For reference, there was a very telling comment by user jahlove about how Gitlab could be so out of touch (https://news.ycombinator.com/item?id=21349591):
> But someone up the chain of command thought we could get away with it
That person is Paul Machle (CFO):
"I don’t understand. This should not be an opt in or an opt out. It is a condition of using our product. There is an acceptance of terms and the use of this data should be included in that." 
That GitLab comment thread is very telling. Basically, here is what happened:
1. It's clear engineers had concerns about the feature, wanting it to at least have an opt-in.
2. But then the CFO, who clearly does not anticipate the backlash this will cause, basically just gives an "tough shit" response.
3. What's scariest IMO, though, is that the Scott Williamson, VP of Product, then replies "@cciresi if we follow Paul's guidance and just make this part of our terms and conditions, are we covered legally?"
I've seen this at many organizations in the past. It's generally called the HiPPO problem - the Highest Paid Person's Opinion. The CFO wanted this done (obviously for financial reasons, he's the CFO after all), but the VP of Product, who should be more "in the weeds" in terms of having the pulse of the customer, instead deferred to the CFO and tried to appease his desire.
Gitlab, I think your organization is off track. You need to make a broader statement that shows you have a real understanding of the problem than just "Oops".
(For the record: I don't know this person, I am not this person, I'm pretty sure I don't know anyone at GitLab at all.)
1. First, the info is totally public and easily viewable in any case.
2. I think there is a danger in just saying "It was an organizational decision." When everyone is "responsible", then no one is. And in addition, both of the people mentioned are senior execs at the company. Having to deal with public scrutiny is one reason they get paid more.
I do give GitLab a lot of credit for being transparent, and for (at least for now) backing off this decision. But I hope they are able to do a deeper root cause analysis of what went wrong. While obviously on a whole other order of magnitude, Boeing didn't fuck up because MCAS was a faulty piece of software, they fucked up because they let financial concerns take precedence over engineering ones.
EDIT: one other thing, since I brought up 2 folks who I think made poor decisions, I should have pointed out Lukas Eipert (@leipert), who was the engineer who originally brought up his strong objections. Even more telling, when Eipert was asked to re-review the code change, he explicitly asked to be taken off the review - his sentiment was clear.
(I wrote more about this:
When faced with bad intentions, it is imperative that a community name offenders. It is, as others replied, an important distinction for accountability.
1) Fortune 1000 companies and the government will never accept this. I need to make sure the product team is designing a way to allow these customers to shut this off.
2) This is more risk than we will gain from tracking individual customers. We can't afford to indemnify our customers against these third-party tools. How will we address GDPR, CCPA and future regulations if we don't allow an opt-out?
Yes, I did copy the posting of Paul Machle's name, and as a senior executive (likely worth at least 10s of millions at Gitlab's last valuation), he has a lot of responsibility here, and he should own up to his mistake.
But the point is still not to "blame" it on one or a couple people. If you look at that GitLab comment thread, it's clear that many GitLab employees had strong objections to the change: "I hereby declare my highest degree of objection to this change that I can humanly express." and "I agree with @leipert moral wise, I'm not happy with this change". So the question is why the company made the decision that ignored the right people and followed the wrong people (hint, it's HiPPO).
Firing Paul Machle won't fix GitLab's problem. GitLab needs to figure out how to change its culture so that it listens to the right people, even if they're not the highest paid.
He is choosing to go override his engineers moral and legal objections in the hopes that it will make his stock go up in value by a few percentage points. This kind of greed motivated behavior is at the heart of nearly every evil brought upon society by silicon valley.
Do I expect my post to actually affect Paul Machle in any way? Probably not, but I really hope it does. Society will be better off without these greed-at-any-cost types having positions of power.
I think the officers should be scrutinized more than a lower level engineer. They are the leaders and set the tone fore the company culture
I agree with hn_throwaway_99, this is very concerning as to what path the company is on. But, I'll give them credit for realizing the error & trying to correct it.
That being said, I love GitLab's product. We use it in my workplace, but we self host the comunity edition, so this wouldn't have effected us.
I dont imagine I will ever be more than a CE level user, even in personal projects, but I can imagine the panic this caused for many companies on the hosted enterprise version.
We looked into making it public at 4:05pm but by then it already had confidential security information and customer names in it.
There will be multiple lessons, right now we've identified 15 points to evaluate and 9 people contributed to the document.