Date
1 - 17 of 17
New WG proposals: Safety Engineering Process, Linux Developers
|
elana.copperman@...
I have also updated the subject line, to reflect the proposal for the WG split.
From: devel@... <devel@...> on behalf of Elana Copperman <Elana.Copperman@...>
Sent: Tuesday, September 14, 2021 5:40 PM To: Paul Albertella <paul.albertella@...>; devel@... <devel@...> Subject: Re: [ELISA Technical Community] New WG proposal: Safety Engineering Process
Thanks, Paul, for your clear summary of previous discussions.
My added inputs are included below Paul's text. The proposed name for the new WG remains TBC, I am open to suggestions.
As noted by Paul, this has been extensively discussed in the recent Dev Process WG weekly calls.
My expectation is to announce this new format in the upcoming ELC/LSS conference, as well as in the
next ELISA workshop, thus inviting new members to join and to contribute.
Regards
Elana
From: devel@... <devel@...> on behalf of Paul Albertella <paul.albertella@...>
Sent: Tuesday, September 14, 2021 4:05 PM To: devel@... <devel@...> Subject: [ELISA Technical Community] New WG proposal: Safety Engineering Process Hi,
The Development Process working group has been discussing proposals for the evolution of the group. The WG has historically attempted to cover a number of goals in a single context, which has occasionally created confusion; to address this, we propose to split into two separate working groups, each with a clearer focus. Elana Copperman and I have proposed mission statements and planned activities for these two new groups, which have been discussed in the Dev Process WG weekly calls. Having reached some consensus about a way forward in that forum, I'd now like to share my proposal (see below) with the wider ELISA community for comment, before seeking to formalise the group at the TSC. I hope that Elana will share details of her proposal in due course. Regards, Paul --------------------------------------------------------------------- Proposed working group name --------------------------- Safety Engineering Process Proposed WG chair ----------------- Paul Albertella Proposed meeting schedule ------------------------- Weekly on Thursday, in the same slot as the current Dev process call Proposed mission statement -------------------------- This working group aims to examine safety-related claims that we might like to make about Linux as part of a system, and to explore how we can gather and present evidence to support such claims as part of a safety engineering process. We are interested in two broad classes of claims and evidence: a) Those relating to development practices for Linux as a whole; for example, the peer review process for patches, the testing performed on a kernel stable branch when preparing a release, or the testing performed by a system integrator for a product that incorporates Linux b) Those relating to specific properties or behaviour of Linux; for example, features that we can enable or disable in a kernel config, the (inferred) design of a subsystem, the characteristics of a driver, or tests that can verify aspects of a given feature For (b), we will focus on engineering process aspects (construction, verification, integration, use and maintenance) relating to the feature or property, rather than technical details of its design/implementation. In both cases we may examine practices or processes that are undertaken by the Linux kernel community, as well as communities or organisations that consume Linux (e.g. AGL, LTP), or we may identify practices or processes from other sources that might be used by organisations who want to use Linux to build systems with safety requirements. Planned activities ------------------ Our objectives are to: * Define claims that we would like to make about Linux and/or the processes used to develop it or integrate it as part of a product * Identify evidence that we might use to support these claims * Identify strategies or tools that we can use to gather, generate or reformulate evidence (perhaps in collaboration with the Tools WG) * Examine the evidence gathered and document our findings * Share and peer-review our findings in an elisa.tech Github repo Possible claims might be proposed by another WG, perhaps in relation to a specific use case, technique or safety argument, or we may select our own. Claims that we examine may not all be safety claims, per se; some might relate to software quality, for example, or functionality that does not have an explicit safety role, since both of these may be needed to support safety arguments. We will use contributors’ knowledge of specific safety standards to inform our work where appropriate - for example to determine what criteria to apply for a given class of evidence - but specifying how a given claim and its supporting evidence may be used as part of a certification process should be considered out of scope. Where we do not have consensus on results or conclusions, we will document the different perspectives and/or open questions. We will manage the material produced in an elisa.tech Github repo and collectively review it in GitHub PRs, inviting review or input from the rest of the ELISA community where appropriate. As part of this work, we also plan to write a summary of the results and conclusions of the work done by the Development Process WG, which will also be made available in an elisa.tech Github repo. This is intended to provide background for new participants and other WGs, as well as a baseline / conceptual framework for the work of the new group. Collaboration ------------- The group expects to collaborate with the existing working groups and with the new group proposed by Elana, both to identify or discuss claims and evidence for analysis, and to address wider questions relating to safety engineering processes. Where we work with another group on given topics, we may jointly present the results at an Elisa workshop. *********************************************************************************************
Proposed working group name
--------------------------- Linux Developers WG Proposed WG chair ----------------- Elana Copperman Proposed meeting schedule ------------------------- Weekly on Mondays, pending availability of participants Proposed mission statement -------------------------
Planned
activities
The scope of this WG does
not in any way include safety qualification or any safety claims on how the ------------------ integrator can or should use these features or patches. The only claims that would
be made are a
description of the feature and its functional impact.
