forge/forge
10
7
Fork 5
Code Issues 86 Pull requests 1 Projects 3 Wiki Activity Actions

Private Issues #113

New issue
Open
opened 2025-07-15 14:30:26 +00:00 by nilsph · 2 comments
nilsph commented 2025-07-15 14:30:26 +00:00 (Migrated from codeberg.org)
Copy link

Storytime

As a user with an issue involving private information,
I want to be able to create issues which are only visible to maintainers of a project,
so necessary but sensitive information is available to debug a problem without exposing it to the public at large.

As a project maintainer,
I want that contributors can create issues only visible to maintainers,
so they can report security issues without exposing this to parties that would abuse this knowledge.

Acceptance Criteria

Legend (for stories and tasks): Must Have, Should Have, Nice to Have

  • Spike: Research past efforts and the current state of “private issues” upstream. (#24)
  • Spike: Get acquainted with database code and structures. (Nils: #114)
  • Spike: Explore possible implementation approaches and decide upon one. (#135)
  • Spike: Introduce Upstream, Collect Guidance, Establish Communications (#243)
  • Spike: Examine feasibility of single type/class ⇔ multiple DB tables (#244)
  • Stories: REST API
    • Create private issue (& foundational work) (#168)
      • Investigate integration tests broken in #168 (#420)
      • Verify, debug and fix DB migration (#430)
      • Consistent Nullable Fields (#453)
    • Unit tests for code ⇔ DB boundary (#330)
    • Unit tests for code ⇔ DB boundary (related types/tables) (#433)
    • Issue-level access control and DB queries (#418)
    • List and read private issues (#419)
    • Update private issue (#439)
    • Add comment to private issue (#440)
    • Convert issue type: private ⇔ public
  • Stories: Web UI
    • Create private issue (#441)
    • List and read private issues (#442)
    • Update private issue (#443)
    • Comment on private issue (#444)
    • Convert issue type
  • Story: Notifications
  • Story: Abuse Reports
# Storytime As a user with an issue involving private information, I want to be able to create issues which are only visible to maintainers of a project, so necessary but sensitive information is available to debug a problem without exposing it to the public at large. As a project maintainer, I want that contributors can create issues only visible to maintainers, so they can report security issues without exposing this to parties that would abuse this knowledge. # Acceptance Criteria Legend (for stories and tasks): **Must Have**, Should Have, _Nice to Have_ - [x] Spike: Research past efforts and the current state of “private issues” upstream. (#24) - [x] Spike: Get acquainted with database code and structures. (Nils: #114) - [x] Spike: Explore possible implementation approaches and decide upon one. (#135) - [x] Spike: Introduce Upstream, Collect Guidance, Establish Communications (#243) - [x] Spike: Examine feasibility of single type/class ⇔ multiple DB tables (#244) - [ ] **Stories: REST API** - [x] **Create private issue (& foundational work)** (#168) - [x] **Investigate integration tests broken in #168** (#420) - [x] **Verify, debug and fix DB migration** (#430) - [x] **Consistent Nullable Fields** (#453) - [x] **Unit tests for code ⇔ DB boundary** (#330) - [ ] _Unit tests for code ⇔ DB boundary (related types/tables)_ (#433) - [x] **Issue-level access control and DB queries** (#418) - [ ] **List and read private issues** (#419) - [ ] **Update private issue** (#439) - [ ] **Add comment to private issue** (#440) - [ ] Convert issue type: private ⇔ public - [ ] **Stories: Web UI** - [ ] **Create private issue** (#441) - [ ] **List and read private issues** (#442) - [ ] **Update private issue** (#443) - [ ] **Comment on private issue** (#444) - [ ] Convert issue type - [ ] Story: Notifications - [ ] Story: Abuse Reports
ryanlerch added this to the Sprint 12 project 2025-11-03 04:07:04 +00:00
ryanlerch modified the project from Sprint 12 to Backlog 2025-11-03 04:10:37 +00:00
humaton commented 2026-03-19 09:31:05 +00:00
Owner
Copy link

Currently the code lives here see ticket for future home for the codebase.

Currently the code lives [here ](https://codeberg.org/nilsph/forgejo/src/branch/forgejo--private-issues) see [ticket](https://forge.fedoraproject.org/forge/forge/issues/464) for future home for the codebase.
mikem commented 2026-03-20 19:19:38 +00:00
Copy link

I didn't realize this was a feature gap until just now.
What does this mean for private issues in projects exported from pagure.io? Are the private issues from there simply omitted? I presume they're not made public in the process....

I don't see anything in the acceptance criteria above regarding importing private issues from pagure.io that may have been missed during import, or for updating the import tools for projects migrated in the future. Is that on the radar somewhere?

