Team / Access
Higher-context contributors who require write access to do their work. Members are granted access by Organizers.
Keeping the lights on and making sure we're able to operate and access resources if one or two people leave.
Members are the board, staff, and people appointed to the PDAP nonprofit corporation by the board.
- Spam: someone uses the form or API to submit way too much stuff in an attempt to overload us
- Sabotage: someone uses the form or API to submit data that is rude or harmful to our mission
- Require auth with email address (manually or with an app)
- Require auth with something fancier like Keybase
- Manually approve all entries before they're made public
The risks aren't a problem, yet. In the meantime we're going to:
- Collect email addresses on the form, optionally
- Set up a moderation queue to approve submissions before they are made public
- Not embed the form into a live site, only sharing the link with individuals who ask by contacting staff in any way (explaining this process in the docs)
We often use GitHub Actions to automate tasks. The pattern for new volunteer-submitted automated utilities is that we:
- 1.Create a new repository where the code will live, or a new directory in an existing repo
- 2.Ask the volunteer to submit their code to the new repo, without worrying about automation
- 3.Wire up the automation ourselves, once we ensure the code meets the standard