Evidence
to support deployment of any feature in a safety-critical system may be clarified by work
products produced by the other ELISA WGs, focusing on collaboration as outlined by Paul above.
The work group will invite developers of safety critical systems to identify and to enhance existing
kernel features with elements that may be used effectively to support safety claims.
|
|
|
Proposed working group nameI am a big fan of this working group and I think it deserves some exploration. The key challenge I currently see is that "developers of safety critical systems" (which---by historic incident---have a significant different background on the complexity of software they have been developing and handling, and the style it has been handled) will attempt "to enhance existing kernel features" (which have been developed in a very different manner and evolve in a different manner). I feel that I simply do not have the kernel development experience with the few basic patches I submitted and bandwidth to contribute here with critical development contributions. I hope that there are others that have the needed kernel development knowledge and experience to quickly start feature development, and that this does just end up creating a wish list of ambitious kernel features that are impossible to implement. I hope there are a few developers interested in joining that working group and wish all of you joining that group a great learning experience, good luck and I am looking forward to some results on the linux-kernel mailing list. Of course, kernel feature development and documentation of kernel features will unaviodingly continue on the corresponding main channels as well. I hope to see you there soon. I would not worry too much about linking it to the mission statement or the name here; I think it is important to start exploring and see who is interested in joining and what the group can then really do. Lukas |
|
|
|
On Wed, Sep 15, 2021 at 6:04 PM Lukas Bulwahn <lukas.bulwahn@...> wrote:
Upps... missed a critical word in the sentence above:Proposed working group nameI am a big fan of this working group and I think it deserves some exploration. ...and that this does NOT just end up creating a wish list of ambitious kernel features that are impossible to implement. Note to myself: Read before sending, not afterwards... Lukas |
|
|
|
elana.copperman@...
Thanks for comments.
toggle quoted message
Show quoted text
2 quick notes: 1. Still waiting for additional ideas on relevant names - perhaps a prize to the winning name? 2. Lukas, some of my original text was unfortunately omitted. All of the suggested ideas are working features, not academic exercises or "ambitious ideas that are impossible to implement." The call is to those who actually design and develop production systems. The key challenge is to provide a supportive environment so that the open source community can benefit. Regards Elana -----Original Message-----
From: Lukas Bulwahn <lukas.bulwahn@...> Sent: Wednesday, September 15, 2021 7:07 PM To: Elana Copperman <Elana.Copperman@...> Cc: Paul Albertella <paul.albertella@...>; devel@... Subject: Re: [ELISA Technical Community] New WG proposals: Safety Engineering Process, Linux Developers On Wed, Sep 15, 2021 at 6:04 PM Lukas Bulwahn <lukas.bulwahn@...> wrote: Upps... missed a critical word in the sentence above:Proposed working group nameI am a big fan of this working group and I think it deserves some exploration. ...and that this does NOT just end up creating a wish list of ambitious kernel features that are impossible to implement. Note to myself: Read before sending, not afterwards... Lukas |
|
|
|
On Sat, Sep 18, 2021 at 10:24 PM Elana Copperman
<Elana.Copperman@...> wrote: I am all in for prizes! That is a good way to see some nice suggestions... 2. Lukas, some of my original text was unfortunately omitted. All of the suggested ideas are working features, not academic exercises or "ambitious ideas that are impossible to implement."Great! You are addressing my concern. So, I think this can be a successful WG, and we should kick it off and get started. I agree with your assessment of the key challenge. In that regard, providing a supportive environment, I think one of the first points might be to understand: - What is currently blocking those who actually design and develop production systems to contribute the features? knowledge gap? organisational aspects? some missing alignment? - What does the forum on the linux-kernel mailing list and related development channel already offer to provide a supportive environment for those who actually design and develop production systems? - What is missing in the linux-kernel community to provide a supportive environment for those who actually design and develop production systems? - How can we address those missing aspects to provide a supportive environment for those who actually design and develop production systems? I currently have only a rough understanding of the blockers from informal discussions among developers and some managers, but I think the topics that are blocking contributions are widely spread, and partly deeply rooted, such as technical knowledge gap or challenging strategic considerations, such as developing a proper open-source strategy that includes investments in upstream work. I would be interested to see if we could create a---potentially anonymized (under Chatham House Rules))---list of blockers for those who actually design and develop production systems to effectively contribute. Lukas Regards |
|
|
|
elana.copperman@...
