When will we finally get confidential issues for security tickets?

When will we finally get confidential issues that can be used for security-relevant tickets? GitHub seems to be stuck in this very dated, corporate view of security issues to be reported via e-mail and somehow handled by a response team completely opaquely instead of transparently tracked like everything else. Why would GitHub invest so much into working with vulnerabilities, then not have something so basic? I don’t get it.

Also compare to GitLab, which has a simple “mark this issue confidential” check box on the new issue filing page.

Also see here how many people clearly have been wanting this for years: https://github.com/isaacs/github/issues/37

So when is it actually going to be added?

4 Likes

Hi @ell1e! :wave: Welcome to the Community!

I’m afraid I don’t have a timeline for when that feature might be added, sorry!

We do keep an eye on isaacs/github, but you might like to submit a feature request through our official product feedback form to reinforce to our product team that having private issues is really important to you!

Did you see an official PayPal developer even asking for this on isaacs’ repo?? What do you even need more feedback for at this point? All we need is an actual timeline, or a reason why somehow this appears to have been ignored so far