Complete audit trail for embedded (Linux) system lifecycle with Git

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Hello,

We are to solve a complete audit trail solution for full subcontractor
value-chain fullfilling European Union machinery directive:
http://ec.europa.eu/enterprise/sectors/mechanical/machinery/

To summarize, the directive is created to ensure safe operating
environment for all kind of machinery devices (from industrial
machinery to consumer shopping-centre lifts/elevators). This also
includes the embedded software that controls the machinery (which is
as we know, the make-or-break the true safety of the device).

The solution is based on the very core Git functionality, in very
brief overview explained here:
http://abstractiondev.wordpress.com/git-based-distribution/

As Git is completely file-system based, in our solution it is used as
the core technology to audit ANY digital document or information. It
is serving as a distributed set of "master data" repositories,
including the digital signature repositories and 3rd party validation
stacks. In the validation chains it is critical to be able to support
responsible decision makers to approve design choises beyond the
software, thus the digital signature infrastructure for any
legal-binding document is as important as the actual embedded software
stack, that is by its nature version controlled within Git as well.

While I would hope this post to serve a purpose for demonstrating that
Git works as a perfect solution in the core, I'd also like to hear if
there is already established community/ongoing process of achieving
anything described above?

We have no intention of "reinventing the wheel" here, although being
very core solution for ANY audit trail and being so close based on Git
- bare functionality, I'm expecting any existing solution to share
much of similar design. Any existing tooling to support the solution
(especially dynamic cross-connected metadata repository searches - the
bottom image of the overview, that indexes the repositories together)
would be very welcome. The current technical solution is using GnuPG
for the digital signatures and open-source cross platform XML-database
for metadata indexing - grid databases being considered for the larger
implementations.

Any comments and/or feedback would be greatly appreciated.

Cheers,

Kalle Launiala
--
To unsubscribe from this list: send the line "unsubscribe git" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html


[Index of Archives]     [Linux Kernel Development]     [Gcc Help]     [IETF Annouce]     [DCCP]     [Netdev]     [Networking]     [Security]     [V4L]     [Bugtraq]     [Yosemite]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Linux SCSI]     [Fedora Users]