Funding for this research was provided by:
H2020 European Research Council (834540, 947735)
Article History
Received: 19 December 2023
Accepted: 22 April 2024
First Online: 6 May 2024
Declarations
:
: The data collection process was approved by the European Research Council as part of running reviews of the overall project of which this research forms part.Following the minimization principle of the General Data Protection Regulation (GDPR), we only collected data related to dependencies and metadata needed for the study on public repositories and users.Based on the size of GitHub, and the wide recognition of such public repositories as part of a public online forum, it is reasonable to assume that users do not consider GitHub as a private space, which would require a different ethical consideration []. However, we do identify particular owners, and also manually annotate their information. As a number of these owners are individuals, we consider our data as personal data according to GDPR. As such, we have followed the requirements concerning personal data collection and storage.Because of size of the data-set and the nature of the data, it was impossible to inform data subjects of the study directly. Instead, we mitigate this by publishing the data processing on the research project website, in accordance with GDPR protocols.Further parts of this evaluation rest on the basis that the data processing was evaluated as non-intrusive, and we also anonymize names of individual repository owners that we refer to in the paper.
: The authors declare that they have no competing interests.