English titulky

← Getting (more) Debian into our civil infrastructure

Získať kód na vloženie
1 Language

Ukazujem Revíziu 10 vytvorenú 07/10/2018 od tvincent.

  1. Nesynchronizované
    Welcome back, the next talk will be
    Jan Kiszka
  2. Nesynchronizované
    on Getting more Debian into our
    civil infrastructure.
  3. Nesynchronizované
    Thank you Michael.
  4. Nesynchronizované
    So my name is Jan Kiszka,
  5. Nesynchronizované
    you may not know me, I'm not a Debian
    Developer, not a Debian Maintainer.
  6. Nesynchronizované
    I'm just an upstream hacker.
  7. Nesynchronizované
    I'm working for Siemens
  8. Nesynchronizované
    and part of the Linux team there
    for now 10 years actually,
  9. Nesynchronizované
    more than 10 years.
  10. Nesynchronizované
    We are supporting our business units
    in getting Linux into the products successfully
  11. Nesynchronizované
    for that long time, even longer actually.
  12. Nesynchronizované
    Today, I'm representing a collaborative
    project that has some relationship
  13. Nesynchronizované
    with Debian, and more soon.
  14. Nesynchronizované
    First of all, maybe a surprise to some
    of you,
  15. Nesynchronizované
    our civilization is heavily running on Linux
    and you may now think about
  16. Nesynchronizované
    this kind of devices where some kind of
    Linux inside,
  17. Nesynchronizované
    or you may think of the cloud servers
    running Linux inside.
  18. Nesynchronizované
    But actually, this is about devices closer
    to us.
  19. Nesynchronizované
    In all our infrastructure,
  20. Nesynchronizované
    there are control systems, there are
    management systems included
  21. Nesynchronizované
    and many many of them run Linux inside.
  22. Nesynchronizované
    Maybe if you are traveling with Deutsche
    Bahn to this event these days,
  23. Nesynchronizované
    there was some Linux system on the train
    as well,
  24. Nesynchronizované
    as they were on the ???,
    so on the control side.
  25. Nesynchronizované
    Energy generation.
  26. Nesynchronizované
    Power plants, they are also run with Linux
  27. Nesynchronizované
    in very interesting ways, in positive ways
  28. Nesynchronizované
    Industry automation, the factories, they
    have control systems inside
  29. Nesynchronizované
    and quite a few are running Linux inside.
  30. Nesynchronizované
    And also other systems like health care,
    diagnostic systems.
  31. Nesynchronizované
    These big balls up there, they're magnetic
    resonance imaging systems,
  32. Nesynchronizované
    they're running on Linux for over
    a decade now.
  33. Nesynchronizované
    Building automation, not at home but in
    the professional building area.
  34. Nesynchronizované
    Actually, as I said, the train systems are
    going to be more on Debian soon.
  35. Nesynchronizované
    We have Debian for quite a while in
    power generation.
  36. Nesynchronizované
    "We", in this case, Siemens.
  37. Nesynchronizované
    We have the box underneath,
    on the third row,
  38. Nesynchronizované
    the industrial switch there is running
  39. Nesynchronizované
    And the health care device is still
    on Ubuntu, but soon will be Debian as well.
  40. Nesynchronizované
    Just to give some examples.
  41. Nesynchronizované
    These are the areas where we, as a group,
    and we, as Siemens, are active.
  42. Nesynchronizované
    But there are some problems with this.
  43. Nesynchronizované
    Just take an example from a railway
  44. Nesynchronizované
    Usually, this kind of devices installation,
    they have a lifetime
  45. Nesynchronizované
    of 25, 30 years.
  46. Nesynchronizované
    It used to be quite simple with these
    old devices,
  47. Nesynchronizované
    simple in the sense that it was mechanic,
    it was pretty robust
  48. Nesynchronizované
    I was once told that one of these locking
  49. Nesynchronizované
    they were basically left in a box out there
    for 50 years and no one entered the ???
