Goal: On a per organization / user account basis the default access level of a newly created repository should be configurable to be either default or private.

Problem: As of today, new repositories are private by default. Making them public is an extra step and currently unnecessarily hard to automate via the REST API.

Why is this important:

Especially on public container registries the model to simply push content and have it accessible is common and expected. With Quay's default new repositories are not publicly accessible by anonymous pulls. The owner needs to explicitly enable it after the initial push which is easy to forget and requires additional effort in case the push happens as part of an automation system like CD pipelines.

Dependencies (internal and external):

Prioritized epics + deliverables (in scope / not in scope):

• As an owner of an organization I can change the default visibility of any newly created repository to either private or public
• The above change does not impact existing repositories
• The default setting should still be "private" for new and existing organizations

Estimate (XS, S, M, L, XL, XXL): M

Previous Work: n/a

Options:

• Feature Flag to disable this setting and enforce private to be the default system-wide