9:59:59.000,9:59:59.000 Welcome back, the next talk will be[br]Jan Kiszka 9:59:59.000,9:59:59.000 on Getting more Debian into our[br]civil infrastructure. 9:59:59.000,9:59:59.000 Thank you Michael. 9:59:59.000,9:59:59.000 So my name is Jan Kiszka, 9:59:59.000,9:59:59.000 you may not know me, I'm not a Debian[br]Developer, not a Debian Maintainer. 9:59:59.000,9:59:59.000 I'm just an upstream hacker. 9:59:59.000,9:59:59.000 I'm working for Siemens 9:59:59.000,9:59:59.000 and part of the Linux team there[br]for now 10 years actually, 9:59:59.000,9:59:59.000 more than 10 years. 9:59:59.000,9:59:59.000 We are supporting our business units[br]in getting Linux into the products successfully 9:59:59.000,9:59:59.000 for that long time, even longer actually. 9:59:59.000,9:59:59.000 Today, I'm representing a collaborative[br]project that has some relationship 9:59:59.000,9:59:59.000 with Debian, and more soon. 9:59:59.000,9:59:59.000 First of all, maybe a surprise to some[br]of you, 9:59:59.000,9:59:59.000 our civilization is heavily running on Linux[br]and you may now think about 9:59:59.000,9:59:59.000 this kind of devices where some kind of[br]Linux inside, 9:59:59.000,9:59:59.000 or you may think of the cloud servers[br]running Linux inside. 9:59:59.000,9:59:59.000 But actually, this is about devices closer[br]to us. 9:59:59.000,9:59:59.000 In all our infrastructure, 9:59:59.000,9:59:59.000 there are control systems, there are[br]management systems included 9:59:59.000,9:59:59.000 and many many of them run Linux inside. 9:59:59.000,9:59:59.000 Maybe if you are traveling with Deutsche[br]Bahn to this event these days, 9:59:59.000,9:59:59.000 there was some Linux system on the train[br]as well, 9:59:59.000,9:59:59.000 as they were on the ???,[br]so on the control side. 9:59:59.000,9:59:59.000 Energy generation. 9:59:59.000,9:59:59.000 Power plants, they are also run with Linux 9:59:59.000,9:59:59.000 in very interesting ways, in positive ways 9:59:59.000,9:59:59.000 Industry automation, the factories, they[br]have control systems inside 9:59:59.000,9:59:59.000 and quite a few are running Linux inside. 9:59:59.000,9:59:59.000 And also other systems like health care,[br]diagnostic systems. 9:59:59.000,9:59:59.000 These big balls up there, they're magnetic[br]resonance imaging systems, 9:59:59.000,9:59:59.000 they're running on Linux for over[br]a decade now. 9:59:59.000,9:59:59.000 Building automation, not at home but in[br]the professional building area. 9:59:59.000,9:59:59.000 Actually, as I said, the train systems are[br]going to be more on Debian soon. 9:59:59.000,9:59:59.000 We have Debian for quite a while in[br]power generation. 9:59:59.000,9:59:59.000 "We", in this case, Siemens. 9:59:59.000,9:59:59.000 We have the box underneath,[br]on the third row, 9:59:59.000,9:59:59.000 the industrial switch there is running[br]Debian. 9:59:59.000,9:59:59.000 And the health care device is still[br]on Ubuntu, but soon will be Debian as well. 9:59:59.000,9:59:59.000 Just to give some examples. 9:59:59.000,9:59:59.000 These are the areas where we, as a group,[br]and we, as Siemens, are active. 9:59:59.000,9:59:59.000 But there are some problems with this. 9:59:59.000,9:59:59.000 Just take an example from a railway[br]system. 9:59:59.000,9:59:59.000 Usually, this kind of devices installation,[br]they have a lifetime 9:59:59.000,9:59:59.000 of 25, 30 years. 9:59:59.000,9:59:59.000 It used to be quite simple with these[br]old devices, 9:59:59.000,9:59:59.000 simple in the sense that it was mechanic,[br]it was pretty robust 9:59:59.000,9:59:59.000 I was once told that one of these locking[br]systems, 9:59:59.000,9:59:59.000 they were basically left in a box out there[br]for 50 years and no one entered the ??? 9:59:59.000,9:59:59.000 No one touched the whole thing for 50 years 9:59:59.000,9:59:59.000 These times are a little bit over. 9:59:59.000,9:59:59.000 Nowadays, we have more electronic systems[br]in these systems 9:59:59.000,9:59:59.000 and they contain of course software. 