Thanks, Lukas. See replies in-line below.
From: devel@... <devel@...> on behalf of Lukas Bulwahn <lukas.bulwahn@...>
Sent: Monday, September 20, 2021 12:05 PM To: Elana Copperman <Elana.Copperman@...> Cc: Paul Albertella <paul.albertella@...>; devel@... <devel@...> Subject: Re: [ELISA Technical Community] New WG proposals: Safety Engineering Process, Linux Developers On Sat, Sep 18, 2021 at 10:24 PM Elana Copperman
<Elana.Copperman@...> wrote: > > Thanks for comments. > 2 quick notes: > 1. Still waiting for additional ideas on relevant names - perhaps a prize to the winning name? I am all in for prizes! That is a good way to see some nice suggestions... [EC] Well, let's see some suggestions coming in ...
> 2. Lukas, some of my original text was unfortunately omitted. All of the suggested ideas are working features, not academic exercises or "ambitious ideas that are impossible to implement." > The call is to those who actually design and develop production systems. > The key challenge is to provide a supportive environment so that the open source community can benefit. Great! You are addressing my concern. So, I think this can be a successful WG, and we should kick it off and get started. [EC] We will discuss at the TSC meeting on 29.9
I agree with your assessment of the key challenge. In that regard, providing a supportive environment, I think one of the first points might be to understand: - What is currently blocking those who actually design and develop production systems to contribute the features? knowledge gap? organisational aspects? some missing alignment? [EC} Blocking by safety assessment. It is straightforward to qualify proprietary (not open-source) safety mechanisms in user applications. Kernel patches, however, are currently impossible to qualify. This is a major issue which I
hope Paul can address.
- What does the forum on the linux-kernel mailing list and related
development channel already offer to provide a supportive environment for those who actually design and develop production systems? [EC] Nothing. Hopefully the new WG with Paul's leadership will make some breakthroughs.
- What is missing in the linux-kernel community to provide a supportive environment for those who actually design and develop production systems? [EC] A forum for collaboration with safety experts. Collaboration means listening to each other and working together. Not an easy challenge.
- How can we address those missing aspects to provide a supportive environment for those who actually design and develop production systems? [EC] that's what Paul and I are trying to do.
