1. Create a private repo R
2. Create a private fork F of R
3. Push commits to the fork F
4. Make R public
The commits pushed to F prior to R being made public will become de facto public, even though F has always been a private fork. The post makes clear that commits pushed to F after R is made public are placed into a separate, private fork network.
So basically, if you ever intend to open source anything, never do it to an existing private repo. Always start a from-scratch repo to be the root of your new public project.
It also applies to this situation:
The commits pushed to F prior to R being made public will become de facto public, even though F has always been a private fork. The post makes clear that commits pushed to F after R is made public are placed into a separate, private fork network.
So basically, if you ever intend to open source anything, never do it to an existing private repo. Always start a from-scratch repo to be the root of your new public project.
I find the attitude worrying. I understand that it's maybe not easy to fix, or even fixable without breaking some use cases.
However, if they "don't care" about such an issue, how can I trust them to care about other stuff?
Github’s attitude and perception of the terms “privacy” and “security” - it is more important.