Celebrating 20 years of community-led development "The Apache Way"
DRAFT DRAFT DRAFT This is a DRAFT document and not official policy, pending review by the board and relevant corporate officers with responsibility for various policy areas.
What is an Apache project?
The ASF is home to a wide range of nearly 200 software product communities, each working with their own collaborative community style to create the many freely available software products that Apache is known for. There are many different references available on "The Apache Way" and different policies at the ASF, it is not always clear which policies are required, which are best practices, and which are merely suggestions.
This document provides a simple list of the ASF's expectations of any Apache project, with pointers to the detailed policies or best practices. "Apache project" specifically means a top level project at the ASF. Incubator podlings must meet these requirements before graduation. Projects not hosted at the ASF - even if they are using the Apache license - are not strictly "Apache projects".
Ultimately, Apache projects report to, and are responsible to, the Apache Software Foundation Board of Directors, which mandates these policies for the ASF as a whole. Various ASF corporate officers are also responsible for setting specific ASF-wide policies, as well as for providing various services to all Apache projects (primarily Infra, Legal, Brand, Press, and Fundraising).
Projects MUST provide a quarterly status report to the board.
Project technical decisions MUST be made and communicated on public and archived places.
Project discussions and interactions SHOULD be held in public in accessible, asynchronous and archived places unless there is a specific documented exception to hold discussions in private.
Project discussions SHOULD use normal ASF-hosted dev@, user@, and similar mailing lists.
The primary source control repository MUST be administered by the ASF Infra team on ASF hardware (currently, either using SVN or git). (citation needed)
Projects MUST follow the Release Policy, the Apache Voting Process and the Release Distribution Policy when releasing software artifacts for general public use, which includes important voting, licensing, and publicity rules.
Apache software product releases MUST be provided free of charge.
Projects SHOULD always work with the Security Team when dealing with vulnerabilities.
Contributors MUST sign an iCLA before committer access to projects will be granted.
Projects MUST use the Apache license and header for code developed and released within the project, including LICENSE, NOTICE, and source headers.
Projects MUST NOT include software with unapproved or restricted licenses in Apache project releases unless following explicit exceptions.
Projects MAY include software with approved compatible licenses in Apache project releases.
Project websites MUST comply with the Apache Project Branding Requirements.
Project PMCs MUST be responsible for maintaining their project's trademarks and brand.
Project PMCs MAY include links to relevant technical or corporate websites when they are appropriate to their community.
Projects MUST work with VP, Fundraising whenever accepting or using financial donations.
Projects MUST NOT use ASF donated funds to pay for primary development on any Apache project. (citation needed)
Projects MUST work with VP, Marketing and Publicity on any formal press releases that use ASF boilerplate.
Projects SHOULD work with press@ to help coordinate any press, media, or analyst relations, or for marketing assistance.
As a volunteer-run organization, the ASF has documented corporate and project policies in a variety of places. This document merely serves as an overview of the true requirements vs. some of the many best practices; the various linked policy documents are normative.
The Project Management Committee Guide has a simplistic PMC Requirements list.