9:59:59.000,9:59:59.000 What does it mean? 9:59:59.000,9:59:59.000 Just to give you an idea, how this kind[br]of development looks like in this domain. 9:59:59.000,9:59:59.000 So ??? 9:59:59.000,9:59:59.000 development takes quite a long time[br]until the product is ready, 9:59:59.000,9:59:59.000 3 to 5 years. 9:59:59.000,9:59:59.000 Then, in the railway domain, it's mostly[br]about customizing the systems 9:59:59.000,9:59:59.000 for specific installations of the railway[br]systems, 9:59:59.000,9:59:59.000 not only in Europe, they are kind of messy[br]regarding the differences.[br] 9:59:59.000,9:59:59.000 So you have specific requirements of the[br]customer, the railway operators 9:59:59.000,9:59:59.000 to adjust these systems for their needs. 9:59:59.000,9:59:59.000 And you see by then, 9:59:59.000,9:59:59.000 after 5 years already, a Debian version[br]would be out of maintenance and 9:59:59.000,9:59:59.000 if you add an other year, you can start[br]over again. 9:59:59.000,9:59:59.000 So, in the development time, you may[br]change still the system 9:59:59.000,9:59:59.000 but later on, it's getting hard to change[br]the system ??? 9:59:59.000,9:59:59.000 because then the interesting parts start[br]in this domain, not only in this domain, 9:59:59.000,9:59:59.000 that's safety and security assessment and[br]approval for these systems. 9:59:59.000,9:59:59.000 And that also takes time. 9:59:59.000,9:59:59.000 For example, in Germany, you go for the[br]Eisenbahn ??? 9:59:59.000,9:59:59.000 and you ask to get a permission to run[br]that train on the track 9:59:59.000,9:59:59.000 and if they say "Mmh, not happy with it",[br]you do it over again 9:59:59.000,9:59:59.000 and it takes time 9:59:59.000,9:59:59.000 and if you change something in the[br]system, it becomes interesting 9:59:59.000,9:59:59.000 because some of these certification[br]aspects become invalid, 9:59:59.000,9:59:59.000 you have to redo it. 9:59:59.000,9:59:59.000 And then of course, these trains on[br]the installation, 9:59:59.000,9:59:59.000 the have a long life as I mentioned[br]before. 9:59:59.000,9:59:59.000 So how do you deal with this in[br]an electronic device and 9:59:59.000,9:59:59.000 in software-driven devices over[br]this long phase? 9:59:59.000,9:59:59.000 That's our challenge 9:59:59.000,9:59:59.000 and just one example and there are[br]more in this area. 9:59:59.000,9:59:59.000 At the same time, what we see now is[br]these fancy buzzwords 9:59:59.000,9:59:59.000 from cloud business entering[br]our conservative, slowly moving domain. 9:59:59.000,9:59:59.000 We talk about IoT, industrial IoT, so[br]connected devices. 9:59:59.000,9:59:59.000 We talk about edge computing, it means[br]getting the power of the cloud 9:59:59.000,9:59:59.000 to the device in the field, closer to[br]where the real things happen. 9:59:59.000,9:59:59.000 So, networking becomes a topic. 9:59:59.000,9:59:59.000 In the past, you basically built a system,[br]you locked it up physically 9:59:59.000,9:59:59.000 you never touched it again, except[br]the customer complains that 9:59:59.000,9:59:59.000 there were some bug inside. 9:59:59.000,9:59:59.000 These days, the customer asks us to[br]do a frequent update. 9:59:59.000,9:59:59.000 And actually the customers ???[br]ask for this. 9:59:59.000,9:59:59.000 So you have to have some security[br]maintenance concept in this 9:59:59.000,9:59:59.000 which means regular updates, regular fixes 9:59:59.000,9:59:59.000 and that is of course ???[br]for this kind of doing the way you have 9:59:59.000,9:59:59.000 slow running and long running[br]support cycles. 9:59:59.000,9:59:59.000 To summarize, there's a very long time[br]we have to maintain our devices in the field 9:59:59.000,9:59:59.000 and so far, this was mostly done[br]individually. 9:59:59.000,9:59:59.000 So each company, and sometimes quite[br]frequently also inside the company, 9:59:59.000,9:59:59.000 each product group, development ???[br]did it individually. 9:59:59.000,9:59:59.000 So everyone was having their own kernel,[br]everyone was having their own base system, 9:59:59.000,9:59:59.000 it was easy to build up so it should be[br]easy to maintain. 