  50. Nesynchronizované
    No one touched the whole thing for 50 years
  51. Nesynchronizované
    These times are a little bit over.
  52. Nesynchronizované
    Nowadays, we have more electronic systems
    in these systems
  53. Nesynchronizované
    and they contain of course software.
  54. Nesynchronizované
    What does it mean?
  55. Nesynchronizované
    Just to give you an idea, how this kind
    of development looks like in this domain.
  56. Nesynchronizované
    So ???
  57. Nesynchronizované
    development takes quite a long time
    until the product is ready,
  58. Nesynchronizované
    3 to 5 years.
  59. Nesynchronizované
    Then, in the railway domain, it's mostly
    about customizing the systems
  60. Nesynchronizované
    for specific installations of the railway
  61. Nesynchronizované
    not only in Europe, they are kind of messy
    regarding the differences.
  62. Nesynchronizované
    So you have specific requirements of the
    customer, the railway operators
  63. Nesynchronizované
    to adjust these systems for their needs.
  64. Nesynchronizované
    And you see by then,
  65. Nesynchronizované
    after 5 years already, a Debian version
    would be out of maintenance and
  66. Nesynchronizované
    if you add an other year, you can start
    over again.
  67. Nesynchronizované
    So, in the development time, you may
    change still the system
  68. Nesynchronizované
    but later on, it's getting hard to change
    the system ???
  69. Nesynchronizované
    because then the interesting parts start
    in this domain, not only in this domain,
  70. Nesynchronizované
    that's safety and security assessment and
    approval for these systems.
  71. Nesynchronizované
    And that also takes time.
  72. Nesynchronizované
    For example, in Germany, you go for the
    Eisenbahn ???
  73. Nesynchronizované
    and you ask to get a permission to run
    that train on the track
  74. Nesynchronizované
    and if they say "Mmh, not happy with it",
    you do it over again
  75. Nesynchronizované
    and it takes time
  76. Nesynchronizované
    and if you change something in the
    system, it becomes interesting
  77. Nesynchronizované
    because some of these certification
    aspects become invalid,
  78. Nesynchronizované
    you have to redo it.
  79. Nesynchronizované
    And then of course, these trains on
    the installation,
  80. Nesynchronizované
    the have a long life as I mentioned
  81. Nesynchronizované
    So how do you deal with this in
    an electronic device and
  82. Nesynchronizované
    in software-driven devices over
    this long phase?
  83. Nesynchronizované
    That's our challenge
  84. Nesynchronizované
    and just one example and there are
    more in this area.
  85. Nesynchronizované
    At the same time, what we see now is
    these fancy buzzwords
  86. Nesynchronizované
    from cloud business entering
    our conservative, slowly moving domain.
  87. Nesynchronizované
    We talk about IoT, industrial IoT, so
    connected devices.
  88. Nesynchronizované
    We talk about edge computing, it means
    getting the power of the cloud
  89. Nesynchronizované
    to the device in the field, closer to
    where the real things happen.
  90. Nesynchronizované
    So, networking becomes a topic.
  91. Nesynchronizované
    In the past, you basically built a system,
    you locked it up physically
  92. Nesynchronizované
    you never touched it again, except
    the customer complains that
  93. Nesynchronizované
    there were some bug inside.
  94. Nesynchronizované
    These days, the customer asks us to
    do a frequent update.
  95. Nesynchronizované
    And actually the customers ???
    ask for this.
  96. Nesynchronizované
    So you have to have some security
    maintenance concept in this
  97. Nesynchronizované
    which means regular updates, regular fixes
  98. Nesynchronizované
    and that is of course ???
    for this kind of doing the way you have
  99. Nesynchronizované
    slow running and long running
    support cycles.
  100. Nesynchronizované
    To summarize, there's a very long time
    we have to maintain our devices in the field
  101. Nesynchronizované
    and so far, this was mostly done
  102. Nesynchronizované
    So each company, and sometimes quite
    frequently also inside the company,
  103. Nesynchronizované
    each product group, development ???
    did it individually.
