Add DANDI governance document #204
Conversation
kabilar
requested review from
CodyCBakerPhD,
asmacdo,
bendichter,
candleindark,
jjnesbitt,
mvandenburgh,
satra,
waxlamp and
yarikoptic
Co-authored-by: Yaroslav Halchenko <[email protected]>
Co-authored-by: Yaroslav Halchenko <[email protected]>
Co-authored-by: Yaroslav Halchenko <[email protected]>
Co-authored-by: Yaroslav Halchenko <[email protected]>
Co-authored-by: Yaroslav Halchenko <[email protected]>
…into governance-doc
|
@satra @yarikoptic @waxlamp et al., I would like to make a push this week to get this pull request approved and merged. Please let me know if you have any feedback. Thanks. |
There was a problem hiding this comment.
Pull request overview
This PR introduces a comprehensive governance document for the DANDI Archive project that establishes formal structures for roles, decision-making, and contribution processes across all DANDI repositories and services. The document was generated using GPT-5 based on example governance documents from other open-source projects and then manually curated.
Key Changes:
- Added new governance document defining project structure, roles, responsibilities, and decision-making processes
- Documented maintainer teams and administrators for all major DANDI repositories
- Established formal policies for pull requests, releases, security, and amendments
- Added navigation entry in mkdocs.yml to make the governance document accessible
Reviewed changes
Copilot reviewed 2 out of 2 changed files in this pull request and generated 7 comments.
| File | Description |
|---|---|
| mkdocs.yml | Added navigation entry for the new Project Governance page under Terms and Policies section |
| docs/terms-policies/governance.md | New comprehensive governance document covering project structure, roles, decision-making, security, and community processes |
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
Co-authored-by: Copilot <[email protected]>
satra
left a comment
satra
left a comment
There was a problem hiding this comment.
some suggestions for the doc. mostly to create separation between policy and implementation.
| # DANDI Project Governance | ||
|
|
||
| Version: 1.0 | ||
| Effective Date: YYYY-MM-DD |
|
|
||
| Multiple deployments of this codebase operate as separate instances, each serving distinct research communities and datasets. The DANDI Archive instance is available at https://dandiarchive.org/, and the EMBER-DANDI Archive instance is available at https://dandi.emberarchive.org/. This document governs over the DANDI Project codebase unless otherwise specified. | ||
|
|
||
| Contributing code to DANDI repositories does not grant rights or access to the separate instances. Similarly, using the DANDI Archive or EMBER-DANDI Archive service does not require contributing to the codebase. |
There was a problem hiding this comment.
| Contributing code to DANDI repositories does not grant rights or access to the separate instances. Similarly, using the DANDI Archive or EMBER-DANDI Archive service does not require contributing to the codebase. | |
| Contributing code to DANDI repositories does not grant rights or access to the separate instances. Similarly, using any DANDI instance (e.g. the DANDI Archive or EMBER-DANDI Archive service) does not require contributing to the codebase. |
| ### 5.5 DANDI Archive Administrators | ||
|
|
||
| Responsibilities: | ||
| - Monitor service health and performance. | ||
| - Manage user accounts and permissions. | ||
| - Respond to data access requests and issues. | ||
|
|
||
| Administrators: | ||
| - @satra, @yarikoptic, @waxlamp, @mvandenburgh, @jjnesbitt, @danlamanna, @brianhelba, @kabilar, @asmacdo, @bendichter, @candleindark, @CodyCBakerPhD. |
There was a problem hiding this comment.
this seems to be a catchall and perhaps could be broken into different types of administrators. i don't think everyone here is an administrator for everything.
| - Project Leadership provides guidance on prioritization of targets. | ||
| - Public notes of these meetings are available on [Google Drive](https://drive.google.com/drive/folders/1-jXLpcrh3L650FiZyTFgcs096nZjO2C3). | ||
|
|
||
| ### 6.2 Consensus Process |
There was a problem hiding this comment.
could have a reference to sociocracy. one consideration is whether relevant voices have been heard. i.e. should the change be announced somewhere on a project roadmap or board.
| ### 8.1 Versioning | ||
| - [Semantic Versioning 2.0](https://semver.org/spec/v2.0.0.html) for APIs and libraries. | ||
|
|
||
| ### 8.2 Release Steps |
There was a problem hiding this comment.
this seems more implementation than policy. perhaps that's a consideration in going through this document to separate policy from example implementation. the implementation could be an example of some policy on how we will do it in dandi.
| - Creates a GitHub release for the tag. | ||
| - For [dandi-cli](https://github.com/dandi/dandi-cli), upon release a new version is published to PyPI. | ||
|
|
||
| ## 9. Security |
There was a problem hiding this comment.
also sociocracy principle: "good enough for now, safe enough to try".
