Open andyblundell opened 2 years ago
otlah
commented
2 years ago Hi Andy,
We've also had feedback from NHSX colleagues in Analytics that sample and experimental code needs a home in the policy and I agree. It will still need to be covered by licences and any regulatory notices, but we'll try and find a logical home for it and figure out the right caveats.
Thanks for the comment!
wbryant
commented
2 years ago I completely agree with this - links to repos showing good practice for differing levels of complexity/size would be great too.
otlah
commented
2 years ago I've come back to this a lot, only to realise that the right way of handling it is simply to use the checklist. Everything should adopt the mandatory items, but experimental and sample applications can progressively adopt the best practice items as they develop. If folks can double check this approach that would be great.
We still need examples but I have a parallel work stream working on gathering those.
It would be useful to clarify if the position / process / level of rigour / accompanying narrative is at all different for sample apps as opposed to "real" products. For example, projects like this: https://github.com/initialspark/nhs-login-dotnet-core-example
Obviously projects like this should still be of a high quality, and if they have issues there is absolutely potential for harm - assuming people use the sample code in their own "real" products. These projects should probably feature an agreed set of words for use-at-your-own risk.
@otlah this is a to-do for myself - hope you don't mind me polluting your issue log with ill-formed thoughts :)