The practice of handling with FOSS by GPL v2inthe automotive
1. The practice of handling with
FOSS by GPL v2 in the automotive
Copyright 2018 Byungjoo Hwang(mibbeuda@naver.com)
2. 0. Contents
1. What is GPL v2?
2. Major FOSS as GPL v2
3. GPL v2 ์กฐํญ ๋ถ์(The analysis of GPL v2โs conditions)
4. Open source compliance process
5. Open source compliance and ASPICE
6. Recent issues.
4. 1. What is the GPL v2?
โข Free software license by FSF. It has started GNU project project by Richard Stallman
โข Anyone can use open source that has GPL v2 freely.
โข The any software by GPL v2 can be shared and modified freely by anyone.
Reference: https://www.olis.or.kr/license/Detailselect.do?lId=1004
5. 1. What is the GPL v2?
โข GPL v2 license can be copied, distributed and modified.
Reference: https://www.olis.or.kr/license/Detailselect.do?lId=1004
6. 1. What is the GPL v2?
โข GPL v2 ์คํ ์์ค๋ฅผ ์ฌ์ฉ ํ์๋ค๋ฉด, ํด๋น ์ฝ๋๋ฅผ ๊ณต๊ฐ ํด์ผ ํจ.
โข ๊ทธ์ ํจ๊ป GPL v2์ ๊ณ ์ง๋ฌธ๊ตฌ๋ ๊ฐ์ด ์ฒจ๋ถ.
โข (when using FOSS by GPL v2, author shall disclose own source code with the GPL v2โs notice file of
full text)
Reference: https://www.olis.or.kr/license/Detailselect.do?lId=1004
7. 2. Major FOSS as GPL v2
(FOSS: Free and Open source software)
8. 2.Major FOSS as GPL v2
โข FSF์์ ์ ๊ณตํ๋ ๋ฆฌ๋ ์ค ์ปค๋์ ๋ํ์ ์ธ GPL v2๋ผ์ด์ ์ค
โข Linux Kernel has GPL v2 license provided by FSF.
Reference: https://www.kernel.org/category/faq.html
10. 2.Major FOSS as GPL v2
โข Bash๋ ํ์ฌ GPL v3์ด๋, 3.2.57 ๋ฒ์ ๊น์ง๋ GPL v2
โข Bashโs license is now GPL v3 but it was GPL v2 until v3.2.57
Reference: https://www.gnu.org/software/bash/
12. GPL 2 no.2 condition
2. You may modify your copy or copies of the program or any potion of it, thus forming a
work based on the Program, and copy and distribute such modifications or workunder the terms
of
Section 1 above, provided that you also meet all of these conditions:
b) You must cause any work that you distribute or publish, that in whole or in part contains or is
derived from the Program or any part thereof, to be licensed as a whole at no charge to all thir
d parties under the terms of this license.
Program Modification
์กฐ๊ฑด: GPL v2๋ผ์ด์ ์ค ๊ธฐ
๋ฐ์์, ๋น์ฉ ์์ด
Condition: No charge
based on the GPL v2
๋ฐฐํฌ์
(Distributor)
Recipients
13. FSF (Free Software Foundation) FAQ
Q.)Does the GPL have different requirements for statically vs dynamically liked modules
with a covered work?
A) No. Linking a GPL covered work statcally or dynimically with other modules is making
a combined work based on the GPL covered work. Thus, terms and conditions of GNU
GPL cover the whole combination.
Link: https://www.gnu.org/licenses/gpl-faq.en.html#GPLStaticVsDynamic
GPL
Library
My
code
Combined work based on the
GPL covered work
๋ฐฐํฌ์
(Distributor)
Recipients
(์์ ์)
Link
์กฐ๊ฑด: ์ ์ฒด ๋ชจ๋ GPL v2๋ผ์ด์
์ค, ๋น์ฉ ์์ด
Condition: all source code with
GPL v2 . No charge
14. GPL v2 no.3 condition
3. You may copy and distribute the Program (or a work based on it, under section 2)
in object code or executable form under the terms of Sections 1 and 2 above provided
that you also do one of the following
A) Accompany it with the complete corresponding machine-readable source code,
For an executable code work, complete source code means all the source code for
modules it contains, plus any associated interface definition files, plus the scripts used to
control compilation and installation of the executable.
GPL
executable
Complete
source
code
๋ฐฐํฌ์
(Distributor)
Conditions
์ปดํ์ผ ํ
(after
compileingBuild
script
Recipients
Complete
source
code
15. 3. GPL v2 ์กฐํญ ๋ถ์(The analysis of GPL
v2โs conditions)
1) ๋ฐฐํฌ์๊ฐ GPL v2๋ฅผ ์ผ๋ค๋ฉด, ๋ค๋ฅธ ์์ ์์๊ฒ๋ GPLv2๋ก์ ์
๊ณต. ๋จ ๋น์ฉ ์์.
