Open sachalau opened 1 day ago
welcome[bot]
commented
1 day ago 🥳 Thank you for your interest in contributing to WHO open source projects. If you've followed our instructions in README.md we will reach out to you soon with further instructions! :tada:
sigdelsanjog
commented
1 day ago Hi @sachalau
This is such a noble project your team is working on. Would like to have a conversation if there are any opportunities to contribute in the project. I would like to contribute to the open source project in following areas:
I am a contributor to the Kathmandu University Open Source Community at Kathmandu University, Nepal and a faculty member at Department of Computer Science and Engineering. With a mix of four and half years of academic and seven plus years of experience in Software Engineering industry as a Software Engineer, Project/Product Manager Linkedin: sigdelsanjog Email: sanjog.sigdel@ku.edu.np Github: sigdelsanjog
Category of support requested:
Type of support proposed:
Additional context or information about the project:
Dear WHO OSPO,
Thank you for creating the wealth of resources and leading the adoption of open source principles at the WHO.
I am a scientist working at FIND (www.finddx.org) and I have been developing in collaboration with the WHO Global Tuberculosis programme (https://www.who.int/teams/global-tuberculosis-programme) a portal designed for assisting the community into identifying new antimicrobial resistance markers from DNA sequencing data in tuberculosis (https://tbsequencing.who.int).
In alignment with our donor's philosophy, we would like to open source all code sustaining the resources, so that country and local health programmes that have expressed interest can replicate the set of tools that we have developed for their own needs. I have had previous meetings with colleagues at the WHO IMT to start the initial conversation and both WHO IMT and I had identified that the WHO OSPO could provide some guidance on a proper open sourcing of the resources.
Our resource is composed of different layers. Our infrastructure configuration is implemented using terraform (the solution relies on one of the main public cloud providers), our backend using Python Django and our frontend ReactJS.
Of course, one critical component to consider are the security implications, because open sourcing could provide attack surface(s) to antagonists. We have consulted with our partners maintaining the cloud resources and we have agreed on the following steps to complete before open sourcing:
During development, we have tried to apply most recognized best practices regarding cybersecurity, and have been careful in never using hard coded secrets into our code. We have also used static code analysis to identify potential security concerns.
We have not yet chosen a license. One other thing I was wondering was whether our future remotes that will hold the cleaned out, validated code for our different repositories, could live at the WHO GitHub organization. At the moment, our remotes live in two different places, one being FIND's GitHub organization, and the other one being our partners maintaining the cloud resources' Bitbucket.