  104. Nesynchronizované
    So everyone was having their own kernel,
    everyone was having their own base system,
  105. Nesynchronizované
    it was easy to build up so it should be
    easy to maintain.
  106. Nesynchronizované
    Of course it's not.
  107. Nesynchronizované
    This was one thing, one important thing.
  108. Nesynchronizované
    And then, of course, we not always are
    completely happy
  109. Nesynchronizované
    with what the free software gives us.
  110. Nesynchronizované
    There are some needs to make things
    more robust,
  111. Nesynchronizované
    to make things more secure, reliable.
  112. Nesynchronizované
    So we have to work with these components
    and improve them, mostly upstream,
  113. Nesynchronizované
    and that, of course, is not a challenge
    we have to address in this area.
  114. Nesynchronizované
    And catch up with a trend coming in from
    the service space on the cloud space.
  115. Nesynchronizované
    So with this challenge…
  116. Nesynchronizované
    it was the point where we, in this case,
    a number of big users of
  117. Nesynchronizované
    industrial open source systems,
  118. Nesynchronizované
    came together and created a new
    collaborative project.
  119. Nesynchronizované
    That's what you do in the open source
  120. Nesynchronizované
    This project is called Civil Infrastructure
  121. Nesynchronizované
    It's under the umbrella of the Linux
  122. Nesynchronizované
    there are many projects of the Linux
    Foundation you may have seen,
  123. Nesynchronizované
    but most of them are more in the area
    of cloud computing
  124. Nesynchronizované
    or in the area of media.
  125. Nesynchronizované
    Automotive computing, this one is actually
    even more conservative than the other ones
  126. Nesynchronizované
    and it's also comparably small.
  127. Nesynchronizované
    Our goal is to build this open source
    base layer for these application scenarios
  128. Nesynchronizované
    based on free software, based on Linux.
  129. Nesynchronizované
    We started two years ago.
  130. Nesynchronizované
    That's basically our structure, to give
    you an idea.
  131. Nesynchronizované
    Member companies, the 3 on the top are
    founding platinum companies,
  132. Nesynchronizované
    Hitachi, Toshiba and Siemens.
  133. Nesynchronizované
    We have Codethink and Plat'Home
    on board,
  134. Nesynchronizované
    we had them on board for the first time
    as well.
  135. Nesynchronizované
    Renesas joined us and just recently also
  136. Nesynchronizované
    So if you compare this with other
    collaborative projects,
  137. Nesynchronizované
    it's a pretty small one, comparatively
    small one,
  138. Nesynchronizované
    so our budget is also limited.
  139. Nesynchronizované
    It's still decent enough, but, well,
    we are growing.
  140. Nesynchronizované
    And based on this budget, we have
    some developers being paid,
  141. Nesynchronizované
    Ben is paid this way, you will see
    later on why.
  142. Nesynchronizované
    And we have people working from
    the companies in the communities
  143. Nesynchronizované
    and we are ramping up on working with
  144. Nesynchronizované
    to improve the base layers for our needs.
  145. Nesynchronizované
    Everything is open source, we have
    a GitLab repo as well and
  146. Nesynchronizované
    you can look up there what's going on there.
  147. Nesynchronizované
    So, the main areas of activities where
    we are working on right now.
  148. Nesynchronizované
    4 areas.
  149. Nesynchronizované
    Kernel maintenance,
  150. Nesynchronizované
    we started with declaring one kernel as
    the CIP kernel to have
  151. Nesynchronizované
    an extended support phase for this kernel
    of 10 years.
  152. Nesynchronizované
    This is what we're aiming for, which is
    feasible already
  153. Nesynchronizované
    for some enterprise distros
    in a specific area
  154. Nesynchronizované
    but here we are talking about an industrial
    area, an embedded area
  155. Nesynchronizované
    so there is some challenge.
