I still own and contributed to a few private repos in an organization account of my former job. Currently I don't have access to these repos, but keep getting notifications from them. Is there a way to disown or remove myself from these repos? Going to "Repositories" in Settings doesn't help, as these repos are not listed there.
Related
So, my question is:
How to access private repositories of Bitbucket/Github or any other online web-based version control repository hosting service.
Any feedback is most welcome.
Thanks
Steve Washer
I'll only speak for github as a daily github user. The only way to access them is either by being member of the repository or outside collaborator of the repository. Owner of the repo can add you to it in the repository Settings.
Another way is to ask any of the members to provide you the personal access token, which you could use to read the repository via the API. This is however, unsafe.
Yet another way is asking the repository owner or any repo user to add your public SSH key to his account so you may have repo access (clone, commit) without ability to view it on github.com
Summary: you always need to talk to the owner or any of the current repository members. Private repo will never be accessible otherwise.
I was added as collaborator to a public GitHub repo and I was able to make changes to the main branch. A pull request was not generated, the changes just went right in. I am using Visual Studio 2015 as my client, for what it's worth.
Yes, it depends on the permission.
There are 4 types of permissions:
Read
Write
Admin
Owner
Note: Organization members with owner permissions have extensive permissions across all repositories in an organization.
See the permissions and associated actions at Repository permission levels for an organization and Collaborator access on a repository owned by a user account.
Yes, it is either your responsibility to properly follow process (i.e., create a branch and then create the pull request to merge to master / release / etc) or/and up to the repo owner to set up permissions so committing directly to master is not possible.
Yes, that's basically what collaborators are. :)
See Github - Collaborator access on a repository owned by a user account
Often, even if you have collaborator access/rights, you can choose to adopt a more kosher Git workflow, like creating a branch and a pull request for each 'thing' that goes into the main branch.
My organization has a private repo and we've brought on a few contractors and given them access to the code base.
These contractors have been forking the code base, and I wanted to evaluate the potential security implications of that.
Could any of these forkers make the code public if they choose to?
If their access is removed from the original project, will their access to the forked repo also be removed?
Could any of these forkers make the code public if they choose to?
Yes, they can push it to a new public Git repo (on GitHub or any other Git hosting service)
If their access is removed from the original project, will their access to the forked repo also be removed?
See "Removing a collaborator from a personal repository"
While forks of private repositories are deleted when a collaborator is removed, the person will still retain any local clones of your repository.
For a better security, contractors usually operate on PCs inside the organization through VPN. Those PCs can then limit or prevent internet access.
We have a private repo in our org on GitHub and I've invited some external user to this repo. I have him the "Read" access. He can now read and clone the repo (I guess the clone will stay private, right?).
What can he do inside issues?
According to the documentation of the permission levels a collaborator (inside or outside of the organisation) can:
> Open, close, re-open, and assign issues
Haven't tried it out. But it sounds meaningful to me.
I am curious if I can add a collaborator for just watching my project without giving him the rights to make it public, yet.
So, the current situation would be:
- I created a private GitHub repo that I don't want to have public yet
- I have a colleague who does not have a paid GitHub account
- I want to add this colleague as "watcher" only without exposing the project to the public yet
Would that work?
Assuming you trust your collaborator to not clone the repo and post it publically, yes you can add them as a collaborator to see the private repo.
From Github's docs: "All collaborators must have GitHub accounts. It's easy to sign up, and even accounts on the free plan can collaborate on private repositories"