Organizational vs. Personal Git Accounts?

We encourage users to post events happening in the community to the community events group on https://www.drupal.org.
attheshow's picture

For contributing to Drupal, are there any organizations out there that ask individual developers to use an organizational Git account (vs. a personal Git account) to make commits to projects? Are organizational accounts common in the Drupal community? Why or why not?

If you do use an organizational account, how do you (or they, if speaking of another org.) go about managing multiple Git identities on the local environment? Would you do this by just committing as yourself to internal projects and then committing as the org. account to a contributed project?

Comments

The drupal.org project

greggles's picture

The drupal.org project requires that accounts are not shared, so it would be inappropriate to use the same account to commit to drupal.org.

It would be acceptable to create an account like "libraryname-personname" if the intention is to let the library maintain credit and control for the work. They could mandate that the email address used for that account is from the library which they could then control (e.g. with the lost password feature) if the person leaves that organization.

The idea you have for committing to a central repo and having one person contribute that publicly could work too, but it feels like it honors the letter of the rule and not the spirit.

I don't see a real motivation to want to do this.

Thanks Greg!

attheshow's picture

Thanks Greg!

Mark W. Jarrell
Online Applications Developer
Richland Library
http://www.richlandlibrary.com
http://fleetthought.com
Twitter: attheshow

Reading someone post my code

kreynen's picture

Reading someone post my code as if was theirs what could I do? and this thread today, I'm going to respectfully disagree with @greggles.

I think organizations can AND SHOULD structure their contributions in a way that meets both the letter and the spirit of Drupal's policies and still allows then to retain control.

I have some experience with what happens when there is no planning for module/project "ownership" changes and the funding/goals/people involved in a project change. If I was starting a project for an organization and that wanted to openly share contributions but retain some control, I'd create the project nodes with an organizational level account (only used by 1 user) and then grant each developer maintainer rights to the project with their normal D.O. user. The changes that were made to the Project module during the CVS->Git transition made it much easier for non-developers to manage projects on Drupal.org. There are no special skills or software required to grant and remove permissions for developers to commit to a project on Drupal.org. You don't need to know anything about git to give a developer access to commit updates to your project.

As an organization, if you ask developers to create the project nodes for their contributions with their user accounts, they own the project management interface. If they want to take the project/module in another direction, as the owner of the project node it is easy for them to do that regardless of who funded the initial development.

@greggles Is there more to the no sharing accounts policy beyond the warning on the registration page of drupal.org?

All user accounts are for individuals. Accounts created for more than one user or those using anonymous mail services will be blocked when discovered.

While it's clearly stated you shouldn't have more than 1 person logging in with the same accounts, AFAIK there is nothing in the current policies that make Drupal.org accounts non-transferable nor is there anything preventing an individual from having more than one Drupal.org account. You don't have to search very long to find accounts that represent something other than an individual (unless you believe companies are people too)...

http://drupal.org/search/user_search/LLC
http://drupal.org/search/user_search/INC.
http://drupal.org/search/user_search/Foundation
http://drupal.org/search/user_search/University

While many of those accounts have a unique first and last name of an actual person, many were obviously created to represent an organization. I'm not going to call out specific accounts, but a number of these organization accounts commit to full projects. When it comes time for a code review, having an account owned by Mr. Inc doesn't seem to prevent promotion from sandbox to full project/module so the enforcement of the policy as it's written is already inconstantly enforced.

I think organizational accounts are a good thing and I would like to see the "no sharing" policy clarified to specifically allow them.

Of course the opposite of everything I'm staying is also true. If you don't want a single organization or developer to control the direction of a project, do NOT let everything be managed by accounts "owned" by a single organization.

The dependency on module namespace only defined by Drupal.org and polices the discouraging forking make Drupal.org very different environment than GitHub. We need polices that respect both the fact that developers see commits of good code as currency and that organizations funding projects would like to retain some control.

IMHO, clarifying that transferable, organization accounts ARE allowed on Drupal.org as long as they are only used by 1 user at a time is an easy way to achieve both goals.

I think we agree more than

greggles's picture

I think we agree more than your comment's opening suggests ;)

In general policies like this are created by a common-law style process in the webmasters and infrastructure queue: when they are needed and only if there is a pattern requiring it. There have been several cases of accounts being blocked if they are used by more than one person or if one person actively uses more than one account for a malicious purpose (i.e. sock-puppet accounts).

Examples of people who break the rules in non-malicious ways seem pretty irrelevant to me, especially in a volunteer-moderated website.

I'm not aware of any instances of someone wanting to transfer an account that were blocked (or allowed). I think it's open territory and unless folks can think of a reason to prevent transferring accounts it is likely to be allowed.

Edited first sentence for clarity.