Whilst I fully encourage the creation of public repositories to contribute the wider OSS community, accidentally making sensitive repositories public within a private organisation has security implications. I suggest that it would be useful to have control at the organisation level that restricts creation of public repositories to admins, such that junior developers don’t accidentally expose sensitive information to the public - we had a recent situation where the developer “didn’t realise it was public”. Something along the lines of a
Request to expose repository to the public that can be raised by organisation members and approved by admins would be very useful.
Look forward to hearing thoughts on this proposal.