I was blown away by this the other day. I do know the user's handle and started typing it, but GitHub would prefer to suggest every random person with the same first name before the actual user who is already affiliated with some of the org's other repos? Wild!
Github ux is an unmitigated disaster from an operational security perspective. In their defense, it did start out as an open-source tool. The fact that enterprises adopted it so blindly despite this is pretty interesting.
Accidentally @tagging people in private PRs is always fun too!
It does show people in your org first, but you have to search by username, not full name.
Should be trivial to fix without an UX redesign, really. 2 lines of ruby added for the org filter first.
I agree this is a real problem. If the repo is in an organization, I would like to have to check a box like “include outside users”.