Skip to end of metadata
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 9 Next »

Naoto YAMAGUCHI


This document define to "reuse program management" process criteria. It presents the criteria for the selection of existing OSS for use in an AGL distribution for the Instrument Cluster.
This document aim to create common agreement for reuse existing OSS both community and industry.

1. License 

1.1. Basis

Assessing the license of the OSS.

  • The OSS must be released under a license included in the allow list in Table 1-1.  
  • When the OSS license is not included in the allowed list, it must be confirmed that it is not included in the deny list in Table 1-2.
  • When the OSS license is not listed on both lists, this license must be judged by AGL Instrument Expert Geoup and accepted by SAT.


Table 1-1. Allow licence list

Table 1-2. Deny license list

No.License nameLicense URL
1GNU General Public License, version 3https://www.gnu.org/licenses/gpl-3.0.en.html
2GNU Lesser General Public License, version 3https://www.gnu.org/licenses/lgpl-3.0.en.html
3GNU Affero General Public License version 3https://opensource.org/licenses/AGPL-3.0

1.2. Exception

Licensing restrictions should be relaxed for some use cases such as debugger, host tools and analysis tools.  In this document, these use cases are calling the exception use cases.
The OSS used in the exception use case, that must block automatically to installing on the final target image using integration system.
Table 1-3 and Table 1-4 shows exception for Table 1-1 and Table 1-2.   In excepted use-case can use licence both Table 1-1 and Table 1-3.  When the same license appears in more than one table, Table 1-3 is preferred over Table 1-2, Table 1-4 is preferred over Table 1-1.

Table 1-3. Exception allow licence list

No.License nameLicense URL
1GNU General Public License, version 3https://www.gnu.org/licenses/gpl-3.0.en.html
2GNU Lesser General Public License, version 3https://www.gnu.org/licenses/lgpl-3.0.en.html



Table 1-2. Exception deny license list

No.License nameLicense URL









2. Health of the community 

Assessing the health of the community that develops OSS.  This requirement defines criteria for OSS selection in AGL Instrument Cluster Distribution.

  • The OSS community must shall be established the rules shown in Table 2-1.  

Table 2-1. Community check list

3. Log Term Stable

Assessing the code quality of the OSS.  

4. Source code assessment

Assessing the code quality of the OSS.

This criteria aim to certify to the version independent OSS quality.  The candidate OSS shall evaluate for code quality using static analysis tools.

1st step is analyzing for history of code quality using static analysis tool.  Has a serious bug been fixed with the minor version up?  When major version up is made, how many new serious bugs increase this OSS?
This analysis cannot be based on the number of bug fix.  It need to use a static analysis tool to analyze the unfixed bugs.


These OSS must pass on these check items. Qualification point: TBD.

  • Outstanding defect per component.
  • Outstanding vs fixed defect over period time.
  • High and medium impact outstanding defect per category.

Ref.  https://scan.coverity.com/projects/gnu-c-library-glibc


Note. The validity of the version used by that OSS, including CVE checks, will be checked in the next phase. 


TO J.S.
Could you make a comparison both coverity and the OSS tool (clang) in this criteria.

Coverity vs OSS tool (clang) in architecture phase criteria

5. Requirement matching

  • No labels