2) ์์ค ์ฝ๋๋ง ์ ๊ณต ํ๋ ๊ฒ์ด ์๋, ์ปดํ์ผ์ด ๊ฐ๋ฅํ ํ๊ฒฝ ํ์ผ
ํด์ฒด์ธ ๊ฐ์ ๊ฒ๋ ์ ๊ณต.
When The distributor is used by GPL v2, he shall provide own
source code by GPL v2 with no charge to recipients.
Additionally, it shall provide any configuration file or
information with any toolchains for compile by recipients.
17. 4. Open source compliance process
4.1 ๊ฐ๋ฐ ์ด๊ธฐ ๋จ๊ณ( At the beginning phase)
1) ํ๋ก์ ํธ ๋ด ์คํ ์์ค ๋ด๋น์๋ ์๋ ์ฌํญ์ ํ์ธ (The person in charge of FOSS in
your project should check these items below.)
a. ๊ณ ๊ฐ ์๊ตฌ ์ฌํญ์ FOSS์กฐํญ ๋๋ ์๊ตฌ ์ฌํญ์ด ์๋๊ฐ ํ์ธ
Check if it has FOSS terms and conditions in the customer requirements.
์ ๋ฝ OEM์ ๊ฒฝ์ฐ ํน๋ณ ์กฐํญ์ด ์์. ๋ํ Tier2๊ฐ์ third party์๊ฒ ์คํ ์์ค ์ฌ์ฉ ํ ์
์๋ค๋ ์๊ตฌ ์ฌํญ์ด ์์.
Europe OEM have special conditions about FOSS. For example, Tier 1 shall allow third
parties as Tier 2 to permit FOSS.
b. ์ฌ์ฉ ๊ฐ๋ฅํ ๋ผ์ด์ ์ค, ๊ธ์ง๋ ๋ผ์ด์ ์ค๋ฅผ ํ์ (OEM์ ๋ณดํต GPL v3๋, LGPL v3๋ฅผ ์ฌ์ฉ
๊ธ์ง ํ๋ ๊ณณ์ด ์์.
Check if it has accepted or prohibited FOSS licenses ( OEM donโt sometimes allow Tier1
to use GPL v3 or LGPL v3.)
18. 4. Open source compliance process
4.1 ๊ฐ๋ฐ ์ด๊ธฐ ๋จ๊ณ( At the beginning phase)
c. ๋ด๋ถ ํ๋ก์ธ์ค์ ๋ฐ๋ฅผ ๋, ์ ํ ์ ์ ๋จ๊ณ ๊ฐ์ ๊ฒฝ์ฐ, ์ด๋ ํ ์คํ ์์ค๋ฅผ ์ฌ์ฉ ํ ์ง ๋ฏธ๋ฆฌ
์กฐ์ฌ๊ฐ ํ์.
c. Dev team should investigate for open source licenses to be used at the beginning of
dev phase.
d. ์คํ ์์ค ๊ณ ์ง ๋ฌธ๊ตฌ ์ ๊ณต ํ์์ ํฌํ๋ฆฟ์ OEM์ ์์์ ๋ง์ถ์ด ์ ๊ณต ํด์ผ ํ๋์ง ๊ณ
๊ฐ์ฌ์ ํ์ ํ์.
Dev team should negotiate that how many times provide FOSS report to OEM .
When providing FOSS report, Tier1 should check if it would comply OEMโs templates.
OEM์๊ฒ ์ด๋ค ๋ถ์ ๋๊ตฌ๋ฅผ ์ฌ์ฉํ๋์ง ๋ฐ๋์ ํ์๊ฐ ํ์.
Dev team should make a decision about which tools use to OEM.
