You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 5 Next »

Rules Project: Encouraging Contributions

(part of RulesProjectPlan)

Problem description: 'The SpamAssassin committers are not spending much time writing rules. Attempts to recruit people to become committers to write rules have been somewhat unsuccessful. We could always use more committers and contributors; what can we do to encourage more contribution?'

Here's some ideas.

Sandboxes

Initially, the rules project sandboxes SVN will consist of the existing (empty) rules directory in Subversion (the CVS replacement used by the ASF). Each committer will have their own sandbox to begin development in an unconstrained manner:

rules/sandbox/<username>/

Every person who has listed their rule set on the Apache SpamAssassin Wiki will be invited once the PMC approves the project; there are some rule sets only listed at SARE or Exit0, but those people are invited to join too, of course. There is absolutely no quality or experience requirement for the sandbox although we may later provide some tools to make it easier to avoid name collisions and such.

It is expected that someone (don't know and don't care who) will eventually write scripts to test, filter, and pull rules automatically into the production rules. I am intentionally deferring decisions around that area, though.

What does providing a sandbox for everyone do?

  • easy to join (you just have to sign a CLA and get an @apache.org account)
  • no expectation of... well, much anything; no quality or experience requirement for the sandbox
  • easy for us to import rules (manually or automatically) into main rule body
  • easy to move forward with further development around automatic updates and all of the other (hard) ideas we've talked about, but I really want to keep this dirt simple.
  • ability to help direct future development of the rules project (as it extends beyond sandboxes, sandboxes will remain just sandboxes, of course).
  • can produce multiple "output rule sets" in the long run: conservative, aggressive, sub-areas: bounces, drug rules, etc.
  • uses SVN and therefore has version control

In other words, this solves the main part of our "rules problem" – the hurdle of getting rules "over the wall". No longer will we need individual bugs for rule submissions, or need to go to 3 different sites to look for rule ideas, etc. Many of our best rules have come from SARE and the Wiki.

Also, it's expected that many of the rules will never go into the main rules body – someone may write rules for a specific type of annoying mail (not even necessarily spam), or maybe someone will be focused on super-aggressive rules for the brave folks out there. We can even produce multiple "output rule sets" in the long run: conservative, aggressive, sub-areas: bounces, drug rules, etc.

Some notes picked out of followup discussion:

It is possible to keep rules 'private', and in your own checkout only, by not checking them into SVN.

If you do want to have the rules visible for collaboration, but not used for automatic mass-checks or promotion, that could be done by just keeping them in a file that doesn't end in ".cf". (SpamAssassin's standard is that they have to end in ".cf" to be considered valid rules files.)

Mass-checking

LorenWilton noted 'A big part (perhaps the biggest part) of rules development is the mass check. Most anyone can develop a rule on their home system and see how they *think* it works. Some few (but not many) people can do a mass-check on their home system and see how it *really* works - *for them*. As proposed, this rules project doesn't address the most important part of a rules project -
some way to check the rules against a fairly large corpus.'

Nightly Mass-Checks

We currently have the NightlyMassCheck systems which do this, but turnaround time is too slow for most rule developers.

It does however offer the following good aspects:

  • info on how a new rule compares to the full *existing* ruleset
  • overlaps between rules, using "hit-frequencies -o"
  • collated results across all users' corpora, which can be broken down to view each user separately or all together
  • checked rules and their results are kept in a version-control history, so benefits of VC are available
  • ongoing visibility of hit-rates of the existing ruleset, against fresh corpora

The ruleqa CGI is now in the SpamAssassin zone, so this is still visible, even though the automc stuff is disabled. Here it is: http://buildbot.spamassassin.org/ruleqa/

'LOAFER': Suggestion: It would be good to know the % runtime figure for a sandbox rule as a missing boundary can take a rule from 1.5% to 0.0n% performance hit easily:

 perl -d:DProf mass-check -j=1 spam:dir:some_reasonable_sample_set_including_hits_and_misses
 dprofpp -O 2000 > perf.log

JustinMason: Agreed, this would be useful.

Someway of scheduling a small run during the development day would be useful, rather than waiting for the nightly. An email of users completed results would be nice to see too.

JustinMason: I think the more immediate, email-based, system is better done using List-Driven Mass-Checks as below; this is good for slow-but-comprehensive daily tests.

List-Driven Mass-Checks

Loren outlined the system used in SARE:

  • rule developer sends mail to mailing list
  • various other participants run scripts that automatically extract certain attachments posted to the list
  • turn those into rules files
  • lint them
  • run a mass-check immediately with just the rules in that file
  • post results including hit freqs and false positives matches
  • masscheck requester asks for false positive verification based on report

For active rule development, this is obviously quite useful! If you can't run mass-check locally for whatever reason, it offers a way to do this using other people's corpora in almost-real-time.

JustinMason: 'I'd like to see if there's a way to combine the two (that is, nightly and list-driven mass-checks) somehow, so that new SVN commits that update sandbox rules, are immediately mass-checked alone. However, I can't see a way to do that reliably from SVN commits alone, because (for example) meta rules may depend on other rules that were not changed as part of the same commit. So I think the "email with attached rules file" is still a better model.'

'LOAFER': There are eval rules to consider too.

JustinMason: I think we have to do those as plugins, via the sandboxes.

Here's the current proposal:

  • apache.org-hosted mailing list
  • subscription is open to invited mass-checkers/rule developers/committers, and Members of the ASF (the latter is a requirement for ASF project lists)
  • archives are publically available, but delayed 1 month
  • automated mass-checks of attachments in specific file format
  • rules considered suitable for use are manually checked into the "sandbox" area by one of the committers who has privs to do that
  • with luck, they'll go into the core based on the automated testing described in RulesProjStreamlining.
  • No labels