Authorization

Question

Authorization

Closed this issue 2 years ago · 4 comments

Who gets to approve pull requests? Institutional level repositories?

Answer 1 · 2014-11-06T21:48:07.000Z

Yeah I think we might need to look at putting this at institutional repositories. Any thoughts from others?

Answer 2 · 2014-11-06T23:05:18.000Z

Having a separate repository for each institution makes a lot of sense. Each institution should be able to curate their own metadata and it shouldn't be possible to munge another institution's metadata.

However, given that most of the value of a metadata repository is in having the holdings of multiple institutions available (hopefully easily), I think this requires careful thought to avoid adding too much friction to the process of collecting/searching across institutions.

Does having multiple institutions under the same "Organization" work in terms of authorization? At some level, some one or group of some ones will have to determine how the metadata is collated...it's just whether that is determined in GitHub or by some external document/mechanism.

Answer 3 · 2014-11-07T02:05:57.000Z

I like the idea of having individual repositories under one organization. It provides on place to go for access of the metadata and individual repositories can be managed by their respective institutions. Having one place to (organization) lends weight to this as a collaborative effort.

Answer 4 · 2014-11-18T17:48:33.000Z

An alternative would be the open open source project - allowing many owners as long as simple contribution rules are followed. Besides the one issue of accidental deletion, organizational anarchy has worked very well in practice - for instance, see osmlab.