  156. Nesynchronizované
    I'm saying 10 years, there's sometimes
    written 15 years,
  157. Nesynchronizované
    we will see after 10 years if we follow
    on to this.
  158. Nesynchronizované
    Along with this, of course, comes the need
    for real time support.
  159. Nesynchronizované
    Currently, it's a separated branch, but
    it's going to be integrated eventually
  160. Nesynchronizované
    to have the PREEMPT_RT branch
    ??? doing this.
  161. Nesynchronizované
    As I mentioned before, Ben is currently
    our 4.4 CIP kernel maintainer.
  162. Nesynchronizované
    This is the core, basically where we
    started activities.
  163. Nesynchronizované
    We continued in extending this on
    test infrastructure,
  164. Nesynchronizované
    so we invested a bit in improving on
    ??? infrastructure,
  165. Nesynchronizované
    we are now ramping up an internal
    ??? just to enable
  166. Nesynchronizované
    the kernel testing of course.
  167. Nesynchronizované
    And then, that's actually what I'd like
    to talk about today a bit more,
  168. Nesynchronizované
    there's a CIP core.
  169. Nesynchronizované
    The kernel alone doesn't make a system,
    you need a user space,
  170. Nesynchronizované
    you need a user land and that's basically
    where we are now focusing on,
  171. Nesynchronizované
    ramping up.
  172. Nesynchronizované
    Our activity is to define this CIP core,
    means a base system,
  173. Nesynchronizované
    user space base system which you want
    to maintain as long as the kernel,
  174. Nesynchronizované
    so an other 10 years thing.
  175. Nesynchronizované
    Our group had a couple of members which
    were already familiar with Debian before.
  176. Nesynchronizované
    So it was pretty easy for that group
    to decide on
  177. Nesynchronizované
    choosing Debian as the base source
    for our core, CIP core package.
  178. Nesynchronizované
    So, why was Debian chosen?
  179. Nesynchronizované
    Well, it has an outstanding maturity and
    a focus on stability,
  180. Nesynchronizované
    so we are pretty much aligned regarding
    how conservative we see certain things
  181. Nesynchronizované
    which is a positive thing for us.
  182. Nesynchronizované
    It has very professional security properties
    but we also rely on heavily.
  183. Nesynchronizované
    And also another interesting aspect for us
    is the license hygiene that you are after
  184. Nesynchronizované
    to ensure that there is only free software
    in these packages
  185. Nesynchronizované
    and that is properly documented.
  186. Nesynchronizované
    We, when we are using and redistributing
  187. Nesynchronizované
    in contrast to, for example, the service space
  188. Nesynchronizované
    when you don't usually redistribute things,
  189. Nesynchronizované
    we are redistributing devices, so we are
    redistributing software,
  190. Nesynchronizované
    we have to take care of the licenses
    that we are redistributing
  191. Nesynchronizované
    and that we are compliant with all these
    licenses included.
  192. Nesynchronizované
    So it's very important for us that this is
    a consistent picture we get from the package.
  193. Nesynchronizované
    Someone looked at this already, we are still
    looking ourselves on this
  194. Nesynchronizované
    but that's a very important thing.
  195. Nesynchronizované
    With these characters, we chose Debian
    as the base system.
  196. Nesynchronizované
    So, what does it mean right now?
  197. Nesynchronizované
    We are currently in the process to select
    the core packages from the Debian packages
  198. Nesynchronizované
    There is still a little bit of ???
  199. Nesynchronizované
    So we are already working with Debian on
    certain long term support aspects
  200. Nesynchronizované
    Just to mention 2 activities,
  201. Nesynchronizované
    we were sponsoring already the staging
    repo for security master.
