Issues-only role without access to code

[bartlomiej-dawidow]

Add a role or a permission level that gives a user access to issues, without giving them any access to the source code. The newly added triage role is a step in the right direction but it also gives read-only access to the code.

The recommended way to do that as of January 2020 is to create a separate issues-only repository, but if you do that then your commit messages have to reference issues by using the long notation (organization/project#123), which is a major inconvenience.

Use case:
A game development company with external testers. Those testers are often outsourced, or they are selected from the community. In either case you do not want to give them access to the source code.

[clarkbw]

If they can't see the source code, they wouldn't be able to reference commit messages (that would be hidden as well). Are those references for you and your team?

[bartlomiej-dawidow]

@clarkbw That would be fine with us, testers do not have to see commit messages or reference them. They could see that it was referenced by our devs, so just this part:

john added a commit to organization/project that referenced this issue

but without the commit message or any other way to access the commit/123 page.

That would be the ideal solution for our projects.