This page collects the guidelines established in the git experiment.

This is a work in progress.

ASF GIT repositories are currently hosted at

For understanding the technical aspects of GIT and SVN please read SVNvsGIT. This will help you to grok the design decissions

GIT at the ASF is currently an experiment. We have defined criteria under which this experiment should be considered successful.


Canonical GIT repositories for Apache projects must be hosted on ASF hardware, under full control of the ASF infrastructure. This has quite a few reasons:

  1. Our Source Code Repositories are there for one reason: helping the community. This can best be supported by having one single canonical repository. Projects having multiple equitable repository clones tend to split the community.
  2. UserIDs outside of are not relyable! We can only guarantee a fully trusted authentication for servers we host ourselfs!
  3. Authentication can later be extended to support login via ssh keys uploaded to (we need to drop this as infra ticket)

  4. Relying on external infrastructure for our own core business is frankly spoken pretty unwise. This would not only split the community but also would us make loose our independence. We would have no access to the underlying hardware, thus no way to handle threats if someone tries to taint our repositories.

Project Structure

  1. Each project has at least one GIT repository which contains the main project and is read/writable for all committers.
  2. Each project can optionally have a separated PMC-private GIT repository which conains confidential legal stuff like trademark contracts, creds for community accounts like twitter, etc
  3. Some projects might need additional GIT repositories containing project parts which have a completely separated lifecycle from the main project. This can be various build-tools (checkstyle-rules, project specific maven-plugins which are needed to build the project) or the project site. This is needed because a GIT branch and tag always affects the whole repository

GIT Hooks

We need to apply some hooks to the GIT repos to prevent the user from changing a few things.

  1. It must not be possible to change the history of a project or delete certain branches. Any sha1 in master or any productive branch must not be allowed to get changed!
  2. git-rebase, git-stash and stashing via git-merge --interactive is only allowed if the history of external contributions remains preserved.
  3. It must not be possible to delete release tags.

Social Aspects

  1. Pulling from some external (non hosted) repository must only happen if all the respective commits are done by a person which has an iCLA on file.
  2. Incorporating changes from other contributors (no iCLA on file) must only be handled via JIRA attached patches because of legal reasons (the 'grant inclusion under ALv2' flag in JIRA).
  3. The project documentation and project site shall mention the based GIT repo as the canonical source location.

Cutting Releases with GIT

Apache Maven supports the usage of GIT with the maven-scm-providers-git since 2008.

Be aware that the branch created by a release with GIT always covers the whole repository.