Dates and Events:
|
OSADL Articles:
2023-11-12 12:00
Open Source License Obligations Checklists even better now
Import the checklists to other tools, create context diffs and merged lists
2022-07-11 12:00
Call for participation in phase #4 of Open Source OPC UA open62541 support project
Letter of Intent fulfills wish list from recent survey
2022-01-13 12:00
Phase #3 of OSADL project on OPC UA PubSub over TSN successfully completed
Another important milestone on the way to interoperable Open Source real-time Ethernet has been reached
2021-02-09 12:00
Open Source OPC UA PubSub over TSN project phase #3 launched
Letter of Intent with call for participation is now available
2017-09-12 12:00
OSADL project to create Open Source license checklists
Facilitate Open Source software delivery |
HOT - Heidelberg OSADL Talks 2024 (online event)
OSADL Networking Day 2024 in Heidelberg, Germany
OSADL Legal Seminar 2016 - Aspects of licensing Open Source software in the context of safety and security certification
Case 4 - Own release of FOSS safety software (Eigenes Release von FOSS Safety-Software)
A manufacturer of industrial controllers participated in the SIL2LinuxMP project of the OSADL and prepared an add-on patch for the Linux kernel as part of the associated development activities. The add-on contains a safety framework that bundles a number of components. These components are necessary for the operation of a Linux kernel which has to be certified as being functionally secure and safe. Many functions of this framework are largely independent of the respective version of the Linux kernel and can even be used with a different operating system (with delta certification) after a slight adaptation has been made. Programming was carried out in strict adherence to the guidelines of a standard-compliant development procedure and separate certification was sought and won for the framework, which then received SIL2 certification. The GPL-2.0 was selected as a license.
Since the developed and certificated safety framework could not be expected to be merged into the mainline kernel in the foreseeable future, the manufacturer decided to make the patch available on its website. In compliance with the requirements of the certification authority, the manufacturer offered prospective customers the chance to set up a communication channel during download of the software. The channel was to be used to provide information about programming errors discovered at a later point in time. Software users could customize the given communication data themselves to ensure that the error reports always will reach the user – if the user so desired. This was also in compliance with the requirements of the certification authority.
After some time, the manufacturer received the following request:
“Dear Sir/Madam,
We use the safety framework supplied by you and we would now like to share it. We are familiar with the standardization authority’s official requirement, which is to prepare a channel for the communication of programming errors discovered at a later point in time. However, we do not fully comprehend the mutual obligations of SIL2 certification and GPL-2.0. Do we have to set up this communication channel ourselves? If so, this is probably a violation of Article 6 of the GPL-2.0, which states, “You may not impose any further restriction” etc. And if not, the requirement of the certification authority would not be complied with. Would the framework therefore lose its certification, if we were to pass it on without the communication channel? May we use the communication channel you have set up? If the answer is yes, can we rely on that? Please let us know.”
How should the manufacturer respond?
Answer
(Please note that the answer is only available when logged in as OSADL member.)
