members of a group that has a private repo
Proposal
When a member of a private repo makes a fork, all members that have access to the parent repo should automatically get access to the fork, or at least be able to see the fork. Ideally, if a user creates a fork of a private repo and I'm also a member of that repo, I should be able to clone and pull branches from that fork without needed to request read access to that fork.
Users should only have to grant write permission to their fork to other members.
Permissions and Security
Members of a private repo should automatically get read access to forks of the private repo. Once a member is no longer a member of a private repo, their fork should become inaccessible without getting explicit permission from the private repo's owner. Members of the private repo should only have to request write permission to a fork, not read access.
Testing
- Create a private repo.
- Add members to the private repo
- fork the repo with one of those members.
- You as the owner of the private repo, or member of the private repo, cannot see or get read access to the forks
What does success look like, and how can we measure that?
Member of the group of a private repo should not have to access other members for explicit access to their forks of the private repo.
Github solves this by making new remote branches available on the parent repo with the prefix pr/ so that users can checkout the Pull Request locally to test and or merge it.