Allow guests to see tag names associated with releases
Currently, we treat "tag names" associated with releases as source code and don't allow guests to see them.
But:
- we use the tag name as
IDfor releases, so without it, guests won't be able to see the release page. - we use tag name as the default "name" for the release, so guest will see releases called "release-ID" (which is a strange user experience)
- we even consider removing some features for guest users to preserve this security feature
- all these workarounds require a lot of time of our development team to support
We can solve of this by relaxing security requirements a little and allowing users to see tag name for releases. (Note that all tag related information like commit SHA will still be unavailable)
The end result is
- Guests see proper names of releases (in case name is empty we show tag as name)
- Guests can visit the individual release page (tag is treated as ID, so previously we couldn't give users URL)
- We can remove all other workarounds we put in place to prevent a user from knowing the tag name. (Tracked in a separate issue #345568 (closed))