- From: David I. Lehn <dil@lehn.org>
- Date: Thu, 10 May 2018 13:39:34 -0400
- To: me@harshp.com
- Cc: Pemanent Identifier CG <public-perma-id@w3.org>
On Wed, May 9, 2018 at 3:32 PM, Harshvardhan J. Pandit <me@harshp.com> wrote: > Apologies if this has already been addressed in a previous thread. > My concern is regarding claiming a subdomain, /ADAPT in this case, > and later someone 'other' who is not from the ADAPT research group > submitting a pull-request to modify its contents. > Since most people do not use their work/org email ID with Github, but rather > a personal one, how would this be resolved? > Is there an existing policy that exists that I can share with my research > group to alleviate these concerns? > If not, should there be such a policy? > We've never built out an official access control system or policy. At the moment it's just a handful of us merging PRs and is done by our best judgement. That's part of the reason we started to ask for contact info in READMEs so we'd have some way to resolve issues beyond github account names. Since this system isn't too big yet, it's not been that big a deal to check if PRs come from a github account that had other commits to the same files. In a few cases it takes a minute or two of research to realize an unrelated party is participating in the same upstream project. I think I've only had one PR where I had to ask if a commit was ok. I imagine we could improve this process somehow. If anyone would like to work on an access control policy or guidelines, please do so and make a PR. I'd rather not see this all become too complex at the moment, but a possible future system could add some file or dir meta data with access control rules. And we could have automated PR advisory checks that use that data. Seems like a bunch of work that's not needed yet, but if anyone is interested, let's discuss. -dave
Received on Thursday, 10 May 2018 17:40:20 UTC