🙂
I currently have only a rough understanding of the blockers from informal discussions among developers and some managers, but I think the topics that are blocking contributions are widely spread, and partly deeply rooted, such as technical knowledge gap or challenging strategic considerations, such as developing a proper open-source strategy that includes investments in upstream work. I would be interested to see if we could create a---potentially anonymized (under Chatham House Rules))---list of blockers for those who actually design and develop production systems to effectively contribute. [EC] You are welcome to get this started. Lukas > Regards > Elana > > > -----Original Message----- > From: Lukas Bulwahn <lukas.bulwahn@...> > Sent: Wednesday, September 15, 2021 7:07 PM > To: Elana Copperman <Elana.Copperman@...> > Cc: Paul Albertella <paul.albertella@...>; devel@... > Subject: Re: [ELISA Technical Community] New WG proposals: Safety Engineering Process, Linux Developers > > On Wed, Sep 15, 2021 at 6:04 PM Lukas Bulwahn <lukas.bulwahn@...> wrote: > > > > > Proposed working group name > > > --------------------------- > > > > > > Linux Developers WG > > > > > > Proposed WG chair > > > ----------------- > > > > > > Elana Copperman > > > > > > Proposed meeting schedule > > > ------------------------- > > > > > > Weekly on Mondays, pending availability of participants > > > > > > Proposed mission statement > > > ------------------------- > > > > > > To identify existing Linux Kernel features which may be leveraged for use in safety critical systems. > > > > > > For example, > > > > > > Mechanisms for protections of various memory types. > > > > > > Dynamic analysis for multi-threaded systems. > > > > > > Kernel profiling using ebpf-based tools. > > > > > > Isolation techniques and FFI (Freedom From Interference) > > > > > > Safety extensions to Linux drivers. > > > > > > > > > To bring together kernel developers and producers of safety critical > > > systems to demonstrate use of > > > > > > such features in real systems, and to learn from these experiences together as a community. > > > > > > > > > To propose enhancements to such features and to work as a community > > > to design / implement / > > > > > > deploy kernel patches. Such patches should help to make those > > > features more amenable > > > > > > for use in safety critical systems. > > > > > > > > > To recommend tools or processes to be provided by other ELISA WGs so > > > that those patches > > > > > > and features can be used by designers and integrators producing safety critical systems. > > > > > > > > > Planned activities > > > ------------------ > > > The scope of this WG does not in any way include safety > > > qualification or any safety claims on how the integrator can or > > > should use these features or patches. The only claims that would be made are a description of the feature and its functional impact. > > > Evidence to support deployment of any feature in a safety-critical > > > system may be clarified by work products produced by the other ELISA WGs, focusing on collaboration as outlined by Paul above. > > > > > > The work group will invite developers of safety critical systems to > > > identify and to enhance existing kernel features with elements that may be used effectively to support safety claims. > > > > > > > I am a big fan of this working group and I think it deserves some exploration. > > > > The key challenge I currently see is that "developers of safety > > critical systems" (which---by historic incident---have a significant > > different background on the complexity of software they have been > > developing and handling, and the style it has been handled) will > > attempt "to enhance existing kernel features" (which have been > > developed in a very different manner and evolve in a different > > manner). > > > > I feel that I simply do not have the kernel development experience > > with the few basic patches I submitted and bandwidth to contribute > > here with critical development contributions. I hope that there are > > others that have the needed kernel development knowledge and > > experience to quickly start feature development, and that this does > > just end up creating a wish list of ambitious kernel features that are > > impossible to implement. > > > > Upps... missed a critical word in the sentence above: > > ...and that this does NOT just end up creating a wish list of ambitious kernel features that are impossible to implement. > > Note to myself: Read before sending, not afterwards... > > Lukas |
|
|
I agree with your assessment of the key challenge.My question was really looking for more practical answers here. E.g., just for the purpose of illustration: Although I understand what kind of changes to the memory management system might help verifying or validating critical property (relevant for safety systems), I cannot implement and submit anything relevant to the kernel's memory management because I personally do not have the necessary in-depth knowledge for memory management. Your hypothesis "Kernel patches are currently impossible to qualify" needs to be due to certain reasons; I would really like to understand why this is currently impossible? Is it due to lack of knowledge about the contributor and its development process? Is it due to lack of expertise in understanding and judging the existing code? etc. - What does the forum on the linux-kernel mailing list and relatedAgain, I would like to understand this more specifically: Stating that the linux-kernel mailing list provides nothing, seems a bit harsh. For the code improvement group, we identified that the linux-kernel mailing list provides a way for obtaining feedback and integrating our improvements (and that we do not need any separate channels, communities or networks); we just lack partly the skill/comprehension and partly the time to assess all bug findings/issues we identified, but for a few simple issues, each participant could submit an improvement and get it integrated with the help of the linux-kernel mailing list and the established maintainers. Can you not integrate the features you developed through the linux-kernel mailing list? Is that broken for the code you would like to modify and extend? Why are these features rejected? - What is missing in the linux-kernel community to provide aLet us see if there are others that are willing to share their experiences. Lukas |
|
|
|
elana.copperman@...