19. 4. Open source compliance process
4.1 ๊ฐ๋ฐ ์ด๊ธฐ ๋จ๊ณ At the beginning phase
f. ํ๋ก์ ํธ ๋ด 3rd parties๊ฐ ์ฐธ์ฌ ํ์๋ค๋ฉด, ๊ฐ๋ฐ ์ด๊ธฐ ๋จ๊ณ์์ 3rd parties์ ์คํ ์์ค ๊ณ์ฝ
๊ด๋ จ ๋ด์ฉ์ ์๊ฐ ํ๊ณ , ์์ฌ์ FOSS ๋ฆฌํฌํธ์ ๋ง๊ฒ ์ ์ถ ํด์ผ ํจ.
f. In your project, if 3rd parties has joined, Tier 1 should introduce the policies of Tier1โs FOSS
to them. 3rd parties shall submit FOSS report with Tier1โs FOSS template to Tier1 when using
FOSS.
g. ์์ค ์ฝ๋์ ๋ฐ์ด๋๋ฆฌ ํ์ผ์ ๊ณต๊ฐ ํ๋ ๊ฒฝ์ฐ, Tier1์ ์น์ฌ์ดํธ์์ ๊ณต๊ฐ ํ ์ง ๋๋, OEM์ฌ
์ ์ฝ๋์ ๋ฐ์ด๋๋ฆฌ ํ์ผ, Tier 1 ๊ณ ์ง ๋ฌธ๊ตฌ๋ง ์ ๊ณต ํ ์ง๋ ํ์๊ฐ ํ์.
When disclosing source code and binary files, Check if Tier1โs web site or OEMโs website use
for posting FOSS to the public.
h. Automotive์ ๊ฒฝ์ฐ, ๊ณ ์ง ๋ฐฉ๋ฒ์ ๋ํด ๋ฐ๋์ OEM๊ณผ ํ์ ํ์ฌ์ผ ํจ. ์คํฌ๋ฆฐ์ด ์๋ ๊ฒฝ์ฐ๋ฉด,
๋ฐ๋์ ํด๋น ๊ณ ์ง ๋ฌธ๊ตฌ๊ฐ ์คํฌ๋ฆฐ ๋ด ๋ฉ๋ด์ ๋ณด์ฌ์ผ ํ๋ ๊ฒฝ์ฐ๊ฐ ์์.
In the automotive field, Tier1 shall negotiate the way of how to notice FOSS license full text
with OEM. If any products has the display, There is any case that the license full text for FOSS
shall displayed in the menu.
20. 4. Open source compliance process
4.2 ๊ฐ๋ฐ ์ค๊ฐ ๋จ๊ณ (4.2 At the middle phase of SW development)
1) ํ๋ก์ ํธ ์งํ ์ค, ์ผ๋ถ ๋ชจ๋์ ๋ํด 3rd parties๊ฐ ๊ฐ๋ฐ ํ๊ณ ์๋ค๋ฉด, ๋ฐ๋์ ์คํ ์์ค ์ฌ์ฉ
์ ๋ฌด์ ํจ๊ป ๋ฆฌํฌํธ๋ฅผ ๋ฐ์์ผ ํจ. ( In case 3rd parties are developing any modules in your
project, Tier1 shall get FOSS reports from third parties)
2) ์ค์ ๋ฆด๋ฆฌ์ฆ ex. Official release ์ค์์ ์คํ ์์ค ๋ณด๊ณ ์๋ฅผ ์ ๊ณต ํ๋ ๊ฒฝ์ฐ๋, ๊ฐ ๋ฆด๋ฆฌ์ฆ ์
code fixํ ์คํ ์์ค๋ฅผ ๋ถ์ ํ์ฌ ์คํ ์์ค ๋ฆฌํฌํธ๋ฅผ ์ ๊ณต.
At the major SW release, in case Tier 1 should provide FOSS report to OEM, After code
fix at the each release, dev team analyze FOSS and then provide FOSS reports to OEM.
3) ๊ณ ๊ฐ ์๊ตฌ ์ฌํญ์ ์คํ ์์ค ๊ด๋ จ ์กฐํญ์ด ์๋ ๊ฒฝ์ฐ, ์์คํ ์๊ตฌ ์ฌํญ๊ณผ ์ํํธ์จ์ด ์๊ตฌ ์ฌ
ํญ์ ํด๋น ๋ด์ฉ์ ์ถ๊ฐ. ์๊ตฌ ์ฌํญ์ ์ถ์ ์ฑ์ ์ํด ๋๋๋ ๊ฒ์ด ๋ฐ๋์ง. ๋ํ ์ฃผ์ ํ์ฌ์ gate
์ ์คํ ์์ค ํ์ธ ์น์ ์ด ์์ ์ ํด๋น ๋ด์ฉ์ ๋น๊ธฐ๋ฅ ์๊ตฌ ์ฌํญ์ผ๋ก ์ฒ๋ฆฌ ํ๋ ๊ฒ์ด ๋ฐ๋์ง.
If there is FOSSโs terms or conditions in the customer requirements, Tier1 should add any
requirements about FOSS to system requirements and SRS. Also at the Tier1โs major phase, if
it has FOSSโs section for Pass or fail, dev team would include its requirements as non-
functional requirements in the SRS.
