Add restrictions on creating public repositories in organisations

Hello,

Whilst I fully encourage the creation of public repositories to contribute the wider OSS community, accidentally making sensitive repositories public within a private organisation has security implications. I suggest that it would be useful to have control at the organisation level that restricts creation of public repositories to admins, such that junior developers don’t accidentally expose sensitive information to the public - we had a recent situation where the developer “didn’t realise it was public”. Something along the lines of a Request to expose repository to the public that can be raised by organisation members and approved by admins would be very useful.

Look forward to hearing thoughts on this proposal.

Hi @woodz,

This post was moved to a different board that fits your topic of discussion a bit better. This means you’ll get better engagement on your post, and it keeps our Community organized so users can more easily find information.

As you’ll notice, your Topic is now in the How to use Git and Github board. No action is needed on your part; you can continue the conversation as normal here.

Let me know if you have any other questions or if I can help with anything else.

Cheers!

1 Like

Hi @woodz,

Thanks for the feedback on this! At this time this isn’t specifically possible, though you can restrict repository creation overall (private or public) to admins only (more info here). That said, we’re always working to improve GitHub and consider every suggestion we receive. I’ve logged your feature request in our internal feature request list. Though I can’t guarantee anything or share a timeline for this, I can tell you that it’s been shared with the appropriate teams for consideration.

Cheers!

1 Like