16
7
Fork
You've already forked design
4

Visibility settings for teams #64

Open
opened 2026年05月18日 21:43:17 +02:00 by wetneb · 3 comments
Member
Copy link

Warning

Please read this section of the README before interacting in the issue tracker.
We might remove comments that don't fit here. This is unfortunately necessary, because respect for design work is not yet common in Free/Libre Software projects.

Content

There is an interest for making it possible to have transparent Forgejo organizations (forgejo/forgejo#862), where not only members are visible but also the composition of each team in the organization. It has been pointed out that there are also legitimate reasons to only publish the composition of certain teams, leaving other teams private.

Therefore I am proposing the following design.
Teams get a new visibility setting, making it possible for org owners to make them visible:
image

This setting would be disabled by default to match the current behavior of Forgejo (not showing team members), so as to avoid publishing sensitive information when upgrading.

Turning this setting on would also require that all existing team members have already publicized their membership to the organization that hosts the team. Any new member added to the team would also have their membership to the organization published.

Any new team created after the update would be public by default if its parent organization is also public. This includes the auto-generated "Owners" team of a newly-created public organization.

> **Warning** > Please read [this section of the README](https://codeberg.org/forgejo/design#what-you-can-do-here) before interacting in the issue tracker. > We might remove comments that don't fit here. This is unfortunately necessary, because respect for design work is not yet common in Free/Libre Software projects. ### Content There is an interest for making it possible to have transparent Forgejo organizations (https://codeberg.org/forgejo/forgejo/issues/862), where not only members are visible but also the composition of each team in the organization. It has been pointed out that there are also legitimate reasons to only publish the composition of certain teams, leaving other teams private. Therefore I am proposing the following design. Teams get a new visibility setting, making it possible for org owners to make them visible: ![image](/attachments/d8811c20-e1a4-4788-a981-fb5367079dcc) This setting would be disabled by default to match the current behavior of Forgejo (not showing team members), so as to avoid publishing sensitive information when upgrading. Turning this setting on would also require that all existing team members have already publicized their membership to the organization that hosts the team. Any new member added to the team would also have their membership to the organization published. Any new team created after the update would be public by default if its parent organization is also public. This includes the auto-generated "Owners" team of a newly-created public organization.
188 KiB

Turning this setting on would also require that all existing team members have already publicized their membership to the organization that hosts the team. Any new member added to the team would also have their membership to the organization published.

I don't think that this is needed to be that strict. Teams may be public even if some of their members are "hidden". E.g., there are service accounts (bots) that don't need to be visible (only to the team (or org?) members).

> Turning this setting on would also require that all existing team members have already publicized their membership to the organization that hosts the team. Any new member added to the team would also have their membership to the organization published. I don't think that this is needed to be that strict. Teams may be public even if some of their members are "hidden". E.g., there are service accounts (bots) that don't need to be visible (only to the team (or org?) members).
Author
Member
Copy link

To me, the motivation of introducing this feature is precisely to enable communities to decide that all members of certain teams are public. In my opinion, being able to hide select members defeats the purpose of transparency and supply chain security that this option would offer.

That being said, I am not against offering other levels of visibility if you think they would be useful in certain cases. If we decide to let users selectively publish which teams they are part of, I imagine the UI for it might become a bit complicated, but it can be done. Can you expand on why you would want to hide bots from a team?

Instead of a checkbox as proposed above, I considered offering three visibility levels:

  • The team is public and all its members are public
  • The team is public but its members are not shown
  • The team is private

We could add a fourth level where only members who have chosen to publish their memberships are listed (just like for org membership at the moment), but personally as an external user I find those partial members lists rather useless. They also fail to convey the information that they may be partial (also on GitHub).

To me, the motivation of introducing this feature is precisely to enable communities to decide that *all* members of certain teams are public. In my opinion, being able to hide select members defeats the purpose of transparency and supply chain security that this option would offer. That being said, I am not against offering other levels of visibility if you think they would be useful in certain cases. If we decide to let users selectively publish which teams they are part of, I imagine the UI for it might become a bit complicated, but it can be done. Can you expand on why you would want to hide bots from a team? Instead of a checkbox as proposed above, I considered offering three visibility levels: * The team is public and all its members are public * The team is public but its members are not shown * The team is private We could add a fourth level where only members who have chosen to publish their memberships are listed (just like for org membership at the moment), but personally as an external user I find those partial members lists rather useless. They also fail to convey the information that they may be partial (also on GitHub).

I have no opinion on the granularity of visibility. But I think https://codeberg.org/forgejo/governance/src/branch/main/TEAMS.md is a great practical example of the manual maintenance that would be saved if it was possible to make team membership visible 🙏

I have no opinion on the granularity of visibility. But I think https://codeberg.org/forgejo/governance/src/branch/main/TEAMS.md is a great practical example of the manual maintenance that would be saved if it was possible to make team membership visible 🙏
Sign in to join this conversation.
No Branch/Tag specified
main
15-new-pr
private-issues
file-editor
No results found.
Labels
Clear labels
User research - Accessibility
Requires input about accessibility features, likely involves user testing.
User research - Blocked
Do not pick as-is! We are happy if you can help, but please coordinate with ongoing redesign in this area.
User research - Community
Community features, such as discovering other people's work or otherwise feeling welcome on a Forgejo instance.
User research - Config (instance)
Instance-wide configuration, authentication and other admin-only needs.
User research - Errors
How to deal with errors in the application and write helpful error messages.
User research - Filters
How filter and search is being worked with.
User research - Future backlog
The issue might be inspiring for future design work.
User research - Git workflow
AGit, fork-based and new Git workflow, PR creation etc
User research - Labels
Active research about Labels
User research - Moderation
Moderation Featuers for Admins are undergoing active User Research
User research - Needs input
Use this label to let the User Research team know their input is requested.
User research - Notifications/Dashboard
Research on how users should know what to do next.
User research - Rendering
Text rendering, markup languages etc
User research - Repo creation
Active research about the New Repo dialog.
User research - Repo units
The repo sections, disabling them and the "Add more" button.
User research - Security
User research - Settings (in-app)
How to structure in-app settings in the future?
Milestone
Clear milestone
No items
No milestone
Projects
Clear projects
No items
No project
Assignees
Clear assignees
No assignees
3 participants
Notifications
Due date
The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference
forgejo/design#64
Reference in a new issue
forgejo/design
No description provided.
Delete branch "%!s()"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?