Separate permission for making repos Public

[jeffmcaffer]

Making a repo public is (for us) the single most important event. Given the set of bots out there watching repos, it is very hard to get the cat back in the bag if a repo is accidentally made public. Currently the "public" permission is lumped in with a number of other relatively innocuous permissions that we would like all/many team members to have. OTOH, the public permission should be held only by super users.

There are two parts to this.

1. In an appropriately configured org, it should be impossible to create a public repo
2. The "change visibility" permission should be closely held

[nzakas]

:+1:

[hyandell]

The other approach used by participants is to allow "change visibility" freely, but closely hold creating of repositories.

[Realized this works today - non-legacy teams cannot create repos and yet can still publish repos :) ]

[jeffmcaffer]

Indeed. We have a number of scenarios where repos are being staged privately for a few weeks/months and premature exposure would be problematic. We would also like to encourage folks to get on GitHub ASAP rather than setting up in a temporary, non-GitHub place only to shift infrastructure. Part of getting their early seems frequently to be, not quite being ready for prime time...

[caabernathy]

+1

[caniszczyk]

+1

[caniszczyk]

This seems to be somewhat done