Breaking change: Allow guest users to pull packages from private projects on GitLab.com

Everyone can contribute. Help move this issue forward while earning points, leveling up and collecting rewards.

Deprecation Summary

GitLab.com is implementing a breaking change to allow guest users to pull packages from private projects, aligning with the functionality already available in self-managed instances. This change provides consistent behavior across all GitLab deployments and simplifies package sharing.

Documentation

  • Deprecation notice: #336622
  • Migration guidelines: [Link needed]
  • Feature flag documentation: [Link needed]

Product Usage

Currently, GitLab.com users cannot allow guest users to pull packages from private projects, while this functionality exists in self-managed instances via internal projects. This change aligns GitLab.com behavior with self-managed instances.

Breaking Change?

Yes - This deprecation contains a breaking change as it modifies access control behavior for private projects.

Affected Customers

Who is affected by this deprecation:

  • GitLab.com
  • Self-managed
  • Dedicated

What pricing tiers are impacted:

  • GitLab Free
  • GitLab Premium
  • GitLab Ultimate

[x] Internal note outlining details of customer impact has been created

Deprecation Milestone

  • Announcement: GitLab 17.6 (November 2023)
  • Feature Flag Implementation: 17.7 or 17.8 (December 2023 or January 2024)
  • Full Implementation: 18.0 (May 2024)

Planned Removal Milestone

The feature / functionality will be fully implemented in milestone: 18.0

Links

  • Issue: #336622
  • Documentation: [Add links]

Rollout Plan

DRI Engineers: [To be assigned] DRI Engineering Manager: [To be assigned]

  • Implement feature flag for controlled rollout
  • Update permissions model
  • Monitor system performance
  • Track usage metrics
  • Enable for early adopters
  • Full implementation in 18.0

Impact Assessment

  • Severity: High
  • Scope: Project
  • Resolution role: Maintainer
  • Manual task required: Yes
  • Implementation window: 3 months

Development Tasks

  • Update permissions model
  • Implement feature flag
  • Create migration documentation
  • Add security validations
  • Update access control logic
  • Implement monitoring metrics

Communication Plan

DRI Product Manager: [To be assigned]

Internal Communication

  • Create comprehensive internal note
  • Train support teams
  • Prepare security guidelines

External Communication

  • Announce change in 17.6
  • Update documentation
  • Create migration guide
  • Provide feature flag documentation

Success Metrics

  • Guest user package pull success rate
  • System performance metrics
  • Migration success rate
  • Support ticket volume
  • Feature flag adoption rate

Labels

Edited by 🤖 GitLab Bot 🤖