9:59:59.000,9:59:59.000 Of course it's not. 9:59:59.000,9:59:59.000 This was one thing, one important thing. 9:59:59.000,9:59:59.000 And then, of course, we not always are[br]completely happy 9:59:59.000,9:59:59.000 with what the free software gives us. 9:59:59.000,9:59:59.000 There are some needs to make things[br]more robust, 9:59:59.000,9:59:59.000 to make things more secure, reliable. 9:59:59.000,9:59:59.000 So we have to work with these components[br]and improve them, mostly upstream, 9:59:59.000,9:59:59.000 and that, of course, is not a challenge[br]we have to address in this area. 9:59:59.000,9:59:59.000 And catch up with a trend coming in from[br]the service space on the cloud space. 9:59:59.000,9:59:59.000 So with this challengeā€¦ 9:59:59.000,9:59:59.000 it was the point where we, in this case,[br]a number of big users of 9:59:59.000,9:59:59.000 industrial open source systems, 9:59:59.000,9:59:59.000 came together and created a new[br]collaborative project. 9:59:59.000,9:59:59.000 That's what you do in the open source[br]area. 9:59:59.000,9:59:59.000 This project is called Civil Infrastructure[br]Platform. 9:59:59.000,9:59:59.000 It's under the umbrella of the Linux[br]Foundation, 9:59:59.000,9:59:59.000 there are many projects of the Linux[br]Foundation you may have seen, 9:59:59.000,9:59:59.000 but most of them are more in the area[br]of cloud computing 9:59:59.000,9:59:59.000 or in the area of media. 9:59:59.000,9:59:59.000 Automotive computing, this one is actually[br]even more conservative than the other ones 9:59:59.000,9:59:59.000 and it's also comparably small. 9:59:59.000,9:59:59.000 Our goal is to build this open source[br]base layer for these application scenarios 9:59:59.000,9:59:59.000 based on free software, based on Linux. 9:59:59.000,9:59:59.000 We started two years ago. 9:59:59.000,9:59:59.000 That's basically our structure, to give[br]you an idea. 9:59:59.000,9:59:59.000 Member companies, the 3 on the top are[br]founding platinum companies, 9:59:59.000,9:59:59.000 Hitachi, Toshiba and Siemens. 9:59:59.000,9:59:59.000 We have Codethink and Plat'Home[br]on board, 9:59:59.000,9:59:59.000 we had them on board for the first time[br]as well. 9:59:59.000,9:59:59.000 Renesas joined us and just recently also[br]Moxa. 9:59:59.000,9:59:59.000 So if you compare this with other[br]collaborative projects, 9:59:59.000,9:59:59.000 it's a pretty small one, comparatively[br]small one, 9:59:59.000,9:59:59.000 so our budget is also limited. 9:59:59.000,9:59:59.000 It's still decent enough, but, well,[br]we are growing. 9:59:59.000,9:59:59.000 And based on this budget, we have[br]some developers being paid, 9:59:59.000,9:59:59.000 Ben is paid this way, you will see[br]later on why. 9:59:59.000,9:59:59.000 And we have people working from[br]the companies in the communities 9:59:59.000,9:59:59.000 and we are ramping up on working with[br]communities 9:59:59.000,9:59:59.000 to improve the base layers for our needs. 9:59:59.000,9:59:59.000 Everything is open source, we have[br]a GitLab repo as well and 9:59:59.000,9:59:59.000 you can look up there what's going on there. 9:59:59.000,9:59:59.000 So, the main areas of activities where[br]we are working on right now. 9:59:59.000,9:59:59.000 4 areas. 9:59:59.000,9:59:59.000 Kernel maintenance, 9:59:59.000,9:59:59.000 we started with declaring one kernel as[br]the CIP kernel to have 9:59:59.000,9:59:59.000 an extended support phase for this kernel[br]of 10 years. 9:59:59.000,9:59:59.000 This is what we're aiming for, which is[br]feasible already 9:59:59.000,9:59:59.000 for some enterprise distros[br]in a specific area 9:59:59.000,9:59:59.000 but here we are talking about an industrial[br]area, an embedded area 9:59:59.000,9:59:59.000 so there is some challenge. 9:59:59.000,9:59:59.000 I'm saying 10 years, there's sometimes[br]written 15 years, 9:59:59.000,9:59:59.000 we will see after 10 years if we follow[br]on to this. 9:59:59.000,9:59:59.000 Along with this, of course, comes the need[br]for real time support. 