As explained orally to @moranegg, T1131 is not enough (it is for hal though).
Generically, a deposit could take place in multiple metadata requests (as long as the deposit status stays 'partial').
It depends on how the client does the deposit.
At the moment, implementation wise, we aggregate naively the content of the metadata [1].
In effect, we could lose information if multiple requests provides the same field key time and again.
At least, with the recent refactoring to read metadata (D381), this is to be fixed once.
We need to fix this by being smarter when aggregating metadata.