21. 4. Open source compliance process
4.2 ๊ฐ๋ฐ ์ค๊ฐ ๋จ๊ณ(4.2 At the middle phase of SW development)
1) ๊ณ ๊ฐ ์๊ตฌ ์ฌํญ ์์(Customer requirementsโ Example)
โTier 1์ ์คํ ์์ค๋ฅผ ์ฌ์ฉ์์ ๋ฐ๋์ ์คํ ์์ค์ ๋ํ ์ฌ์ฉ ๋ฆฌํฌํธ๋ฅผ OEM์์ ์ ๊ณตํ๋ ๋ฆฌํฌํธ๋ฅผ ์ฌ์ฉ ํ์ฌ
์ผ ํ๋ค.โ In case Tier 1 use FOSS, Tier 1 shall use OEMโs template when making FOSS reports
โTier 1์ 3rd party๊ฐ ์คํ ์์ค๋ฅผ ์ฌ์ฉ์, ์ด๋ฅผ ํ๋ฝํด์ฃผ์ด์ผ ํ๋ค.โ
If 3rd parties use FOSS, Tier 1 shall be permitted.
2) ์์คํ ์๊ตฌ ์ฌํญ ์์(System requirementsโ examples)
๋ค์๊ณผ ๊ฐ์ด ์คํ ์์ค๊ฐ GPL v2์ ๋ผ์ด์ ์ค๋ฅผ ์ฌ์ฉ ํ ๊ฒฝ์ฐ XXX์ฌ์ ์คํ ์์ค ํํ์ด์ง์ ์ฝ๋ ๊ณต๊ฐ ๋์์
์๋์ ๊ฐ๋ค.
โ๋ฆฌ๋ ์ค ์ปค๋ ๋ด์ ๋๋ผ์ด๋ฒ๋ฅผ ์์ ํ ๊ฒฝ์ฐโ
โGPL v2์ธ ์คํ ์์ค๋ฅผ ์๋ณธ ๊ทธ๋๋ก ์ฌ์ฉ ํ์๊ฑฐ๋, ์์ ํ ๊ฒฝ์ฐ
When using FOSS by GPL v2, XXX company shall disclose own source code and related binary files with Tool
chain below.
- In case modifying driverโs code in the Linux Kernel
- In case using original source code by GPL v2 or modifing them.
22. 4. Open source compliance process
4.2 ๊ฐ๋ฐ ์ค๊ฐ ๋จ๊ณ (At the middle phase of SW development)
3) ์ํํธ์จ์ด ์๊ตฌ ์ฌํญ ์ ์์ ์ค( The examples in the SRS)
XXX์์ ์ ๊ณตํ ๋ฆฌ๋ ์ค ์ปค๋์ ver. XX๋ฅผ ์ฌ์ฉ ํ ๊ฒฝ์ฐ ์ด ๋ผ์ด์ ์ค๊ฐ GPL v2์ด๋ฉด, ํด๋น ์ฝ
๋์ ๋ฐ์ด๋๋ฆฌ ํ์ผ์ XXX์ ์คํ ์์ค ์ฌ์ดํธ์ ๊ณต๊ฐ ํ์ฌ์ผ ํ๋ค.โ ๊ณต๊ฐ๋ SW PPAP์ข ๋ฃ
์์ XX์ด๋ฒคํธ ์์ ๊น์ง ์คํ ์์ค ์ฌ์ดํธ์ ์ ๋ก๋ ๋์ด์ผ ํ๋ค.
In case Tier1 use Linux Kernel ver.XX provided by XXX(Third parties) and it is GPL v2, dev
team shall disclose Linux Kernelโs source code with Tool chain and how to build by
anyone to the XXX companyโs open source distribution site by internal SW PPAP phase.
Verification method: Manual review after analyzing FOSS by Blackduck Protex
Verification criteria: They shall be protected by GPL v2.
23. 4. Open source compliance process
4.2 ๊ฐ๋ฐ ์ข ๋ฃ ๋จ๊ณ(at the end of development)
1) ๊ฐ๋ฐ ์ข ๋ฃ ์์ ์ ๋ณดํต OEM์ด ์๊ตฌํ SW PPAP์ ์์ . ( The finish period of
development is at the point before SW PPAP from OEM.
2) ๋ฆฌ๋ ์ค ์ปค๋ ๊ณต๊ฐ์, ๋ฐ๋์ ์์ค ์ฝ๋์ ํจ๊ป ํด์ฒด์ธ ๋ฐ ๋น๋ ๋ฐฉ๋ฒ์ ์ ๊ณต ํด์ผ ํจ.
