If none of the above addresses your query, please check the resources at the bottom of this page for general information. Yes, you are allowed to re-use and modify them. You just can't hold the ASF legally responsible if these documents are not exactly what you intend them to be. We recommend that you obtain your own legal advice so you know exactly what you are getting yourself into.
|Published (Last):||7 November 2005|
|PDF File Size:||19.52 Mb|
|ePub File Size:||13.18 Mb|
|Price:||Free* [*Free Regsitration Required]|
Here's how to set up the technical and social environment that will support your work as a committer to an Apache project. Some projects have more specific guidelines which the project website or the PMC provide for you. We also have a thorough Committers' FAQ for both new and experienced comnmitters. The plain sense of the word "committer" is that you have access rights to your project's repository so you can read and write the source code.
Rather than creating a patch and submitting it to be actively reviewed and then committed, you can now create a local patch and commit it yourself - or even review and commit patches created by others. Your fellow committers will review your patches, usually after you commit them. As a committer, you have access rights to a specific Apache project's repository so you can create and edit source code files, not just read them.. Instead of having to create and submit a patch which other committers would have to review and approve, you can now create a local patch and commit it yourself; you can also review and commit patches that other project contributors and committers create.
Your patches can still be reviewed by your fellow committers. Check which pattern your project uses, and then follow it.. Take more care than you may have done before when working on the code, since you can now change things directly, without review.
Make sure you understand how your project's committers work and coordinate with each other. Ask your project PMC, or any active committer on the project, for guidance if there are things you are not sure about. In general. Note that an account can only be created if a PMC or Incubator podling has invited you. However it does grant the ASF sufficient rights to release any work you submit under the Apache license. Some procedures may appear a little bureaucratic, but they are there to protect you as well as ASF.
For a clearer understanding read the ASF license guide. Make sure you fill out the ICLA clearly. The acceptance process may take some time. This quiet lull is a good time to familiarize yourself with the Apache Software Foundation in general. Browse the developer guides and information , material about the ASF infrastructure , and the Foundation website.
We update the websites regularly, so visit these pages regularly. You will also need to familiarize yourself with some Apache policies and procedures.
You have probably picked up a lot of this by osmosis already, and your fellow committers and PMC members on your project's dev mailing list are the first place to ask questions. You will receive an email when your account has been created.
This may take a week or two. It is now time to do several general tasks, and possibly take some other steps specific to your project that your PMC will share with you. Read the guide to connecting to and working with your Apache email inbox. You can do this through the the self-serve application. The system uses the address in the LDAP 'mail' field to forward email sent to your apache.
This field must have at least one entry, which must not be your apache. The 'asf-altEmail' field is used to validate subscription requests and correlate subscriptions.
There is no need to duplicate 'mail' entries in 'asf-altEmail'. If your project has a page for its developers and committers, add your name and information to it This is a great way to make your first commit, and helps your team get to know you. It also serves another purpose: you will learn how to add documentation to your project's website and the technology used to build it.
Documentation is vital, and being able to improve the project's web site is a skill that you will need. If your project has not documented how to rebuild the website, then ask on your dev mailing list and use the answer to create a document describing how to do that. It will be gratefully received! Every team has a lot of "tribal" knowledge" that team members hold in their heads or in private notes, but that the whole team needs to know in order to function well and survive a disaster like a key team member suddenly becoming unavailable.
However, Apache is encouraging projects to migrate to options like Jekyll or Pelican with Buildbot. Consult your PMC about which system your project is using now and, if it is the CMS, what the plans are to migrate to a different system. Security is vital and Apache pays great attention to it. Remember that at all times, and ensure that all your Apache passwords are sufficiently secure, and that any code you check in is safe. OpenPGP is a standard that provides among other things methods to create digital signatures for documents ranging from emails to ASF releases.
We recommend that you create a PGP key for your apache. Release managers need to take particular care of keys used to sign releases. Then add your keys' primary fingerprints to your LDAP profile. The system adds your key to the individual and per-project pre-fetched KEYS files , and lets automated tools encrypt communications to you. Start to build up a good web of trust now before you need to use it in earnest. Be prepared to exchange key information at face-to-face events where ASF folks may be present.