  202. Nesynchronizované
    Actually I'm ??? aware of the current
    state of the project
  203. Nesynchronizované
    but we got the feedback that it's
    apparently a valuable thing for LTS activity
  204. Nesynchronizované
    We just joined LTS platinum sponsoring
    and we are now involved in discussion
  205. Nesynchronizované
    for this extended LTS activity,
  206. Nesynchronizované
    so anything beyond 5 years
  207. Nesynchronizované
    and in the end, that's what we committed
    to our users.
  208. Nesynchronizované
    We want to ensure that for the base system
    the 10 years is reached.
  209. Nesynchronizované
    Of course, ideally, in the community,
    not only based on our personal activities
  210. Nesynchronizované
    but in the end, we have to fill the gap
  211. Nesynchronizované
    and that's basically our commitment
    on this.
  212. Nesynchronizované
    Don't take literally what is written here.
  213. Nesynchronizované
    This is basically to reflect the package set
    we are discussing
  214. Nesynchronizované
    and there are some 30 to 300 packages
    on the discussion, so to say right now
  215. Nesynchronizované
    We're condensing basically all the input
    from our users, from our members,
  216. Nesynchronizované
    what they are using already
  217. Nesynchronizované
    and there is a difference we will later
    on where this comes from
  218. Nesynchronizované
    in the amount of packages, if the way
    they're using.
  219. Nesynchronizované
    So, the kernel currently is not part of
    the Debian thing we import,
  220. Nesynchronizované
    although some of our users would directly
    use a Debian kernel
  221. Nesynchronizované
    but as I said, when there's a need for
    additional activities and
  222. Nesynchronizované
    that's why CIP Core comes in
  223. Nesynchronizované
    but then we have a set of base packages
  224. Nesynchronizované
    and then of course, we also have to have
    a certain set of packages that we need to keep
  225. Nesynchronizované
    in a usable way to ensure reproducibility
    of this base set.
  226. Nesynchronizované
    Because if we want to fix something
    after 9 years in the field
  227. Nesynchronizované
    on a base system produced in the past,
  228. Nesynchronizované
    we have to ensure if we can come up
    with the same result
  229. Nesynchronizované
    plus the delta.
  230. Nesynchronizované
    So there are different ways how to build
    a system
  231. Nesynchronizované
    and compared to the classic installation
  232. Nesynchronizované
    you may know from a desktop or a server
    you're not installing,
  233. Nesynchronizované
    we are prebuilding images and then deploy
    these images on the devices
  234. Nesynchronizované
    either in the factory or out there
    in the field.
  235. Nesynchronizované
    So the challenge for us is, if we have
    this package list,
  236. Nesynchronizované
    how to get to the device image.
  237. Nesynchronizované
    So just to give you a brief idea, of course
    there is some input
  238. Nesynchronizované
    from the CIP kernel in source form
  239. Nesynchronizované
    then we are using ???
    prebuilt binary packages from Debian
  240. Nesynchronizované
    and/or source package, the source feed
    from Debian,
  241. Nesynchronizované
    the upstream source but the Debian patches
    as input feeds
  242. Nesynchronizované
    and that comes bound to a minimum
    base system to be generated
  243. Nesynchronizované
    and we are currently working on this.
  244. Nesynchronizované
    There is no defined way of producing
    this image within CIP at this point,
  245. Nesynchronizované
    we are basically following two paths.
  246. Nesynchronizované
    One of them is the path which is dominated
    by the idea
  247. Nesynchronizované
    "Ok, we have to ensure we, in this case
    the ??? environments
  248. Nesynchronizované
    have to ensure to reproduce the image
    ourself, the binaries ourself"
  249. Nesynchronizované
    so we take the maintain sources from
    the Debian community
  250. Nesynchronizované
    but we rebuilt and then generate a new
    binary ??? out of this.
  251. Nesynchronizované
    That's one way and that's an activity
    which you have heard about,
  252. Nesynchronizované
    meta-debian project prominently driven
    by Toshiba,
  253. Nesynchronizované
    which uses the ???
    way of producing a base system
  254. Nesynchronizované
    but out of Debian sources so that you have
    a maintained source input feed
  255. Nesynchronizované
    for this production.
