Privacy and security

[polyccon]

The issue currently is that anyone who wishes to partake in the PyData meetup needs to have a profile on the meetup website using his real name and surname. It would be better for reasons of privacy on the web as well as security, if someone can sign up using non personal identifiable data, or alternatively and possibly a simpler solution make the list of participants private.

[pt247]

Thanks for the suggestion @polyccon

In the first iteration:

1. We need to read a name_exceptions.csv file with 2 fields ‘Meetup Name’, ‘Real Name’
2. Change the validation to accept invalid names if it is in the name_exceptions list.
3. Write a separate a cron job to send the list of attendees to the relevant people. (Please note this list should not be hardcoded in the code but live in the .evn file on the server.)
4. Ensure that this corn job runs around 4:30 PM on the day of the event.

This way we automate one more repetitive task and take care of Privacy.

Suggestions, comments, volunteers?

[aktech]

@pt247 The approach looks good to me, with a minor change in the first step:

• We need to read a name_exceptions.csv file with 2 fields ~Meetup Name~, Meetup User Id ‘Real Name’

As two people can have same meetup name.

[polyccon]

I'd like to add an in progress label but don't have access. Two questions:

• Is the name_exceptions_list the only source of attendees or as it's name says an additional source, in which case current validation that removes spam names should be kept and
  • The final output of the run_ballot should be a file with names for the cron job?

[aktech]

@polyccon I have added the in-progress label.

I was wondering that couldn't this problem be solved by using non-real names like: "John Doe", "Jane Doe", "Jahne Doe"?

[AaronCritchley]

Fake names cannot be sent to the host, or if they were, the attendee would need photo ID with that fake name, which I think is a bad idea and not something we should encourage.

To answer @polyccon's questions.

Is the name_exceptions_list the only source of attendees or as it's name says an additional source, in which case current validation that removes spam names should be kept and

The name_exceptions_list is not a source of attendees, it's just a mapping from meetup id -> person for those who do not have their full, real name on meetup.com. Current validation should be kept, but if somebody fails the check, there should be a lookup on their ID to see if their meetup id is present in the exceptions file.

The final output of the run_ballot should be a file with names for the cron job?

IMO, no. run_ballot should move the attendees onto 'Going' on the meetup page up to the meetups capacity. At 16:30 (or whatever time is deemed suitable), a separate script should be ran which will download the attendees from meetup, enrich with the meetup id -> real name mapping where provided, and email that new, enriched file to our hosts.

Let me know if you would like any more information or if there is anything I can help with and I will be happy to do so! 😄

[polyccon]

I've done the first part but was unable to authenticate to push the changes with a 403 response from github. I'm looking into the 2nd part but may need some credentials to use for development.

[AaronCritchley]

Creating your own fork of the repo and pushing to that is usually the easiest way to develop, here's a guide - https://guides.github.com/activities/forking/

Let me know if anything isn't clear and I'll be happy to help

[kynan]

@polyccon I invited you to the PyDataLondon organisation but that invite is still pending. Once you accept it you will be able to push to the main repository, however please make changes in a branch and send a pull request (which you can do from your own fork just as well if you prefer as @AaronCritchley suggested).

[polyccon]

Thank you I hadn't gotten a notification for the invite all good now. I have a question about the 2nd part for the script: there's a function get_member_ids_from_rsvps from ballot.py so I guess I'd be using that to start..? Can I also get the meetup_key so I can develop or do you have another suggestion