Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Statement about visibility of custom properties is misleading or incorrect #35819

Open
1 task done
svrnm opened this issue Jan 3, 2025 · 5 comments
Open
1 task done

Statement about visibility of custom properties is misleading or incorrect #35819

svrnm opened this issue Jan 3, 2025 · 5 comments
Labels
content This issue or pull request belongs to the Docs Content team organizations Content related to organizations SME reviewed An SME has reviewed this issue/PR

Comments

@svrnm
Copy link

svrnm commented Jan 3, 2025

Code of Conduct

What article on docs.github.com is affected?

https://docs.github.com/en/organizations/managing-organization-settings/managing-custom-properties-for-repositories-in-your-organization

What part(s) of the article would you like to see updated?

Custom properties are private and can only be viewed by people with read permissions to the repository.

By simply reading this statement I would assume that if I set a custom property on a repository it is only visible to people with assigned permissions, but in the case of a public repository everyone can see the custom property. I have verified it with the following steps:

  • Create a custom property (e.g. name foo)
  • Go to a public repository and assign custom property foo with value bar
  • Open another browser or incognito window in your current browser and navigate to the repository, click on "Custom properties" on the right side menu, the property foo is visible although I am not logged in

Either this is misleading, since everyone has read permissions on a public repository in some way, or this is incorrect, and the statement needs to be updated, or this is unintended and needs to be fixed.

Thanks

Additional information

Screenshot 2025-01-03 at 16 43 30
@svrnm svrnm added the content This issue or pull request belongs to the Docs Content team label Jan 3, 2025
@welcome Welcome
Copy link

welcome bot commented Jan 3, 2025

Thanks for opening this issue. A GitHub docs team member should be by to give feedback soon. In the meantime, please check out the contributing guidelines.

@github-actions github-actions bot added the triage Do not begin working on this issue until triaged by the team label Jan 3, 2025
@nguyenalex836 nguyenalex836 added waiting for review Issue/PR is waiting for a writer's review organizations Content related to organizations and removed triage Do not begin working on this issue until triaged by the team labels Jan 3, 2025
@nguyenalex836
Copy link
Contributor

@svrnm Thank you for raising this issue! I'll get this triaged for review ✨ Our team will provide feedback regarding the best next steps for this issue - thanks for your patience! 💛

@svrnm svrnm changed the title Statement abouv visibility of custom properties is misleading or incorrect Statement about visibility of custom properties is misleading or incorrect Jan 3, 2025
@subatoi subatoi added the needs SME This proposal needs review from a subject matter expert label Jan 6, 2025
@github-actions GitHub Actions
Copy link
Contributor

github-actions bot commented Jan 6, 2025

Thanks for opening an issue! We've triaged this issue for technical review by a subject matter expert 👀

@nguyenalex836 nguyenalex836 added SME reviewed An SME has reviewed this issue/PR and removed waiting for review Issue/PR is waiting for a writer's review needs SME This proposal needs review from a subject matter expert labels Jan 22, 2025
@nguyenalex836
Copy link
Contributor

@svrnm Thank you so much for your patience while our SME team reviewed! ✨ They are aligned with you, and wanted to relay the following:

We can clarify the docs here to be exceptionality explicit.

This is a simple suggestion:
Custom properties can be viewed by actors with read permissions to the repository.

Would you be willing to submit a PR to update that statement to align with our SME's suggestion? 💛

@svrnm
Copy link
Author

svrnm commented Jan 22, 2025

Custom properties can be viewed by actors with read permissions to the repository.

Thanks @nguyenalex836. I don't see how this sentence is different to the existing one? It still states can be misread that explicitly set reading permissions are required to view them, however for a public repository it means EVERYONE can view them. So I would expect a wording like

Custom properties have the same visibility as your repository, meaning for a public repository they are visibile to everyone.

To add this for context: I was considering to add information as a custom property to a repository that is for internal purpose only, and in some cases might even be considered sensitive, so as it stands today custom properties should not be used for that, and the documentation should make this entirely clear.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
content This issue or pull request belongs to the Docs Content team organizations Content related to organizations SME reviewed An SME has reviewed this issue/PR
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@svrnm @subatoi @nguyenalex836