Skip to content

Minutes 28 Sep 2023

Jump to bottom
Paul Albertella edited this page Oct 4, 2023 · 1 revision

Host: Paul Albertella

Participants: Igor Stoppa, Sebastian Hetze, Pete Brink

Agenda

Actions from last week

  • Igor has arranged a session at the Workshop
  • Sebastian has started looking at the quantitative and probabilistic methods

Igor has read PAS 8926 - clarification of ‘qualification of pre-existing software’ clauses in ISO 26262 - section 8-12. Seems to frame the requirements more clearly, but that doesn’t necessarily make the process simpler.

  • Pete: Challenge is how to persuade open source projects / communities to adopt processes that would satisfy the objectives of the standards.
  • Paul: Unrealistic to expect projects like Linux to adopt these practices in order to satisfy safety standards, because most of the developers / users don’t care about safety
  • Perhaps better to think about how to apply these process to the use of Linux and other FOSS in a given context

Igor: To effect change in such projects, you first you need to be able to describe the problem

  • Explain how it could be better for you, in such a way that it doesn’t interfere with their goals and/or require them to do a lot of work
  • Paul: Activation energy required to effect change to how project work can be very high
  • Igor: This approach requires us to establish why change is necessary in a way that the community members can grasp
  • Pete: Can be hard to do this if the people we are trying to change lack an engineering perspective

Sebastian: Xen hypervisor is on a path to certification - can this provide a basis for arguing that Linux can be safe in a particular context?

  • e.g. Define a ‘minimal scope’ Linux configuration that restricts it to a ‘core’ set of functionality
  • Paul: Current architecture of Linux may not be amenable to this - complexities and inter-dependencies make it difficult to completely disentangle to ‘core’ from the ‘complex’
  • Igor: Going after a specific technical problem that is unavoidable as a risk may help to confront this kind of issue

Pete: My main concern is device drivers

Igor: Fundamental problem is about isolation within the kernel, but may also have concerns about the relative quality of different components

Clone this wiki locally