
Gitlab discloses confidential information to former employees - jhurewitz
https:&#x2F;&#x2F;gitlab.com&#x2F;gitlab-com&#x2F;people-group&#x2F;employment&#x2F;-&#x2F;merge_requests&#x2F;1102<p>After I left GitLab, my account was transferred over to my personal email address. I notified GitLab that I was still able to access confidential issues which were assigned to me, even though it was no longer associated with my former GitLab email address. Since they cannot figure out how to disassociate my personal account with the confidential issues, they have decided to just indefinitely block me out of my personal GitLab account until they figure out how to resolve the issue.
======
forkexec
It seems like they need to work on their termination processes to do
everything in backoffice systems all at once. As a quick fix, they could edit
the permissions DB. A better fix would be to have separate internal and
external users in different tables and a different login system to prevent
access commingling, and termination would be much easier. Then, it wouldn't
affect the public-side. If they wanted to, add an employee decoration boolean
to their public user which wouldn't cause security problems.

