Please read this section of the README before interacting in the issue tracker.
We might remove comments that don't fit here. This is unfortunately necessary, because respect for design work is not yet common in Free/Libre Software projects.
Content
There is an interest for making it possible to have transparent Forgejo organizations (forgejo/forgejo#862), where not only members are visible but also the composition of each team in the organization. It has been pointed out that there are also legitimate reasons to only publish the composition of certain teams, leaving other teams private.
Therefore I am proposing the following design.
Teams get a new visibility setting, making it possible for org owners to make them visible: image
This setting would be disabled by default to match the current behavior of Forgejo (not showing team members), so as to avoid publishing sensitive information when upgrading.
Turning this setting on would also require that all existing team members have already publicized their membership to the organization that hosts the team. Any new member added to the team would also have their membership to the organization published.
Any new team created after the update would be public by default if its parent organization is also public. This includes the auto-generated "Owners" team of a newly-created public organization.
> **Warning**
> Please read [this section of the README](https://codeberg.org/forgejo/design#what-you-can-do-here) before interacting in the issue tracker.
> We might remove comments that don't fit here. This is unfortunately necessary, because respect for design work is not yet common in Free/Libre Software projects.
### Content
There is an interest for making it possible to have transparent Forgejo organizations (https://codeberg.org/forgejo/forgejo/issues/862), where not only members are visible but also the composition of each team in the organization. It has been pointed out that there are also legitimate reasons to only publish the composition of certain teams, leaving other teams private.
Therefore I am proposing the following design.
Teams get a new visibility setting, making it possible for org owners to make them visible:

This setting would be disabled by default to match the current behavior of Forgejo (not showing team members), so as to avoid publishing sensitive information when upgrading.
Turning this setting on would also require that all existing team members have already publicized their membership to the organization that hosts the team. Any new member added to the team would also have their membership to the organization published.
Any new team created after the update would be public by default if its parent organization is also public. This includes the auto-generated "Owners" team of a newly-created public organization.
Turning this setting on would also require that all existing team members have already publicized their membership to the organization that hosts the team. Any new member added to the team would also have their membership to the organization published.
I don't think that this is needed to be that strict. Teams may be public even if some of their members are "hidden". E.g., there are service accounts (bots) that don't need to be visible (only to the team (or org?) members).
> Turning this setting on would also require that all existing team members have already publicized their membership to the organization that hosts the team. Any new member added to the team would also have their membership to the organization published.
I don't think that this is needed to be that strict. Teams may be public even if some of their members are "hidden". E.g., there are service accounts (bots) that don't need to be visible (only to the team (or org?) members).
To me, the motivation of introducing this feature is precisely to enable communities to decide that all members of certain teams are public. In my opinion, being able to hide select members defeats the purpose of transparency and supply chain security that this option would offer.
That being said, I am not against offering other levels of visibility if you think they would be useful in certain cases. If we decide to let users selectively publish which teams they are part of, I imagine the UI for it might become a bit complicated, but it can be done. Can you expand on why you would want to hide bots from a team?
Instead of a checkbox as proposed above, I considered offering three visibility levels:
The team is public and all its members are public
The team is public but its members are not shown
The team is private
We could add a fourth level where only members who have chosen to publish their memberships are listed (just like for org membership at the moment), but personally as an external user I find those partial members lists rather useless. They also fail to convey the information that they may be partial (also on GitHub).
To me, the motivation of introducing this feature is precisely to enable communities to decide that *all* members of certain teams are public. In my opinion, being able to hide select members defeats the purpose of transparency and supply chain security that this option would offer.
That being said, I am not against offering other levels of visibility if you think they would be useful in certain cases. If we decide to let users selectively publish which teams they are part of, I imagine the UI for it might become a bit complicated, but it can be done. Can you expand on why you would want to hide bots from a team?
Instead of a checkbox as proposed above, I considered offering three visibility levels:
* The team is public and all its members are public
* The team is public but its members are not shown
* The team is private
We could add a fourth level where only members who have chosen to publish their memberships are listed (just like for org membership at the moment), but personally as an external user I find those partial members lists rather useless. They also fail to convey the information that they may be partial (also on GitHub).
I have no opinion on the granularity of visibility. But I think https://codeberg.org/forgejo/governance/src/branch/main/TEAMS.md is a great practical example of the manual maintenance that would be saved if it was possible to make team membership visible 🙏
I have no opinion on the granularity of visibility. But I think https://codeberg.org/forgejo/governance/src/branch/main/TEAMS.md is a great practical example of the manual maintenance that would be saved if it was possible to make team membership visible 🙏
The due date is invalid or out of range. Please use the format "yyyy-mm-dd".
No due date set.
Dependencies
No dependencies set.
Reference
forgejo/design#64
Loading...
Add table
Add a link
Reference in a new issue
No description provided.
Delete branch "%!s()"
Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?