I didn't realize this was a feature gap until just now. What does this mean for private issues in projects exported from pagure.io? Are the private issues from there simply omitted? I presume they're not made public in the process.... I don't see anything in the acceptance criteria above regarding importing private issues from pagure.io that may have been missed during import, or for updating the import tools for projects migrated in the future. Is that on the radar somewhere?
Sign in to join this conversation.
No Branch/Tag specified
Branches Tags
main
test
docs
No results found.
Labels
Clear labels   
Backlog Status
Needs Review
Work items that have been created or updated but need review, refinement, or approval before they can be considered ready for sprint planning.

  
Backlog Status
Ready
Work items that have been reviewed, refined, and are ready to be committed to a sprint. These items have clear requirements and could be worked on immediately when capacity is available.

  
Chore

Tasks that are necessary but don't directly deliver new value to the end-user. These are internal tasks like updating a library, managing user accounts, or setting up a new service.

  
points
01
A task that is simple, small, and has very little uncertainty. It should be easy enough for any team member to pick up and complete quickly, without a lot of discussion or research.

  
points
02
This is a task that is slightly more complex or larger than a "1." It might involve two or three simple steps, but the outcome is still very clear and there's little uncertainty.

  
points
03
medium-sized task with some noticeable complexity. It might require a bit more thought or collaboration. The steps are well-defined, but it's not a trivial change.

  
points
05
a significant piece of work. It has more complexity and a higher degree of uncertainty than smaller tasks. It might require some research, a design discussion, or collaboration across multiple teams.

  
points
08
complex task with a lot of uncertainty. It's often the largest size that a team will consider for a single sprint. It likely requires a detailed breakdown and multiple team members to complete.

  
points
13
Any task that feels like it's a "13" or more is considered an Epic. These are too large and uncertain to be worked on in a single sprint.

  
Priority
High
This is for work that is critical and needs to be addressed in the next sprint. It's often for urgent bugs, important features, or a major piece of technical debt that is blocking other work.

  
Priority
Low
This is for work that is good to do but not urgent. It's a candidate for being worked on when there's extra time or when it rises in importance. It can stay in the backlog for a longer period.

  
Priority
Medium
This is for important work that should be done soon, but isn't as urgent as a high-priority item. It will likely be considered for the next 1-2 sprints.

  
Sprint Status
Blocked
Indicates the work cannot proceed. There is a dependency or an issue that is preventing the team from completing the task. This is a flag for the Scrum Master to help unblock the team.

  
Sprint Status
Done
Work items that have been completed, reviewed, and integrated. No further work is needed within the current sprint.

  
Sprint Status
In Progress
This label is for work that a developer is actively working on. This is usually what you'll see on the "In Progress" column of your project board.

  
Sprint Status
Review
This indicates that the work is complete, but it is now in a review state. This could mean a peer code review, a QA check, or a review by the Product Owner.

  
Sprint Status
To Do
Work items that are committed to the sprint but haven't been started yet. These items are ready to be picked up by team members.

  
Technical Debt

work that improves the codebase without adding new features. It's work that pays down the "debt" you've accumulated, such as refactoring a messy piece of code, improving test coverage.

  
Work Item
Bug
Issues where the system is not working as intended or designed. Bugs represent deviations from expected behavior.

  
Work Item
Epic

  
Work Item
Spike

  
Work Item
Task

  
Work Item
User Story

  
Backlog Status
Needs Review
Work items that have been created or updated but need review, refinement, or approval before they can be considered ready for sprint planning.

  
Backlog Status
Ready
Work items that have been reviewed, refined, and are ready to be committed to a sprint. These items have clear requirements and can be worked on immediately when capacity is available.

  
chore

Work that needs to be done but doesn't add new functionality or fix bugs. Maintenance tasks that keep the system running smoothly and the codebase clean.

  
documentation

Work focused on creating, updating, or improving documentation for users, developers, or system administrators.

  
points
01
A task that is simple, small, and has very little uncertainty. It should be easy enough for any team member to pick up and complete quickly, without a lot of discussion or research.

  
points
02
This is a task that is slightly more complex or larger than a "1." It might involve two or three simple steps, but the outcome is still very clear and there's little uncertainty.

  
points
03
Medium-sized task with some noticeable complexity. It might require a bit more thought or collaboration. The steps are well-defined, but it's not a trivial change.

  
points
05
A significant piece of work. It has more complexity and a higher degree of uncertainty than smaller tasks. It might require some research, a design discussion, or collaboration across multiple teams.

  
points
08
Complex task with a lot of uncertainty. It's often the largest size that a team will consider for a single sprint. It likely requires a detailed breakdown and multiple team members to complete.

  
points
13
Any task that feels like it's a "13" or more is considered an Epic. These are too large and uncertain to be worked on in a single sprint and should be broken down.