  256. Nesynchronizované
    That's one path.
  257. Nesynchronizované
    The other path is using predominantly
    binary packages
  258. Nesynchronizované
    and personally and specific also at Siemens
    we are more following this path here.
  259. Nesynchronizované
    So there is for example the ISAR project,
  260. Nesynchronizované
    ??? is one of their developers here
    as well
  261. Nesynchronizované
    We are working on this path, it means that
    95 or 99% of your image consists originally
  262. Nesynchronizované
    of binaries, Debian binaries as they are
    shipped, as they are released
  263. Nesynchronizované
    and then there is often the need to modify
    a little bit,
  264. Nesynchronizované
    it might be the kernel, it might be
    the bootloader,
  265. Nesynchronizované
    it might be a special patched package
    for whatever reason,
  266. Nesynchronizované
    hopefully good ones.
  267. Nesynchronizované
    You have an infrastructure to assemble
    the binary images and
  268. Nesynchronizované
    to produce the source packages
    on demand
  269. Nesynchronizované
    and install that into an image that you
    then can flash on the device.
  270. Nesynchronizované
    That's the second path we are following,
    as I said,
  271. Nesynchronizované
    that's just to describe the workflows,
    the technology behind it is
  272. Nesynchronizované
    not yet standardized in the CIP.
  273. Nesynchronizované
    For us at Siemens, currently,
  274. Nesynchronizované
    it's also ??? based
  275. Nesynchronizované
    yocto-like production,
  276. Nesynchronizované
    but based on the Debian binaries
    producing a ready-to-install device image.
  277. Nesynchronizované
    We look at the situation.
  278. Nesynchronizované
    So what is Debian providing?
  279. Nesynchronizované
    Well, a large set of packages, a nice
    level of support, 3 + 2 years LTS mostly.
  280. Nesynchronizované
    That's already great, I mean there's
    everything available,
  281. Nesynchronizované
    almost everything in the world of
    Free Software, we can get via Debian.
  282. Nesynchronizované
    The build, it supports native build.
  283. Nesynchronizované
    That's also an advantage, because finding
    after 10 years, 15 years with cross build…
  284. Nesynchronizované
    There's always a problem with
    cross building, even a little bit.
  285. Nesynchronizované
    So this is a good strategy to go, although
    you're also working on cross build
  286. Nesynchronizované
    that may be interesting for certain
    scenarios as well for us
  287. Nesynchronizované
    and we're all discussing this these days,
  288. Nesynchronizované
    reproducible builds is also very important
    for us
  289. Nesynchronizované
    because we also have to prove that
    the delta is really only on the delta
  290. Nesynchronizované
    that has to be changed and not anything
    else and
  291. Nesynchronizované
    we have to rebuild something for
    whatever reason,
  292. Nesynchronizované
    we don't want to produce a completely
    different image in the end.
  293. Nesynchronizované
    So it's a very important topic.
  294. Nesynchronizované
    I mentioned already before the license
    compliance topics.
  295. Nesynchronizované
    I'm not really deep expert on all the
    licensing thing,
  296. Nesynchronizované
    except when I have to be because some
    customer asks us internally
  297. Nesynchronizované
    how to be compliant and how to solve
    certain compliance findings.
  298. Nesynchronizované
    A colleague of mine, ??? example
    who's maintaining the fossology project
  299. Nesynchronizované
    is way more in this because we have also
    our infrastructure
  300. Nesynchronizované
    to ensure license compliance and identify
    packages, ???
  301. Nesynchronizované
    and the idea, as far as I heard, is to
    combine these kinds of activity
  302. Nesynchronizované
    so that Debian can also use the information
    that this kind of scanners produce
  303. Nesynchronizované
    like spdx formats and build it into
    the Debian 5 next generations.
  304. Nesynchronizované
    In turn, we can extract this information
    and ensure that they are still valid
  305. Nesynchronizované
    when we take a package.
