When will we finally get confidential issues that can be used for security-relevant tickets? GitHub seems to be stuck in this very dated, corporate view of security issues to be reported via e-mail and somehow handled by a response team completely opaquely instead of transparently tracked like everything else. Why would GitHub invest so much into working with vulnerabilities, then not have something so basic? I don’t get it.
Also compare to GitLab, which has a simple “mark this issue confidential” check box on the new issue filing page.
Also see here how many people clearly have been wanting this for years: https://github.com/isaacs/github/issues/37
So when is it actually going to be added?