Co-authored-by: Copilot <[email protected]>
Co-authored-by: Copilot <[email protected]>
Co-authored-by: Copilot <[email protected]>
Co-authored-by: Copilot <[email protected]>
waxlamp
left a comment
waxlamp
left a comment
There was a problem hiding this comment.
This looks good ovverall (especially as a starting point, if we wish to flesh things out later). Some comments/questions:
- The text starting in Section 6 or so becomes quite terse, with sentence fragments in bullet points expressing the general ideas associated with those concepts. I think these can use some more detail and precision.
- As I mentioned in one of the comments below, a lot of the role/responsibility/process groupings of bullet points seem like summaries or examples of that entity, rather than an exhaustive definition. This is fine, but we should be more explicit about that if that's the intent.
- What is the overall purpose of this document? If it's to bind behavior and process, then I don't think it has enough detail. If it's to transmit an overall idea of how the project runs, then I think it's useful. (I don't have enough experience with governance documents, or governance in general, to understand this fully.)
|
|
||
| - a cloud-based platform to store, process, and disseminate data. You can use DANDI to collaborate and publish datasets. | ||
| - open access to data to enable secondary uses of data outside the intent of the study; | ||
| - optimized data storage and access through partnerships, compression and accessibility technologies; |
There was a problem hiding this comment.
This line jumped out as confusing/surprising. What do "partnerships" (a social construct), "compression" (a low-level data transformation), and "accessibility" (practices for accommodating disabled people) have in common with respect to "data storage and access"?
(I can actually understand the connection between these things, but it feels odd to list them as examples of how we optimize data storage.)
| - open access to data to enable secondary uses of data outside the intent of the study; | ||
| - optimized data storage and access through partnerships, compression and accessibility technologies; | ||
| - facilities to encourage reproducible practices and publications through data standards such as NWB and BIDS; | ||
| - a platform that is not just an endpoint to dump data, but intended to be a living repository that enables collaboration within and across labs. |
There was a problem hiding this comment.
| - a platform that is not just an endpoint to dump data, but intended to be a living repository that enables collaboration within and across labs. | |
| - a platform that is not merely an endpoint to dump data, but rather a living repository that enables collaboration within and across labs. |
| 1. Openness & Transparency: Designs, discussions, and decisions are public by default. | ||
| 2. FAIR & Reproducibility: Data and code follow standards and their evolution remain open, traceable, and citable. | ||
| 3. Sustainability: Architectural and process decisions consider long-term maintainability. | ||
| 4. Inclusivity & Respect: Guided by a Code of Conduct. |
There was a problem hiding this comment.
There's a code of conduct file in the dandi-archive repo, but not in some of the others I sampled (dandi-cli, dandi-schema). Should that code of conduct be in this repo instead (and linked to from this item)?
|
|
||
| Expectations: | ||
| - Active presence. | ||
| - Adhere to conflict of interest and bias avoidance. |
There was a problem hiding this comment.
This should link to the conflict of interest section (6.2 below).
Is "bias" defined anywhere?
| - Link the associated issue. | ||
| - Add a clear description (problem, approach, alternatives considered). | ||
| - Major architectural changes require a design document. | ||
| - Add or update tests. | ||
| - Update documentation. | ||
| - Ensure CI passes. | ||
| - Large pull requests should be split unless justified. | ||
| - No introduction of unreviewed secrets or credentials. | ||
| - Verified provenance for large binary additions (discouraged in code repos). |
There was a problem hiding this comment.
This is fine as a kind of illustration of the sort of thing we expect from PR contributors, but some of it is so vague as to not be very useful (what is "verified provenance" for a large binary addition, and if it's discouraged, why mention it?)
Generally, the roles and requirements sections feel vague in this way. Maybe we can add language explaining that such lists "include, but are not limited to" the mentioned items.
| - If a comment cannot be resolved, the Project Leadership would be enlisted to decide on the path forward. | ||
| - Approval by at least 1 listed Maintainer for that repository. | ||
| - 24-hour waiting period (unless addressing a critical issue or trivial issue [e.g. typos]). | ||
| - See section below regarding updates to the Governance document. |
There was a problem hiding this comment.
| - See section below regarding updates to the Governance document. |
This doesn't feel like it belongs here, unless I'm missing something. What does the amendment process have to do with the merge policy?
6 participants
Effective DateStatus