  306. Nesynchronizované
    So there's a lot of activity already
    in this area
  307. Nesynchronizované
    and of course testing, not to mention.
  308. Nesynchronizované
    So, what we need to require here,
    as I said.
  309. Nesynchronizované
    One thing is we will need a longer support
  310. Nesynchronizované
    The number of packages fortunately is
    much lower.
  311. Nesynchronizované
    As I said, something like 200 at most is
    what we're currently heading for
  312. Nesynchronizované
    for most of our devices.
  313. Nesynchronizované
    We have the need to both build natively and
    cross build predominantly
  314. Nesynchronizované
    in the development phase,
  315. Nesynchronizované
    but there might also cases where it might
    be useful for a product image
  316. Nesynchronizované
    but predominantly it's for development
    phase, you want to
  317. Nesynchronizované
    ??? when you are building on on x64 ARM
    for example.
  318. Nesynchronizované
    The binary source packages should be
    managed and reproducible.
  319. Nesynchronizované
    The license compliance already
  320. Nesynchronizované
    And the testing activity is also something
    that we want to improve on further.
  321. Nesynchronizované
    So, where we see the collaboration.
  322. Nesynchronizované
    Already mentioned long term maintenance
    for packages,
  323. Nesynchronizované
    that's definitely an area where we are
    reaching out and we are in discussion.
  324. Nesynchronizované
    Contributing to Debian cross, there's
    activities going on this area.
  325. Nesynchronizované
    Reproducible builds, we had some
    discussion, Holger and Chris, these days
  326. Nesynchronizované
    where we could possibly support you
    on this.
  327. Nesynchronizované
    It's not our topmost priority at
    this point but it's obvious that
  328. Nesynchronizované
    it will become in the future.
  329. Nesynchronizované
    Also, a way possibly interesting for you,
  330. Nesynchronizované
    I think there is a good chance that
    these activities also open up
  331. Nesynchronizované
    more adoption in the ???
    of Debian.
  332. Nesynchronizované
    Because we are also discussing this kind
    of things with our suppliers,
  333. Nesynchronizované
    means the silicon vendors, pushing them
    to be more upstream
  334. Nesynchronizované
    in order to have it easier for us to
    integrate their work in our systems
  335. Nesynchronizované
    and eventually, also enabling them to
    use the same mechanism that we are using
  336. Nesynchronizované
    for building our images to build there
    our customer SDKs
  337. Nesynchronizované
    or however they call them
  338. Nesynchronizované
    and that can create a large ecosystem.
  339. Nesynchronizované
    We have been discussing already with
    some of these vendors
  340. Nesynchronizované
    and some are actually interested
    in Debian as well as a default image
  341. Nesynchronizované
    to replace those not so successful
    source build approaches
  342. Nesynchronizované
    that are out there in the field
    eventually with something more easy to use
  343. Nesynchronizované
    An other area I really like to see that
    we have collaboration on
  344. Nesynchronizované
    is regarding the license result.
  345. Nesynchronizované
    We, at Siemens, currently are running
    through with this subset package
  346. Nesynchronizované
    that fossology run
  347. Nesynchronizované
    and I would like to see the result of
    this run, comparing it to what
  348. Nesynchronizované
    Debian is currently reporting in the
  349. Nesynchronizované
    if there are any gaps, anything that our
    experts say
  350. Nesynchronizované
    "Ok, you should document it more that way"
    or "There is something missing"
  351. Nesynchronizované
    and of course report these issues upstream
  352. Nesynchronizované
    because eventually, I don't want to rescan
    every single security update package
  353. Nesynchronizované
    internally again if you did already.
  354. Nesynchronizované
    That should just run through and
    we should have the trust that
  355. Nesynchronizované
    this information is accurate and we can
    rely on that.
  356. Nesynchronizované
    That's the vision behind it.
  357. Nesynchronizované
    Test cases would be also an area where
    we see a chance to contribute something.