The best practice is to insist on identification before signing another person's key. See the Apache release signing guide. The Infra documentation page provides a list of resources for committers and other Apache folks. You should do a checkout of the private committers module. See notes for those unfamiliar with subversion. Once you have checked out this module, you need to read all the documents contained in the docs directory, especially the resources.
There are a number of private mailing lists you need to know about. Join in the Apache community by signing up to every list that interests you. It is better to sign up even if you sign off later than to miss out! Please respect the usage guidelines for these private lists. The community makes Apache fun. The Community Development project has a central mailing list for topics that cut across PMC boundaries. Discussions of all kinds are on topic as long as the matter doesn't need to be sensitive or confidential.
Apache Labs is a place for innovation where committers of the foundation can experiment with new ideas. The aim is to provide the necessary resource to promote and maintain the innovative power within the Apache community without the burden of community building.
If you have an idea that you want to explore and collaborate on with other committers then come and discuss it at Labs. Even if you don't have anything at the moment, then come and take a look at what other committers are working on. Join your project's commit and dev mailing lists to keep up with activity on your project. Answering questions on users is also very much appreciated and noticed by your PMC.
Each committer has a responsibility to monitor the changes made for potential issues, both coding and legal. If you spot any potential issues in a commit, the right course of action is to post a reply to the email raising your concerns to the dev list. In extreme situations, it may be necessary to veto -1 a commit but please beware that this is an extreme sanction and rarely warranted; read the voting guidelines before a veto.
Do not be surprised if your first commit has a delayed diff email. It needs to go through the human moderators. If you don't have one already, make a note in your diary about the next ApacheCon. This is a great opportunity to meet other Apache folks, hack code and dream about great new open source projects.
Watch the lists as the conference dates approach for details about special deals for committers and opportunities to speak. Some Apache committers have personal content served from ASF web servers. There are no fixed guidelines about appropriate content: committers should know how to behave! In general, people use this option to host ASF-related content or to showcase interesting private projects. If you do use this feature, please do so responsibly.
Please be aware that Apache Software Foundation committers are targets for identity theft. These spoof attacks resemble the phishing attacks used to gain access to bank accounts and other web subscriptions.
They typically seek to persuade you to enter your access details into a fake website. The foundation will never solicit such 'verification'. Leaking your access to Apache can have very destructive consequences. Never disclose your ASF password to anyone.
Your access to Apache will be through the machines serving the svn. Please use caution. Do not hesitate to ask if you have doubts: post a question to infrastructure before taking any action. Note: the fingerprint for the key used for ssh is different to the fingerprint of the certificate used to securely serve the website. A full list of fingerprints is maintained on the machines page.
Please help to improve this document see guidelines for updating this website. Subscribe to the Infrastructure list if you want to discuss the improvements, or just to find out how the good ship Apache is kept afloat and to help. Guide for new committers What is a committer?
Contributors Licence Agreement
As always in this blog I speak only for myself and not for my employer, organizations with which I work, or anyone else. Suppose you are choosing to piggyback your open source software community's intellectual property practices on those of the Apache Software Foundation. Suppose you've also realized that Git and GitHub or even GitLab are radically more satisfying and open tooling than is Subversion. Social coding and all that. Compelling web-based user interfaces, those are going to be a big transformative thing someday. This tooling lowers the barrier to entry for someone who isn't a committer to fork your project, develop virtuous improvement in a feature branch, and offer this change, propose that it become part of the software product, via awesome artifacts called "Merge Requests" or "Pull Requests". Here's the question: must code contributors proffering Pull Requests first sign a Contributor License Agreement before those Pull Requests can be merged?
In a thread on Twitter, the CTO at Chef Software defended the company against the accusation from an open source contributor that it demands copyright assignment from contributors. He said :. We do ask for a license, as Apache license requires. The Apache License v2 ALv2 is the best choice among non-reciprocal licenses for new projects, mostly because it includes explicit patent licensing. It is a perfectly effective license to use for any open source project where the community has no expectation of contribution on the part of users of the code, as it conveys all the rights you need to work with the code independently of others. But ALv2 gives you full permission in advance to do anything you choose with the code, almost as if you owned it. Note that these documents are both copyright and patent license agreements.
Apache contributors need not sign a CLA
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community. Already on GitHub? Sign in to your account. Skip to content.