2024-12-26 - 04:16

Dates and Events:

OSADL Articles:

2024-10-02 12:00

Linux is now an RTOS!

PREEMPT_RT is mainline - What's next?


2023-11-12 12:00

Open Source License Obligations Checklists even better now

Import the checklists to other tools, create context diffs and merged lists


2023-03-01 12:00

Embedded Linux distributions

Results of the online "wish list"


2022-01-13 12:00

Phase #3 of OSADL project on OPC UA PubSub over TSN successfully completed

Another important milestone on the way to interoperable Open Source real-time Ethernet has been reached


2021-02-09 12:00

Open Source OPC UA PubSub over TSN project phase #3 launched

Letter of Intent with call for participation is now available



OSADL Seminar on Software Patents and Open Source Licensing

OSADL Legal Seminar 2016 - Aspects of licensing Open Source software in the context of safety and security certification

Case 4 - Own release of FOSS safety software (Eigenes Release von FOSS Safety-Software)

A manufacturer of industrial controllers participated in the SIL2LinuxMP project of the OSADL and prepared an add-on patch for the Linux kernel as part of the associated development activities. The add-on contains a safety framework that bundles a number of components. These components are necessary for the operation of a Linux kernel which has to be certified as being functionally secure and safe. Many functions of this framework are largely independent of the respective version of the Linux kernel and can even be used with a different operating system (with delta certification) after a slight adaptation has been made. Programming was carried out in strict adherence to the guidelines of a standard-compliant development procedure and separate certification was sought and won for the framework, which then received SIL2 certification. The GPL-2.0 was selected as a license.

Since the developed and certificated safety framework could not be expected to be merged into the mainline kernel in the foreseeable future, the manufacturer decided to make the patch available on its website. In compliance with the requirements of the certification authority, the manufacturer offered prospective customers the chance to set up a communication channel during download of the software. The channel was to be used to provide information about programming errors discovered at a later point in time. Software users could customize the given communication data themselves to ensure that the error reports always will reach the user – if the user so desired. This was also in compliance with the requirements of the certification authority.

After some time, the manufacturer received the following request:

“Dear Sir/Madam,
We use the safety framework supplied by you and we would now like to share it. We are familiar with the standardization authority’s official requirement, which is to prepare a channel for the communication of programming errors discovered at a later point in time. However, we do not fully comprehend the mutual obligations of SIL2 certification and
GPL-2.0. Do we have to set up this communication channel ourselves? If so, this is probably a violation of Article 6 of the GPL-2.0, which states, “You may not impose any further restriction” etc. And if not, the requirement of the certification authority would not be complied with. Would the framework therefore lose its certification, if we were to pass it on without the communication channel? May we use the communication channel you have set up? If the answer is yes, can we rely on that? Please let us know.”

How should the manufacturer respond?

Answer
(Please note that the answer is only available when logged in as OSADL member.)

Case 1    Case 2    Case 3    Case 4   Case 5    

Best practices I                  Best practices II