Thanks, Lukas, for your comments. See brief replies below; we should continue this discussion next week, on my return from holiday.
From: Lukas Bulwahn <lukas.bulwahn@...>
Sent: Monday, September 20, 2021 10:00 PM To: Elana Copperman <Elana.Copperman@...> Cc: devel@... <devel@...>; Paul Albertella <paul.albertella@...> Subject: Re: [ELISA Technical Community] New WG proposals: Safety Engineering Process, Linux Developers > I agree with your assessment of the key challenge.
> In that regard, providing a supportive environment, I think one of the > first points might be to understand: > > - What is currently blocking those who actually design and develop > production systems to contribute the features? knowledge gap? > organisational aspects? some missing alignment? > [EC} Blocking by safety assessment. It is straightforward to qualify proprietary (not open-source) safety mechanisms in user applications. Kernel patches, however, are currently impossible to qualify. This is a major issue which I hope Paul can address. > My question was really looking for more practical answers here. E.g., just for the purpose of illustration: Although I understand what kind of changes to the memory management system might help verifying or validating critical property (relevant for safety systems), I cannot implement and submit anything relevant to the kernel's memory management because I personally do not have the necessary in-depth knowledge for memory management. Your hypothesis "Kernel patches are currently impossible to qualify" needs to be due to certain reasons; I would really like to understand why this is currently impossible? Is it due to lack of knowledge about the contributor and its development process? Is it due to lack of expertise in understanding and judging the existing code? etc. >>>> Not at all. It is the basic mistrust of Linux which is manifested in ELISA as well.
>>>> We are seeing in the Architecture WG what a long process would be needed for a trivial use case.
>>>> Qualifying a complex real-life production use case for release as a kernel patch would incur unreasonable cost, effort and resources.
> - What does the forum on the linux-kernel mailing list and related > development channel already offer to provide a supportive environment > for those who actually design and develop production systems? > [EC] Nothing. Hopefully the new WG with Paul's leadership will make some breakthroughs. > Again, I would like to understand this more specifically: Stating that the linux-kernel mailing list provides nothing, seems a bit harsh. >>>> Where was this statement made?
For the code improvement group, we identified that the
linux-kernel mailing list provides a way for obtaining feedback and integrating our improvements (and that we do not need any separate channels, communities or networks); we just lack partly the skill/comprehension and partly the time to assess all bug findings/issues we identified, but for a few simple issues, each participant could submit an improvement and get it integrated with the help of the linux-kernel mailing list and the established maintainers. Can you not integrate the features you developed through the linux-kernel mailing list? Is that broken for the code you would like to modify and extend? Why are these features rejected? >>>> ??? Who developed features through the Linux kernel mailing list? > - What is missing in the linux-kernel community to provide a > supportive environment for those who actually design and develop > production systems? > [EC] A forum for collaboration with safety experts. Collaboration means listening to each other and working together. Not an easy challenge. > > - How can we address those missing aspects to provide a supportive > environment for those who actually design and develop production > systems? > [EC] that's what Paul and I are trying to do. 🙂 > > I currently have only a rough understanding of the blockers from > informal discussions among developers and some managers, but I think > the topics that are blocking contributions are widely spread, and > partly deeply rooted, such as technical knowledge gap or challenging > strategic considerations, such as developing a proper open-source > strategy that includes investments in upstream work. > > I would be interested to see if we could create a---potentially > anonymized (under Chatham House Rules))---list of blockers for those > who actually design and develop production systems to effectively > contribute. > [EC] You are welcome to get this started. > Let us see if there are others that are willing to share their experiences. Lukas |
|
|
|
On Tue, Sep 21, 2021 at 10:32 PM Elana Copperman
<Elana.Copperman@...> wrote: Elana, enjoy your vacation! This email thread can wait another few days until we continue. Lukas |
|
|
|
elana.copperman@...
