publicgoods-candidates icon indicating copy to clipboard operation
publicgoods-candidates copied to clipboard

Published 20 hours ago verified publisher icon DPGAlliance

Add DPG: Aajeevika

Open dpgabot opened this issue 3 years ago • 6 comments

Automatic addition of a new digital public good submitted through the online form available at https://digitalpublicgoods.net/submission

dpgabot avatar Jan 22 '22 15:01 dpgabot

Checklist for conducting technical review against DPG Standard:

  • [x] Clear Ownership
  • [ ] Platform Independence
  • [ ] Documentation
  • [x] Mechanism For Extracting Data
  • [x] Do No Harm By Design
  • [x] Data Privacy & Security
  • [x] Adherence to Standards & Best Practices
  • [x] Adherence to Privacy and Applicable Laws
  • [x] Inappropriate & Illegal Content
  • [x] Protection From Harassment
  • [x] Development & deployment countries

nathanbaleeta avatar Jan 25 '22 11:01 nathanbaleeta

Currently unable to assess platform independence indicator until detailed installation guide is provided. However while browsing the source code noticed Firebase messaging as one of the dependencies:

  • https://github.com/undpindia/aajeevika/blob/main/src/public/firebase-messaging-sw.js

nathanbaleeta avatar Apr 07 '22 07:04 nathanbaleeta

Currently unable to assess platform independence indicator until detailed installation guide is provided. However while browsing the source code noticed Firebase messaging as one of the dependencies:

  • https://github.com/undpindia/aajeevika/blob/main/src/public/firebase-messaging-sw.js

Firebase is used for sending push notifications. For example: when a buyer places an order, the seller gets a push notification. Similarly when seller send the order to collection center, the collection center and buyer receives the push notification.

nathanbaleeta avatar Jul 26 '22 10:07 nathanbaleeta

  • The documentation is unstructured and uploaded via a .docx file (not a Documentation good practice)
    • A wiki in the same repository could make the documentation more approachable.
  • The dependency on Firebase makes the application not Platform Independent
  • The test cases suggests that there is an Android mobile application. The source code is only available for PHP backend

Cc: @davidnjagah

iperdomo avatar Jul 26 '22 14:07 iperdomo

@nathanbaleeta we should also notify the team that including API Keys in the source code is a security problem, e.g. https://github.com/undpindia/aajeevika/search?q=FIREBASE_API_KEY

iperdomo avatar Jul 26 '22 15:07 iperdomo

Thanks @iperdomo for the review, i will get in touch with the team and see how the specified changes can be made.

david-njagah avatar Sep 15 '22 09:09 david-njagah

Digital solutions that previously applied through the legacy process and didn't conclude their application are requested to re-submit their application via the new DPGA nominations portal. I'm closing this PR as per the archiving policy.

ricardomiron avatar Feb 13 '23 01:02 ricardomiron