PDAP Access

General

Tier
Description
Team / Access

Admin

Higher-context contributors who require write access to do their work. Members are granted access by Organizers.

  • GitHub repo write as needed

  • Discord PDAP Staff role

  • @pdap.io email if needed

Organizer

Keeping the lights on and making sure we're able to operate and access resources if one or two people leave.

Members are the board, staff, and people appointed to the PDAP nonprofit corporation by the board.

  • GitHub team admin

  • Keybase

  • LastPass

  • Crypto wallet

  • Finances

  • All Admin items

  • GSuite

Data Sources form

Some known risks

  • Spam: someone uses the form or API to submit way too much stuff in an attempt to overload us

  • Sabotage: someone uses the form or API to submit data that is rude or harmful to our mission

Some options

  • Require auth with email address (manually or with an app)

  • Require auth with something fancier like Keybase

  • Manually approve all entries before they're made public

Current solution

The risks aren't a problem, yet. In the meantime we're going to:

  • Collect email addresses on the form, optionally

  • Set up a moderation queue to approve submissions before they are made public

  • Not embed the form into a live site, only sharing the link with individuals who ask by contacting staff in any way (explaining this process in the docs)

Sharing un-approved Data Sources, sometimes

When we share a public view like this one with a specific user, we will show un-approved sources which fit into the existing filter set. The goal is to help people see the results of their submissions immediately. There is some risk of vandalism, and in general we don't but it's mitigated by these factors:

  • To the rest of the world (on our public view), it looks like we only show approved data sources, so the incentive for vandalism is low.

  • We're sharing these geographic-specific views with people who we think are serious users, and they may share it with their network; not many people will see these un-approved data sources.

  • We're still listing them as "not approved", so we are not misrepresenting them.

  • In the future we'll be able to further restrict who is able to view un-approved Data Sources; maybe they can opt in, only see sources submitted by themselves or others in their community, etc.

GitHub Actions

We often use GitHub Actions to automate tasks. The pattern for new volunteer-submitted automated utilities is that we:

  1. Create a new repository where the code will live, or a new directory in an existing repo

  2. Ask the volunteer to submit their code to the new repo, without worrying about automation

  3. Wire up the automation ourselves, once we ensure the code meets the standard

Last updated