9:59:59.000,9:59:59.000 Currently, it's a separated branch, but[br]it's going to be integrated eventually 9:59:59.000,9:59:59.000 to have the PREEMPT_RT branch [br]??? doing this. 9:59:59.000,9:59:59.000 As I mentioned before, Ben is currently[br]our 4.4 CIP kernel maintainer. 9:59:59.000,9:59:59.000 This is the core, basically where we[br]started activities. 9:59:59.000,9:59:59.000 We continued in extending this on[br]test infrastructure, 9:59:59.000,9:59:59.000 so we invested a bit in improving on[br]??? infrastructure, 9:59:59.000,9:59:59.000 we are now ramping up an internal[br]??? just to enable 9:59:59.000,9:59:59.000 the kernel testing of course. 9:59:59.000,9:59:59.000 And then, that's actually what I'd like[br]to talk about today a bit more, 9:59:59.000,9:59:59.000 there's a CIP core. 9:59:59.000,9:59:59.000 The kernel alone doesn't make a system,[br]you need a user space, 9:59:59.000,9:59:59.000 you need a user land and that's basically[br]where we are now focusing on, 9:59:59.000,9:59:59.000 ramping up. 9:59:59.000,9:59:59.000 Our activity is to define this CIP core,[br]means a base system, 9:59:59.000,9:59:59.000 user space base system which you want[br]to maintain as long as the kernel, 9:59:59.000,9:59:59.000 so an other 10 years thing. 9:59:59.000,9:59:59.000 Our group had a couple of members which[br]were already familiar with Debian before. 9:59:59.000,9:59:59.000 So it was pretty easy for that group[br]to decide on 9:59:59.000,9:59:59.000 choosing Debian as the base source[br]for our core, CIP core package. 9:59:59.000,9:59:59.000 So, why was Debian chosen? 9:59:59.000,9:59:59.000 Well, it has an outstanding maturity and[br]a focus on stability, 9:59:59.000,9:59:59.000 so we are pretty much aligned regarding[br]how conservative we see certain things 9:59:59.000,9:59:59.000 which is a positive thing for us. 9:59:59.000,9:59:59.000 It has very professional security properties[br]but we also rely on heavily. 9:59:59.000,9:59:59.000 And also another interesting aspect for us[br]is the license hygiene that you are after 9:59:59.000,9:59:59.000 to ensure that there is only free software[br]in these packages 9:59:59.000,9:59:59.000 and that is properly documented. 9:59:59.000,9:59:59.000 We, when we are using and redistributing[br]software, 9:59:59.000,9:59:59.000 in contrast to, for example, the service space 9:59:59.000,9:59:59.000 when you don't usually redistribute things, 9:59:59.000,9:59:59.000 we are redistributing devices, so we are[br]redistributing software, 9:59:59.000,9:59:59.000 we have to take care of the licenses[br]that we are redistributing 9:59:59.000,9:59:59.000 and that we are compliant with all these[br]licenses included. 9:59:59.000,9:59:59.000 So it's very important for us that this is[br]a consistent picture we get from the package. 9:59:59.000,9:59:59.000 Someone looked at this already, we are still[br]looking ourselves on this 9:59:59.000,9:59:59.000 but that's a very important thing. 9:59:59.000,9:59:59.000 With these characters, we chose Debian[br]as the base system. 9:59:59.000,9:59:59.000 So, what does it mean right now? 9:59:59.000,9:59:59.000 We are currently in the process to select[br]the core packages from the Debian packages 9:59:59.000,9:59:59.000 There is still a little bit of ???[br]obviously. 9:59:59.000,9:59:59.000 So we are already working with Debian on[br]certain long term support aspects 9:59:59.000,9:59:59.000 Just to mention 2 activities, 9:59:59.000,9:59:59.000 we were sponsoring already the staging[br]repo for security master. 9:59:59.000,9:59:59.000 Actually I'm ??? aware of the current[br]state of the project 9:59:59.000,9:59:59.000 but we got the feedback that it's[br]apparently a valuable thing for LTS activity 9:59:59.000,9:59:59.000 We just joined LTS platinum sponsoring[br]and we are now involved in discussion 9:59:59.000,9:59:59.000 for this extended LTS activity, 9:59:59.000,9:59:59.000 so anything beyond 5 years 9:59:59.000,9:59:59.000 and in the end, that's what we committed[br]to our users. 