In my opinion, this comes very close to "censoring" content.
That's great that GitLab believes in responsible disclosure, but that doesn't mean that everyone does or that you get to force your beliefs on your users or customers.
If you do in fact plan to censor content then you need to be very clear about that up front and identify what types of content you will not permit.
I'm glad that GitLab has done a 180 and reinstated the content. In the future, I hope they will fully think through any decisions to pull down content that they don't "agree with". I do give them credit for recognizing they made a bad call and admitting to it.
It seems to me their TOS covers this sort of thing. It's not some platform with free-speech rights, it's content hosting with limited liability and legal caution.
All I am saying is that they should identify what types of (otherwise legal or permitted) content they will not permit to be hosted on their platform. It is implicit that illegal content will be removed but that's not what I'm referring to.
For example, if a web host doesn't want to host the KKK's web site then they can absolutely refuse to serve them. If $webhost's religious CEO doesn't want to host content related to gambling, well, that is their right. If Amazon doesn't want to host Wikileaks, they don't have to. I just wish companies would state what content they don't permit instead of using a term like "objectionable" or "unacceptable" and interpreting it however they like from day-to-day.
I'll admit that I haven't read all of their various Terms and Policies in their entirety (there's a lot of them!) but I did skim through them and didn't see anything other than the usual mentions.
This is also why there are people whose jobs it is to interpret said laws as they apply to specific circumstances (judges), and they also don't always agree with each other.
There's nothing wrong with censorship. It's just a matter of choosing (and being able to choose (which as a father I have Views on)) which censor.