PDAP Access


Team / Access
Higher-context contributors who require write access to do their work. Members are granted access by Organizers.
  • GitHub repo write as needed
  • Discord PDAP Staff role
  • email if needed
Keeping the lights on and making sure we're able to operate and access resources if one or two people leave.
Members are the board, staff, and people appointed to the PDAP nonprofit corporation by the board.
  • GitHub team admin
  • Keybase
  • LastPass
  • Crypto wallet
  • Finances
  • All Admin items
  • GSuite

Data Sources form

Some known risks

  • Spam: someone uses the form or API to submit way too much stuff in an attempt to overload us
  • Sabotage: someone uses the form or API to submit data that is rude or harmful to our mission

Some options

  • Require auth with email address (manually or with an app)
  • Require auth with something fancier like Keybase
  • Manually approve all entries before they're made public

Current solution

The risks aren't a problem, yet. In the meantime we're going to:
  • Collect email addresses on the form, optionally
  • Set up a moderation queue to approve submissions before they are made public
  • Not embed the form into a live site, only sharing the link with individuals who ask by contacting staff in any way (explaining this process in the docs)

GitHub Actions

We often use GitHub Actions to automate tasks. The pattern for new volunteer-submitted automated utilities is that we:
  1. 1.
    Create a new repository where the code will live, or a new directory in an existing repo
  2. 2.
    Ask the volunteer to submit their code to the new repo, without worrying about automation
  3. 3.
    Wire up the automation ourselves, once we ensure the code meets the standard