9:59:59.000,9:59:59.000 We want to ensure that for the base system[br]the 10 years is reached. 9:59:59.000,9:59:59.000 Of course, ideally, in the community,[br]not only based on our personal activities 9:59:59.000,9:59:59.000 but in the end, we have to fill the gap 9:59:59.000,9:59:59.000 and that's basically our commitment[br]on this. 9:59:59.000,9:59:59.000 Don't take literally what is written here. 9:59:59.000,9:59:59.000 This is basically to reflect the package set[br]we are discussing 9:59:59.000,9:59:59.000 and there are some 30 to 300 packages[br]on the discussion, so to say right now 9:59:59.000,9:59:59.000 We're condensing basically all the input[br]from our users, from our members, 9:59:59.000,9:59:59.000 what they are using already 9:59:59.000,9:59:59.000 and there is a difference we will later[br]on where this comes from 9:59:59.000,9:59:59.000 in the amount of packages, if the way[br]they're using. 9:59:59.000,9:59:59.000 So, the kernel currently is not part of[br]the Debian thing we import, 9:59:59.000,9:59:59.000 although some of our users would directly[br]use a Debian kernel 9:59:59.000,9:59:59.000 but as I said, when there's a need for[br]additional activities and 9:59:59.000,9:59:59.000 that's why CIP Core comes in 9:59:59.000,9:59:59.000 but then we have a set of base packages 9:59:59.000,9:59:59.000 and then of course, we also have to have[br]a certain set of packages that we need to keep 9:59:59.000,9:59:59.000 in a usable way to ensure reproducibility[br]of this base set. 9:59:59.000,9:59:59.000 Because if we want to fix something[br]after 9 years in the field 9:59:59.000,9:59:59.000 on a base system produced in the past, 9:59:59.000,9:59:59.000 we have to ensure if we can come up[br]with the same result 9:59:59.000,9:59:59.000 plus the delta. 9:59:59.000,9:59:59.000 So there are different ways how to build[br]a system 9:59:59.000,9:59:59.000 and compared to the classic installation 9:59:59.000,9:59:59.000 you may know from a desktop or a server[br]you're not installing, 9:59:59.000,9:59:59.000 we are prebuilding images and then deploy[br]these images on the devices 9:59:59.000,9:59:59.000 either in the factory or out there[br]in the field. 9:59:59.000,9:59:59.000 So the challenge for us is, if we have[br]this package list, 9:59:59.000,9:59:59.000 how to get to the device image. 9:59:59.000,9:59:59.000 So just to give you a brief idea, of course[br]there is some input 9:59:59.000,9:59:59.000 from the CIP kernel in source form 9:59:59.000,9:59:59.000 then we are using ???[br]prebuilt binary packages from Debian 9:59:59.000,9:59:59.000 and/or source package, the source feed[br]from Debian, 9:59:59.000,9:59:59.000 the upstream source but the Debian patches[br]as input feeds 9:59:59.000,9:59:59.000 and that comes bound to a minimum[br]base system to be generated 9:59:59.000,9:59:59.000 and we are currently working on this. 9:59:59.000,9:59:59.000 There is no defined way of producing[br]this image within CIP at this point, 9:59:59.000,9:59:59.000 we are basically following two paths. 9:59:59.000,9:59:59.000 One of them is the path which is dominated[br]by the idea 9:59:59.000,9:59:59.000 "Ok, we have to ensure we, in this case[br]the ??? environments 9:59:59.000,9:59:59.000 have to ensure to reproduce the image[br]ourself, the binaries ourself" 9:59:59.000,9:59:59.000 so we take the maintain sources from[br]the Debian community 9:59:59.000,9:59:59.000 but we rebuilt and then generate a new[br]binary ??? out of this. 9:59:59.000,9:59:59.000 That's one way and that's an activity[br]which you have heard about, 9:59:59.000,9:59:59.000 meta-debian project prominently driven[br]by Toshiba, 9:59:59.000,9:59:59.000 which uses the ???[br]way of producing a base system 9:59:59.000,9:59:59.000 but out of Debian sources so that you have[br]a maintained source input feed 9:59:59.000,9:59:59.000 for this production. 