  
Priority
High
This is for work that is critical and needs to be addressed in the next sprint. It's often for urgent bugs, important features, or a major piece of technical debt that is blocking other work.

  
Priority
Low
This is for work that is good to do but not urgent. It's a candidate for being worked on when there's extra time or when it rises in importance. It can stay in the backlog for a longer period.

  
Priority
Medium
This is for important work that should be done soon, but isn't as urgent as a high-priority item. It will likely be considered for the next 1-2 sprints.

  
Sprint Status
Blocked
Work items that cannot progress due to external dependencies, blockers, or issues that need resolution.

  
Sprint Status
Done
Work items that have been completed, reviewed, and integrated. No further work is needed within the current sprint.

  
Sprint Status
In Progress
Work items currently being worked on by a team member. Active development, research, or implementation is happening.

  
Sprint Status
Review
Work items that are complete but need review, testing, or approval before being marked as done.

  
Sprint Status
To Do
Work items that are committed to the sprint but haven't been started yet. These items are ready to be picked up by team members.

  
Technical Debt

Work that addresses shortcuts, workarounds, or suboptimal implementations that were done previously to meet deadlines. These items improve code quality, maintainability, or performance without adding new features.

  
Work Item
Bug
Issues where the system is not working as intended or designed. Bugs represent deviations from expected behavior.

  
Work Item
Epic
Large initiatives that are broken down into multiple smaller work items (user stories, tasks, bugs). Epics represent significant features or projects that span multiple sprints.

  
Work Item
Spike
Time-boxed research, investigation, or proof-of-concept work to reduce uncertainty or explore solutions. Spikes help inform future development decisions.

  
Work Item
Task
Used to break down larger user stories into smaller, manageable implementation pieces. They focus on the specific technical steps needed to deliver the user story's value.

  
Work Item
User Story
User-facing features or functionality that can be framed from a user perspective, describing what someone wants to accomplish and why.

No labels
Backlog Status
Needs Review
Backlog Status
Ready
Chore
points
01
points
02
points
03
points
05
points
08
points
13
Priority
High
Priority
Low
Priority
Medium
Sprint Status
Blocked
Sprint Status
Done
Sprint Status
In Progress
Sprint Status
Review
Sprint Status
To Do
Technical Debt
Work Item
Bug
Work Item
Epic
Work Item
Spike
Work Item
Task
Work Item
User Story
Backlog Status
Needs Review
Backlog Status
Ready
chore
documentation
points
01
points
02
points
03
points
05
points
08
points
13
Priority
High
Priority
Low
Priority
Medium
Sprint Status
Blocked
Sprint Status
Done
Sprint Status
In Progress
Sprint Status
Review
Sprint Status
To Do
Technical Debt
Work Item
Bug
Work Item
Epic
Work Item
Spike
Work Item
Task
Work Item
User Story
Milestone
Clear milestone
No items
No milestone
Projects
Clear projects
No items
No project
Backlog
Assignees
Clear assignees
No assignees
nphilipp
3 participants
Notifications
Due date
The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Blocks
#13175 Migrate fedora-pdr repository to forge.fedoraproject.org
infra/tickets
Depends on
#24 Monitor and help create the private issues functionality as possible
forge/forge
#114 Get acquainted with database code and structures
forge/forge
#135 Explore backend implementation options and decide upon one
forge/forge
#168 REST API: Create private issue & foundational work
forge/forge
#242 Private Issues: Establish Guidelines for public/private transparency
forge/forge
#243 Private Issues: Introduce Upstream, Collect Guidance, Establish Communications
forge/forge
#244 Private Issues: Examine feasibility of single type/class ⇔ multiple DB tables
forge/forge
#330 Private Issues: Unit tests for code ⇔ DB boundary
forge/forge
#418 Private Issues: Issue-level access control and DB queries
forge/forge
#419 Private Issues (API): List and read private issues
forge/forge
#420 Private Issues: Investigate integration tests broken in #168
forge/forge
#430 Private Issues: Verify, debug and fix DB migration
forge/forge
#439 Private Issues: Update private issue
forge/forge
#440 Private Issues: Add comment to private issue
forge/forge
#441 Private Issues, Web UI: Create private issue
forge/forge
#442 Private Issues, Web UI: List and read private issues
forge/forge
#443 Private Issues, Web UI: Update private issue
forge/forge
#444 Private Issues, Web UI: Comment on private issue
forge/forge
#453 Private Issues: Consistent Nullable Fields
forge/forge
Reference
forge/forge#113
No description provided.