219
Anyone can Access Deleted and Private Repository Data on GitHub
(trufflesecurity.com)
All about open source! Feel free to ask questions, and share news, and interesting stuff!
Community icon from opensource.org, but we are not affiliated with them.
Why would you need to control these through a mailing list? The maintainers should have accounts (I don't see the point in federating maintainers instead of just discussion, especially when this is self-hostable), and only those with permissions should be setting up labels, assignees, inline reviews, and CI. And yes, sourcehut has a UI for this, though alternatives through email commands are also available.
And no, I do not see the point of reactions. If you really need a vote, use a voting service.