9:59:59.000,9:59:59.000 That's one path. 9:59:59.000,9:59:59.000 The other path is using predominantly[br]binary packages 9:59:59.000,9:59:59.000 and personally and specific also at Siemens[br]we are more following this path here. 9:59:59.000,9:59:59.000 So there is for example the ISAR project, 9:59:59.000,9:59:59.000 ??? is one of their developers here[br]as well 9:59:59.000,9:59:59.000 We are working on this path, it means that[br]95 or 99% of your image consists originally 9:59:59.000,9:59:59.000 of binaries, Debian binaries as they are[br]shipped, as they are released 9:59:59.000,9:59:59.000 and then there is often the need to modify[br]a little bit, 9:59:59.000,9:59:59.000 it might be the kernel, it might be[br]the bootloader, 9:59:59.000,9:59:59.000 it might be a special patched package[br]for whatever reason, 9:59:59.000,9:59:59.000 hopefully good ones. 9:59:59.000,9:59:59.000 You have an infrastructure to assemble[br]the binary images and 9:59:59.000,9:59:59.000 to produce the source packages[br]on demand 9:59:59.000,9:59:59.000 and install that into an image that you[br]then can flash on the device. 9:59:59.000,9:59:59.000 That's the second path we are following,[br]as I said, 9:59:59.000,9:59:59.000 that's just to describe the workflows,[br]the technology behind it is 9:59:59.000,9:59:59.000 not yet standardized in the CIP. 9:59:59.000,9:59:59.000 For us at Siemens, currently,[br]??? 9:59:59.000,9:59:59.000 it's also ??? based 9:59:59.000,9:59:59.000 yocto-like production, 9:59:59.000,9:59:59.000 but based on the Debian binaries[br]producing a ready-to-install device image. 9:59:59.000,9:59:59.000 We look at the situation. 9:59:59.000,9:59:59.000 So what is Debian providing? 9:59:59.000,9:59:59.000 Well, a large set of packages, a nice[br]level of support, 3 + 2 years LTS mostly. 9:59:59.000,9:59:59.000 That's already great, I mean there's[br]everything available, 9:59:59.000,9:59:59.000 almost everything in the world of[br]Free Software, we can get via Debian. 9:59:59.000,9:59:59.000 The build, it supports native build. 9:59:59.000,9:59:59.000 That's also an advantage, because finding[br]after 10 years, 15 years with cross buildā€¦ 9:59:59.000,9:59:59.000 There's always a problem with[br]cross building, even a little bit. 9:59:59.000,9:59:59.000 So this is a good strategy to go, although[br]you're also working on cross build 9:59:59.000,9:59:59.000 that may be interesting for certain[br]scenarios as well for us 9:59:59.000,9:59:59.000 and we're all discussing this these days, 9:59:59.000,9:59:59.000 reproducible builds is also very important[br]for us 9:59:59.000,9:59:59.000 because we also have to prove that[br]the delta is really only on the delta 9:59:59.000,9:59:59.000 that has to be changed and not anything[br]else and 9:59:59.000,9:59:59.000 we have to rebuild something for[br]whatever reason, 9:59:59.000,9:59:59.000 we don't want to produce a completely[br]different image in the end. 9:59:59.000,9:59:59.000 So it's a very important topic. 9:59:59.000,9:59:59.000 I mentioned already before the license[br]compliance topics. 9:59:59.000,9:59:59.000 I'm not really deep expert on all the[br]licensing thing, 9:59:59.000,9:59:59.000 except when I have to be because some[br]customer asks us internally 9:59:59.000,9:59:59.000 how to be compliant and how to solve[br]certain compliance findings. 9:59:59.000,9:59:59.000 A colleague of mine, ??? example[br]who's maintaining the fossology project 9:59:59.000,9:59:59.000 is way more in this because we have also[br]our infrastructure 9:59:59.000,9:59:59.000 to ensure license compliance and identify[br]packages, ??? 9:59:59.000,9:59:59.000 and the idea, as far as I heard, is to[br]combine these kinds of activity 9:59:59.000,9:59:59.000 so that Debian can also use the information[br]that this kind of scanners produce 9:59:59.000,9:59:59.000 like spdx formats and build it into[br]the Debian 5 next generations. 9:59:59.000,9:59:59.000 In turn, we can extract this information[br]and ensure that they are still valid 9:59:59.000,9:59:59.000 when we take a package. 9:59:59.000,9:59:59.000 So there's a lot of activity already[br]in this area 9:59:59.000,9:59:59.000 and of course testing, not to mention. 