Maven package upload working with a free tier account

Summary

On GitLab.com, I have a free tier account. I am able to push Maven packages using a CI build.

This is not expected considering the documentation: https://about.gitlab.com/pricing/self-managed/feature-comparison/

Steps to reproduce

1. Create a free tier account
2. Create a public project
3. Upload a Maven package following https://docs.gitlab.com/ee/user/packages/maven_repository/

Example Project

https://gitlab.com/10io/maven-dependency/-/packages

CI job: https://gitlab.com/10io/maven-dependency/-/jobs/344556421

What is the current bug behavior?

I was able to push a Maven package using a CI job

What is the expected correct behavior?

mvn deploy executed by the CI job should be rejected.

Relevant logs and/or screenshots

Uploading: https://gitlab.com/api/v4/projects/15187476/packages/maven/com/example/dep/simple-maven-dep/1.0-SNAPSHOT/simple-maven-dep-1.0-20191107.141022-1.jar
2/3 KB   
3/3 KB   
         
Uploaded: https://gitlab.com/api/v4/projects/15187476/packages/maven/com/example/dep/simple-maven-dep/1.0-SNAPSHOT/simple-maven-dep-1.0-20191107.141022-1.jar (3 KB at 1.1 KB/sec)

Output of checks

This bug happens on GitLab.com

Possible fixes

Prevent the maven API to be used with free tier accounts or update the documentation.

Note that if free tier accounts can use the package features, this has several implications:

• code organisation.
• naming enforcements during group/project path updates or transfers.

Other considerations

This could also happen for NPM packages.