Back from holiday, taking this up once again.
From: devel@... <devel@...>
On Behalf Of Elana Copperman
Sent: Tuesday, September 21, 2021 11:33 PM To: Lukas Bulwahn <lukas.bulwahn@...> Cc: devel@...; Paul Albertella <paul.albertella@...> Subject: Re: [ELISA Technical Community] New WG proposals: Safety Engineering Process, Linux Developers
Thanks, Lukas, for your comments. See brief replies below; we should continue this discussion next week, on my return from holiday.
From: Lukas Bulwahn <lukas.bulwahn@...>
> I agree with your assessment of the key challenge. >>>> Not at all. It is the basic mistrust of Linux which is manifested in ELISA as well. >>>> We are seeing in the Architecture WG what a long process would be needed for a trivial use case. >>>> Qualifying a complex real-life production use case for release as a kernel patch would incur unreasonable cost, effort and resources. >>>> Where was this statement made?
For the code improvement group, we identified that the >>>> The features to be developed can certainly be introduced via the Linux kernel mailing list. >>>> However, the expectation is that they will not be accepted by safety assessors if introduced in this way. >>>> Instead, they are introduced as proprietary user space applications, and then much more readily approved. >>>> We need to find an appropriate way to introduce open source Linux-based features which are accepted.
|
|
|
|
elana.copperman@...
Still waiting for concrete suggestions for the new WG. @Lukas Bulwahn – no one to take the prize? Currently the only proposal is "Linux Developers WG", which we all agreed is not ideal. Some additional suggestions:
(none of which is ideal, but as a basis for discussion). Thanks Elana
From: devel@... <devel@...>
On Behalf Of Elana Copperman
Sent: Monday, September 20, 2021 3:01 PM To: Lukas Bulwahn <lukas.bulwahn@...> Cc: Paul Albertella <paul.albertella@...>; devel@... Subject: Re: [ELISA Technical Community] New WG proposals: Safety Engineering Process, Linux Developers
Thanks, Lukas. See replies in-line below.
From:
devel@... <devel@...> on behalf of Lukas Bulwahn <lukas.bulwahn@...>
On Sat, Sep 18, 2021 at 10:24 PM Elana Copperman [EC] Well, let's see some suggestions coming in ...
|
|
|
I will create a set of survey questions to collect some feedback on- How can we address those missing aspects to provide a supportiveLet us see if there are others that are willing to share their experiences. that in a structured way. Lukas |
|
|
|
(snip)
I am sorry. I am confused and I do not understand. Let us assume: A new feature for the kernel, i.e., a feature extending the kernel's functionality, has been developed in a reasonably systematic way with sufficient documentation to argue sufficient understanding of the functionality and its contribution to a specific safety claim. Side question: Is it already unrealistic or difficult to meet this assumption above? Is there a gap to develop in a reasonably systematic way? Is there a knowledge/process gap to create documentation of the functionality? Is it difficult to formulate the specific safety claim of interest and argue the contribution? If that assumption above is met, is such a feature and its related patches accepted by safety assessors? I assume all those aspects and questions are so far unrelated to integrating patches in the kernel through the kernel mailing list. Next, then, these patches and documentation are sent to the linux-kernel mailing list. Then, they are integrated into the kernel repository, then the source code is released and distributed. Then, it is compiled by somebody, put into a system and used for some purpose. At which point in these steps, does the feature switch from being acceptable for safety assessor to not being acceptable to safety assessor? What happens in that step such that the feature is not acceptable? Lukas (snip) |
|
|
|
elana.copperman@...