9:59:59.000,9:59:59.000 So, what we need to require here,[br]as I said. 9:59:59.000,9:59:59.000 One thing is we will need a longer support[br]phase. 9:59:59.000,9:59:59.000 The number of packages fortunately is[br]much lower. 9:59:59.000,9:59:59.000 As I said, something like 200 at most is[br]what we're currently heading for 9:59:59.000,9:59:59.000 for most of our devices. 9:59:59.000,9:59:59.000 We have the need to both build natively and[br]cross build predominantly 9:59:59.000,9:59:59.000 in the development phase, 9:59:59.000,9:59:59.000 but there might also cases where it might[br]be useful for a product image 9:59:59.000,9:59:59.000 but predominantly it's for development[br]phase, you want to 9:59:59.000,9:59:59.000 ??? when you are building on on x64 ARM[br]for example. 9:59:59.000,9:59:59.000 The binary source packages should be[br]managed and reproducible. 9:59:59.000,9:59:59.000 The license compliance already[br]mentioned. 9:59:59.000,9:59:59.000 And the testing activity is also something[br]that we want to improve on further. 9:59:59.000,9:59:59.000 So, where we see the collaboration. 9:59:59.000,9:59:59.000 Already mentioned long term maintenance[br]for packages, 9:59:59.000,9:59:59.000 that's definitely an area where we are[br]reaching out and we are in discussion. 9:59:59.000,9:59:59.000 Contributing to Debian cross, there's[br]activities going on this area. 9:59:59.000,9:59:59.000 Reproducible builds, we had some[br]discussion, Holger and Chris, these days 9:59:59.000,9:59:59.000 where we could possibly support you[br]on this. 9:59:59.000,9:59:59.000 It's not our topmost priority at[br]this point but it's obvious that 9:59:59.000,9:59:59.000 it will become in the future. 9:59:59.000,9:59:59.000 Also, a way possibly interesting for you, 9:59:59.000,9:59:59.000 I think there is a good chance that[br]these activities also open up 9:59:59.000,9:59:59.000 more adoption in the ???[br]of Debian. 9:59:59.000,9:59:59.000 Because we are also discussing this kind[br]of things with our suppliers, 9:59:59.000,9:59:59.000 means the silicon vendors, pushing them[br]to be more upstream 9:59:59.000,9:59:59.000 in order to have it easier for us to[br]integrate their work in our systems 9:59:59.000,9:59:59.000 and eventually, also enabling them to[br]use the same mechanism that we are using 9:59:59.000,9:59:59.000 for building our images to build there[br]our customer SDKs 9:59:59.000,9:59:59.000 or however they call them 9:59:59.000,9:59:59.000 and that can create a large ecosystem. 9:59:59.000,9:59:59.000 We have been discussing already with[br]some of these vendors 9:59:59.000,9:59:59.000 and some are actually interested[br]in Debian as well as a default image 9:59:59.000,9:59:59.000 to replace those not so successful[br]source build approaches 9:59:59.000,9:59:59.000 that are out there in the field[br]eventually with something more easy to use 9:59:59.000,9:59:59.000 An other area I really like to see that[br]we have collaboration on 9:59:59.000,9:59:59.000 is regarding the license result. 9:59:59.000,9:59:59.000 We, at Siemens, currently are running[br]through with this subset package 9:59:59.000,9:59:59.000 that fossology run 9:59:59.000,9:59:59.000 and I would like to see the result of[br]this run, comparing it to what 9:59:59.000,9:59:59.000 Debian is currently reporting in the[br]metadata 9:59:59.000,9:59:59.000 if there are any gaps, anything that our[br]experts say 9:59:59.000,9:59:59.000 "Ok, you should document it more that way"[br]or "There is something missing" 9:59:59.000,9:59:59.000 and of course report these issues upstream 9:59:59.000,9:59:59.000 because eventually, I don't want to rescan[br]every single security update package 9:59:59.000,9:59:59.000 internally again if you did already. 9:59:59.000,9:59:59.000 That should just run through and[br]we should have the trust that 9:59:59.000,9:59:59.000 this information is accurate and we can[br]rely on that. 9:59:59.000,9:59:59.000 That's the vision behind it. 9:59:59.000,9:59:59.000 Test cases would be also an area where[br]we see a chance to contribute something. 