Magiilaro

You can’t just download the software from the device and compare checksums, because the software downloaded would have to be signed and that would change the checksum. Oh and you could not be sure that the software downloaded even is the software the runs at all and not only a decoy supplied by the interface used to download the software from the car. All you could compare would the signed binary blob you downloaded from the car with the signed binary blob you downloaded from the homepage. Even if both of them would be identical you could not validate that they are identical to a binary build from the source code.

And I never said I want untested software on the streets, I have said nothing at all about my stance regarding the regulation and certification of car electronics, because my arguments have nothing to do at all with my personal positions on that matter.

All I said is that you can’t have an true and fully open source EV, not in Germany or most likely all of Europe anyway, because you would as good as never get such a car certified and street legal. Not without huge limitations on the “open source” part of the open source EV. And such limitations would render any ideas of open source for an EV moot, there is no benefit for having an open source car when the hardware is under lockdown by the manufacturer/law.

I am making a argument about the plausibility and rationale of an open source EV, is it reasonable to invest time, thoughts and effort into something like that or not. And I say that it is not, not at all. It would only create a situation where a community of programmers makes a huge invest in time and work to create something that in the end only the companies benefit from.

We are not really on different sides of the argument, not with the car part at least. We maybe have different definitions of open source, at least it seems so.

What good would be an open source community EV (that is what the title speaks of) if there is no way for a single person or the community itself to modify and install the code on the EV? You would have no way of knowing that the version running in the car is identical to the source code provided, so having the code would be moot from a security and privacy standpoint.

Yes, you could put everything concerning street legality into a closed and signed hardware black box, more or less how it is done with the mobile communication hardware in smartphones, but street legality touches so many systems and functions that most of the cars software would be closed. So we are back where we are now.

For most persons who think about open source they have in mind that they are able to freely install the open source software on their devices, and yes I know that this is not part of the open source definition as written for example in https://opensource.org/osd but IMHO it should be added to it.

This is the same like for closed source. A new software release must be tested and have regression tests that homologation relevant parts are not changed and if they are changed, that they do not violate regulations.

Yes, but with closed software you only have to have those tests and certification done once per version of the software. All installed instances of this version are the same, because only the manufacturer can make changes and sign the software to be installable.

This is completely different with open source software that can be changed and installed without limitations by every end user/owner of the car. Now the certification has to be done by every single person every time they install a new version to make sure that no forbidden changes were done to the code or the configurations.

Open Source Software that can be installed freely and unrestricted on a car turns every car into a DIY system, even if it was manufactured by a company

Going down further that road, there are very specific regulations that cover software updates in particular. There needs to be a software update Management process behind it that makes sure software is only distributed to vehicles that it is designed for.

Yes, but such a process would be so tight that it more or less produces the same closed system that we have at the moment. One possibility I see would be that the boot loader of the EV is locked and only updates signed by the company can be installed to the car, with the option to send in your changed open source version to have it checked and signed. But this would not be very open source and not really that much more secure then what we have today because you can never be sure that the version you send in for verification and signing is the same that you get back.

But if you have better Idea the would be true to the open source idea and be compatible with the strong regulations, I would love to read that.

I never said that it is impossible, but the bureaucratic obstacles are nightmare inducing huge. And the TÜV is the smallest enemy, the end boss would be the Kraftfahrt-Bundesamt for the operating permit.

Every single open source EV would, by law, need a new certification after every installation of a new or changed software to ensure that it still has all the required assistance systems and security features activated and working correctly. The same for the emissions values and other enviromental protection laws.

Edit: Hmm, after reading my post i have to say that emissions would not be a problem with an EV 😅

Only thinking about getting a TÜV certification or a permit to drive on public streets (Straßenzulassung) for an Open Source car in Germany produces nightmares about bureaucratic waves bigger then tsunamis.