Lukas, this discussion does not seem to be appropriate for the mailing list, and if there is sufficient interest - we can use tomorrow's call for this purpose. @Paul Albertella?
toggle quoted message
Show quoted text
In brief, the process which you describe below gets stuck because Linux is not qualified. To accept a kernel patch as a basis for safety claims, given that such a patch inevitably uses existing kernel features, our experience has been that you would need a fully qualified Linux kernel to support the kernel patch development process. Elana -----Original Message-----
From: Lukas Bulwahn <lukas.bulwahn@...> Sent: Wednesday, September 29, 2021 9:34 AM To: Elana Copperman <Elana.Copperman@...> Cc: devel@...; Paul Albertella <paul.albertella@...> Subject: Re: [ELISA Technical Community] New WG proposals: Safety Engineering Process, Linux Developers (snip) I am sorry. I am confused and I do not understand. Let us assume: A new feature for the kernel, i.e., a feature extending the kernel's functionality, has been developed in a reasonably systematic way with sufficient documentation to argue sufficient understanding of the functionality and its contribution to a specific safety claim. Side question: Is it already unrealistic or difficult to meet this assumption above? Is there a gap to develop in a reasonably systematic way? Is there a knowledge/process gap to create documentation of the functionality? Is it difficult to formulate the specific safety claim of interest and argue the contribution? If that assumption above is met, is such a feature and its related patches accepted by safety assessors? I assume all those aspects and questions are so far unrelated to integrating patches in the kernel through the kernel mailing list. Next, then, these patches and documentation are sent to the linux-kernel mailing list. Then, they are integrated into the kernel repository, then the source code is released and distributed. Then, it is compiled by somebody, put into a system and used for some purpose. At which point in these steps, does the feature switch from being acceptable for safety assessor to not being acceptable to safety assessor? What happens in that step such that the feature is not acceptable? Lukas (snip) |
|
|
|
On Wed, Sep 29, 2021 at 8:38 AM Elana Copperman
<Elana.Copperman@...> wrote: Okay, thanks. Now, I understand why we get stuck. Of course, if we come to the conclusion that a fully qualified Linux kernel (whatever that means; I have no clear semantics for such a term; qualification always happens in the context of a (assumed) system) is required for any feature we may develop, then we really might be stuck. I resolved that question for the scope that was required for the feature to be integrated. By employing general software engineering arguments, I could limit that to a clearly manageable scope of kernel functionality. If there is interest in how that is resolved, I would suggest just looking at a specific feature and reconsider the challenge we encountered that leads to the point above. I am not a big fan of meetings; email is often the better means of communication for technical discussions. Only, seldomly, a meeting really adds value to a discussion of in-depth considerations. Lukas |
|
|
|
elana.copperman@...
We can start with cgroups and namespaces, focusing on the questions raised by Bruce and Priyanka in their presentation last week.
toggle quoted message
Show quoted text
Emails would work if you would leave the original full discussion, it is very difficult to follow this censored flow. -----Original Message-----
From: Lukas Bulwahn <lukas.bulwahn@...> Sent: Wednesday, September 29, 2021 11:51 AM To: Elana Copperman <Elana.Copperman@...> Cc: Paul Albertella <paul.albertella@...>; devel@... Subject: Re: [ELISA Technical Community] New WG proposals: Safety Engineering Process, Linux Developers On Wed, Sep 29, 2021 at 8:38 AM Elana Copperman <Elana.Copperman@...> wrote: Okay, thanks. Now, I understand why we get stuck. Of course, if we come to the conclusion that a fully qualified Linux kernel (whatever that means; I have no clear semantics for such a term; qualification always happens in the context of a (assumed) system) is required for any feature we may develop, then we really might be stuck. I resolved that question for the scope that was required for the feature to be integrated. By employing general software engineering arguments, I could limit that to a clearly manageable scope of kernel functionality. If there is interest in how that is resolved, I would suggest just looking at a specific feature and reconsider the challenge we encountered that leads to the point above. I am not a big fan of meetings; email is often the better means of communication for technical discussions. Only, seldomly, a meeting really adds value to a discussion of in-depth considerations. Lukas |
|
|
|
On Wed, Sep 29, 2021 at 10:58 AM Elana Copperman
<Elana.Copperman@...> wrote: Agree. That is a really good idea. We need to establish proper recommendations and policies for well-structured email-based discussions. I will reach out to Shuah for the TSC meeting today to have a smaller group describe recommendations and policies for well-structured email-based discussions. Then, we document those for the overall group exchanging emails, and potentially even enforce certain policies for email discussions, such as already done on linux-kernel@..., and continuously pointed out by some technical stewards/mentors on similar lists. Lukas
|
|
|