9:59:59.000,9:59:59.000 Further things we are discussing might be[br]not that interesting for Debian, 9:59:59.000,9:59:59.000 but it's interesting in general. 9:59:59.000,9:59:59.000 Functional safety activities, you'd be[br]surprised how many people are asking for 9:59:59.000,9:59:59.000 functional safe Linux these days, 9:59:59.000,9:59:59.000 may it be for automotive, but also for[br]industrial purposes. 9:59:59.000,9:59:59.000 Worth mentioning, actually, is the[br]security standard this way. 9:59:59.000,9:59:59.000 So even if you're not involved in all[br]this IEC whatever stuff, 9:59:59.000,9:59:59.000 it's interesting because this is pushing[br]us, in industry, 9:59:59.000,9:59:59.000 to do things like update strategies[br]even more consistently 9:59:59.000,9:59:59.000 and ensure that the image that we ship[br]is integer, 9:59:59.000,9:59:59.000 so that it's really the original image. 9:59:59.000,9:59:59.000 Up to the questions of how to secure[br]the boot 9:59:59.000,9:59:59.000 and how to secure the system is running. 9:59:59.000,9:59:59.000 That helps us to argue internally and[br]externally for consolidation 9:59:59.000,9:59:59.000 and that helps us currently to push[br]a lot of these users 9:59:59.000,9:59:59.000 towards Debian solutions. 9:59:59.000,9:59:59.000 One of our units did once a survey,[br]recently actually, 9:59:59.000,9:59:59.000 about how many Linux systems they have[br]there, and they counted 99 balloons 9:59:59.000,9:59:59.000 erm, Linux systems, actually 9:59:59.000,9:59:59.000 and of course you can imagine[br]it's pretty hard to maintain 99 variants 9:59:59.000,9:59:59.000 in the field out there. 9:59:59.000,9:59:59.000 So they are one of the most prominent[br]drivers inside our company 9:59:59.000,9:59:59.000 to consolidate the systems and we are[br]currently consolidating over Debian. 9:59:59.000,9:59:59.000 Not everything, but most of it. 9:59:59.000,9:59:59.000 And then there is this doomsday date[br]as well, 9:59:59.000,9:59:59.000 which is an increasing concern because[br]you can imagine that 9:59:59.000,9:59:59.000 if you are building a device today, maybe[br]it's out of business in 10 years, 9:59:59.000,9:59:59.000 Ok you're lucky, maybe it's still running[br]in 20 years and it's not yet ready for 2038 9:59:59.000,9:59:59.000 and then we have a problem. 9:59:59.000,9:59:59.000 That's things ??? going on currently[br]already, 9:59:59.000,9:59:59.000 so one ??? for example is sponsoring[br]activities in glibc to prove the topic 9:59:59.000,9:59:59.000 and as a consortium, the CIP group be also[br]looking into this, 9:59:59.000,9:59:59.000 we would not jump in on things but[br]which have already been happening 9:59:59.000,9:59:59.000 but if there are gaps up there, then we will[br]possibly jump in here as well. 9:59:59.000,9:59:59.000 So, to summarize. 9:59:59.000,9:59:59.000 We believe, I personally as well,[br]very strongly 9:59:59.000,9:59:59.000 that our infrastructure is[br]way too critical[br] 9:59:59.000,9:59:59.000 to run ??? 9:59:59.000,9:59:59.000 which is happening, not everywhere,[br]fortunately 9:59:59.000,9:59:59.000 and we can improve on this, together 9:59:59.000,9:59:59.000 because there is a strong interest[br]in our group 9:59:59.000,9:59:59.000 to enable and preserve an open source[br]base layer for this environment. 9:59:59.000,9:59:59.000 We chose Debian as a solid foundation[br]because we believe that 9:59:59.000,9:59:59.000 this is technically a good solution 9:59:59.000,9:59:59.000 and it's also a good solution because[br]it's a community approach 9:59:59.000,9:59:59.000 that we are also following. 9:59:59.000,9:59:59.000 We see that we don't differentiate[br]over this base layer, 9:59:59.000,9:59:59.000 we differentiate between our competitors[br]on the higher functionality, 9:59:59.000,9:59:59.000 on the integration, but not what is[br]in details running underneath. 9:59:59.000,9:59:59.000 This is a great great point to collaborate[br]and to work together. 9:59:59.000,9:59:59.000 CIP is really looking forward to ???[br]support