In case of disclosing Linux Kernel by GPL v2 to the public, it shall provide own source
code and toolchain with the way of how to compile.
3) OEM๊ณผ์ ๊ฒฐ์ ์ ๋ฐ๋ผ, ๊ณ ์ง ๋ฌธ๊ตฌ๋ Tier1 ๋ฐฐํฌ ์ฌ์ดํธ์ ์ ๋ก๋.
The notice files for FOSS shall post to Tier1โs website according to OEMโs decision.
4) OEM์์ SW PPAP์งํ์, OEM์ด ์์ค ์ฝ๋์ ๋ฐ์ด๋๋ฆฌ ํ์ผ ์๊ตฌ์ ์ ๊ณต ํ์ฌ์ผ ํ
๊ณ ์ค์ ํด์ผ ํจ.
On the progress of SW PPAP by OEM, In case OEM requests Tier 1 to provide open
source code and binary files, Tier 1 shall be complied.
25. 5. Open source compliance and ASPICE
1) ํ๋ก์ ํธ์์ ์คํ ์์ค ์ฌ์ฉ์, ๋ฐ๋์ ํ๋ก์ ํธ ๊ณํ์์ ์คํ ์์ค ์ฌ์ฉ์ ๋ํ ์
์ฑ ๋ช ์. ( In case it uses FOSS in your project, you shall address FOSSโs policies in
your project plan.)
2) ์์คํ ์๊ตฌ ์ฌํญ, ์ํํธ์จ์ด ์๊ตฌ ์ฌํญ์ ๋ฐ๋์ ๋ช ์. You shall include FOSSโs
requirements in the your system requirements and SW requirements specification.
3) ํ์ ๊ด๋ฆฌ ์ธก๋ฉด์์๋, ๊ณ ์ง ๋ฌธ๊ตฌ์ FOSS ๋ถ์ reports๋ ํ์ ์์ดํ ์ผ๋ก ์๋ณ ํ์ฌ์ผ
ํจ.
Configuration manager should identify the configuration items as Notice files of license
full texts and FOSS analysis reports.
4) ํ์์ ์คํ ์์ค๋ ๋จ์ ๊ฒ์ฆ์ด๋ ์ ์ ๋ถ์์์ ์ ์ธ. (If needed, open source code
would be excluded in the SW unit verification and static analysis.
5) ๊ฐ ์คํ ์์ค ์ ๋ณด์๋, ๋ค์ด๋ก๋ ์ฌ์ดํธ, ๋ฒ์ ์ ๋ณด, copyright ์ ๋ณด๊ฐ ํฌํจ ๋์ด์ผ ํจ.
Each open sourceโs information should include downloaded site, version info and
copyrights.
27. 6. Recent issues
1) Simulink ๋ก MBD๋ก ๊ฐ๋ฐ์, ์๋ฎฌ๋งํฌ ๋ด์ ๊ธฐ๋ฅ ์ค S-function์ ์ฌ์ฉํ์ฌ ์ธ๋ถ ์ฝ๋๋ฅผ
importํ์ฌ ๊ฐ๋ฐํ ๋, ํด๋น ์ฝ๋๊ฐ GPL v2์ธ ๊ฒฝ์ฐ๋ฉด,
2) ์๋ฎฌ๋งํฌ์ auto gen๋์ ๋์จ ์ฝ๋๋ GPL v2์ ํ์ ์ ์๋ฌผ๋ก ๋ด. ๋ฐ๋ผ์ ๊ณต๊ฐ ํด์ผํจ.
1) When you develop MBD(Model based design) by Mathworksโ Simulink, you used S-
function that can import external source code in the Simulink. And then external source code
was GPL v2.
2) The auto code by Simulink is any derivative work by GPL v2. So you shall be disclosed to
the public.
3) ์ ๋ฝ OEM์ ๊ฒฝ์ฐ, FOSS report์ ํฌํ๋ฆฟ์ด ๋๋ค์ ์๋ฌธ์. ํ๋ฐฑ์ ๊ฒฝ์ฐ, ๊ณ ์ง๋ฌธ๊ตฌ๊ฐ ๋ถ์ด๋ก
์ ๊ณต ๋์ด์ผ ํ๋ ๊ฒฝ์ฐ๊ฐ ์์ด. Tier1์ OEM๊ณผ ๋ฐ๋์ ํ์ ํด์ผ ํจ.
4) When providing FOSS reports by Europe OEM to Tier1, their templates for FOSS are in
English. But, Quebecโs official language in Canada is French. Tier1 would make notice
files of each license full text as French version. So Tier1 shall discuss with OEM regarding
how to handle this issue.