Add option to configure project visibility on import
Everyone can contribute. Help move this issue forward while earning points, leveling up and collecting rewards.
Proposal
When importing project, e. g., from Gitea (see documentation), one should be able to set the visibility of the imported project.
This addition is important, because it might cause inadvertent leakage of the information contained in the imported project.
GitLab and Gitea can be self-hosted and hence vary in their configuration, esp. regarding accessibility from the internet. Now assuming that you have a Gitea instance that is only accessible to a local network, e. g., a company network, and intent to import projects into a publicly accessible GitLab instance.
Gitea only has two project visibility levels: public and private. Since the Gitea instance is not publicly accessible on the internet, all projects marked as public, are not publicly accessible on the internet. However, upon import GitLab will import the project's visibility and set the imported project to public (unless it is imported into a group that is set to internal or private or into a private profile). Consequently, the project will now be publicly accessible on the internet.
Yes, you can change the project's visibility in GitLab to internal. However, since public projects are listed on the Explore page, there could be services out there that monitor GitLab instances for changes and dump newly available projects. Hence, even if the project is publicly accessible a short time, source code can be leaked. In addition, you need to be aware of the fact that the project is now publicly accessible.
The current work-around would be to configure the project visibility in Gitea before import, or configure the GitLab group or GitLab profile the project is imported to, to internal or private.
I argue that being able to set the visibility of the imported project before importing would be a good addition. At the one hand, it would give the user control over the project visibility, before it is in effect. At the other hand, it would make the visibility of the imported project explicit, hence, showing the user, which accessibility is applied.
I have only verified that by importing from Gitea, so I'm not sure whether other importers are affected as well. However, the proposal is generic and should avoid inadvertent source code leakage through transparently (invisibly) applied project visibility configuration.