provide temporary access to a private repo, to allow peer-review process

Issue #3428 wontfix
Giovanni Dall'Olio
created an issue


I am in the process of submitting a manuscript to a peer-reviewed journal. My problem is that I want to provide the reviewers a way to access a private repository on bitbucket, without making the repository public before publication and without knowing their identity.

All the scripts and datasets used in the analysis described in the paper are available as a hg repository on mercurial. Since it contains datasets that must remain private until the manuscript is accepted, the repository is private and its access is restricted. I plan to set the repository as public after publication; but if I cannot do it now, as I need to prove that the data submitted is novel.

The problem is that if I keep the repository private, the reviewers will not be able to check it. I can not grant them access to a private repo, because I can now know their names.

So, I am asking if there is an official way to provide a temporary access link to a private repo. I can create a new bitbucket account, provide it access to the repository, and provide the access information to the reviewers... but I am not sure if that would break your Terms of Usage.

Comments (3)

  1. David Chambers

    Interesting predicament, Giovanni. I'm thrilled to see Bitbucket being used in such an unusual way. :)

    If you know the e-mail addresses of the reviewers, you could send an invitation to each (there's an “invite” link in the repo header). Failing that, your clever workaround is probably your best bet. There's no requirement that an individual have access to just one Bitbucket account, or that an account be accessible by just one individual.

  2. Dylan Etkin

    Hi Giovanni,

    I think that davids idea of using invitations or granting temporary access to the repo is the best way to go.

    We may end up supporting deployment keys at some point (there is already and issue for that). These would allow you to read the repo with a URL that has a unique key in it. But we do not plan on supporting temporary write or admin access.



  3. Log in to comment