CUNY Academic Commons

Our new dev site https://cunyac.reclaimhosting.dev/ is a copy of our old cdev site, which itself was built from a partial snapshot of the production Commons long ago. So, we started with some real data, and over the years have accrued a lot of "fake" data on top of it. This was more or less OK on the old setup, where the dev site was not available via public DNS (though it used to be! remember cdev.gc.cuny.edu?). But with this new setup, we should take some technical and procedural steps to avoid problems. A few initial thoughts:

1. Most/all existing data on the site should be removed. It's going to be a pain to remove piecemeal, so I'm thinking of the following: Delete all groups; delete all user accounts except those belonging to the people on this ticket; delete all sites. Does this seem reasonable to others?

2. Ensure that email is configured in such a way that we cannot accidentally send to people who should not get the emails. Currently, there's a block in place that prevents emails going from cdev to any email address not associated with a member of the Commons team group. This is an OK solution for most cases (though it would require keeping the Commons team group - see item 1 above). But it makes it difficult/impossible to test certain types of email invitations, as well as the full registration process. So perhaps we need a different approach. Maybe, once all "real" data is scrubbed from the system, this becomes a moot point: there won't be any actual email addresses in the system, aside from those belonging to our team, so there's no real risk of emails actually going out to members. If that reasoning seems right to others, then I think we can simply allow emails to any address.

3. Come up with a set of protocol for what should and should not be posted on the dev site. This will mostly be about real member data - names, photos, etc.

What have I missed? Do others have thoughts before I move forward with 1 and 2?