  358. Nesynchronizované
    Further things we are discussing might be
    not that interesting for Debian,
  359. Nesynchronizované
    but it's interesting in general.
  360. Nesynchronizované
    Functional safety activities, you'd be
    surprised how many people are asking for
  361. Nesynchronizované
    functional safe Linux these days,
  362. Nesynchronizované
    may it be for automotive, but also for
    industrial purposes.
  363. Nesynchronizované
    Worth mentioning, actually, is the
    security standard this way.
  364. Nesynchronizované
    So even if you're not involved in all
    this IEC whatever stuff,
  365. Nesynchronizované
    it's interesting because this is pushing
    us, in industry,
  366. Nesynchronizované
    to do things like update strategies
    even more consistently
  367. Nesynchronizované
    and ensure that the image that we ship
    is integer,
  368. Nesynchronizované
    so that it's really the original image.
  369. Nesynchronizované
    Up to the questions of how to secure
    the boot
  370. Nesynchronizované
    and how to secure the system is running.
  371. Nesynchronizované
    That helps us to argue internally and
    externally for consolidation
  372. Nesynchronizované
    and that helps us currently to push
    a lot of these users
  373. Nesynchronizované
    towards Debian solutions.
  374. Nesynchronizované
    One of our units did once a survey,
    recently actually,
  375. Nesynchronizované
    about how many Linux systems they have
    there, and they counted 99 balloons
  376. Nesynchronizované
    erm, Linux systems, actually
  377. Nesynchronizované
    and of course you can imagine
    it's pretty hard to maintain 99 variants
  378. Nesynchronizované
    in the field out there.
  379. Nesynchronizované
    So they are one of the most prominent
    drivers inside our company
  380. Nesynchronizované
    to consolidate the systems and we are
    currently consolidating over Debian.
  381. Nesynchronizované
    Not everything, but most of it.
  382. Nesynchronizované
    And then there is this doomsday date
    as well,
  383. Nesynchronizované
    which is an increasing concern because
    you can imagine that
  384. Nesynchronizované
    if you are building a device today, maybe
    it's out of business in 10 years,
  385. Nesynchronizované
    Ok you're lucky, maybe it's still running
    in 20 years and it's not yet ready for 2038
  386. Nesynchronizované
    and then we have a problem.
  387. Nesynchronizované
    That's things ??? going on currently
  388. Nesynchronizované
    so one ??? for example is sponsoring
    activities in glibc to prove the topic
  389. Nesynchronizované
    and as a consortium, the CIP group be also
    looking into this,
  390. Nesynchronizované
    we would not jump in on things but
    which have already been happening
  391. Nesynchronizované
    but if there are gaps up there, then we will
    possibly jump in here as well.
  392. Nesynchronizované
    So, to summarize.
  393. Nesynchronizované
    We believe, I personally as well,
    very strongly
  394. Nesynchronizované
    that our infrastructure is
    way too critical
  395. Nesynchronizované
    to run ???
  396. Nesynchronizované
    which is happening, not everywhere,
  397. Nesynchronizované
    and we can improve on this, together
  398. Nesynchronizované
    because there is a strong interest
    in our group
  399. Nesynchronizované
    to enable and preserve an open source
    base layer for this environment.
  400. Nesynchronizované
    We chose Debian as a solid foundation
    because we believe that
  401. Nesynchronizované
    this is technically a good solution
  402. Nesynchronizované
    and it's also a good solution because
    it's a community approach
  403. Nesynchronizované
    that we are also following.
  404. Nesynchronizované
    We see that we don't differentiate
    over this base layer,
  405. Nesynchronizované
    we differentiate between our competitors
    on the higher functionality,
  406. Nesynchronizované
    on the integration, but not what is
    in details running underneath.
  407. Nesynchronizované
    This is a great great point to collaborate
    and to work together.
  408. Nesynchronizované
    CIP is really looking forward to ???