One of the big obstacles I see with this kind of model is the need to get security rock-solid. Any system that deals with student information is subject to federal privacy laws, and the consequences of a data leak would be pretty significant.
Any thoughts on how to deal with this? I am wondering if os projects like the one you describe could partner with an experienced mentor, but I still wonder what kind of structure you'd want to use to address liability issues.
Assuming, of course, that you have some good way to connect a user's login to the app (which is probably being delivered on the web in this day and age) with an SELinux role. Luckily, we can do that too:
While privacy issues are important, state compliance & reporting are actually the bigger challenge.
These types of systems typically track enrollments and attendance, which get reported to the state and determine the district's funding. The calculations here can be fairly wonky (i.e. some states require schools to calculate every student's attendance down to the minute) and an error could have massive consequences.
My suggestion for a project is rather than trying to replace the core database, use an API like Clever (https://getclever.com/developers/docs) to build something cool on top of the existing database. (Disclaimer - I'm a co-founder of Clever).
See below. The accounting problem is a far greater challenge that security. Interestingly school information systems are notoriously bad at security, so hitting par won't actually be that hard. Accurate accounting may be a huge challenge, though.
Either way, mentoring would be key, and no system developed vy students should be allowed into production at a scholl without a complete review. But that that's part of the process. Even in a private company/OSS project, code shouldn't be allowed into production without a review. I do have access to many people with the right skill set to be able to develop such a system on their own (my self included) in addition to the fact that I work for an information security research institution, so I have access to folks who know a whole lot more about trusted systems than I.
Of course, HS students will make mistakes, but the mentors will be there to review the work, and make suggestions, while keeping "bad code" from hitting a production system.
In the end, I'm not sure that I'm convinced that a student developed system is any different from one developed by some outside company.
assuming that the majority of the work at commercial company X is done by people who weren't long-ago HS students themselves, often with minimal training and support at their company, I agree, there's likely very little difference, other than the mistakes will be more open and easier for people to see and fix.
Any thoughts on how to deal with this? I am wondering if os projects like the one you describe could partner with an experienced mentor, but I still wonder what kind of structure you'd want to use to address liability issues.