> Fine, but we'll need to lock down our repos as they have sensitive... what's that? All repos are *public* by default?
As they have sensitive what?
There are a few cases where it does make sense to restrict access to source code, even within an organisation, but in general that strikes me as not a very good idea. Not that flagging some code "private" in an otherwise wide-open system offers any sort of real security anyway.
In my case, we're not a software organisation at all, but we do develop a bunch of in-house tools to assist in our goals. As a rule, once those are good enough quality, or after they have served their primary competitive purpose, we release them publicly as open source. Not that anyone else seem to have much of a need for them, but knowing that their work will be up for public scrutiny does make our developers write significantly better quality, better documented and more secure stuff.