This page collects the guidelines established in the git experiment.

This is a work in progress.

ASF GIT repositories are currently hosted at

For understanding the technical aspects of GIT and SVN please read SVNvsGIT. This will help you to grok the design decissions

GIT at the ASF is currently an experiment. We have defined criteria under which this experiment should be considered successful.


Canonical GIT repositories for Apache projects must be hosted on ASF hardware, under full control of the ASF infrastructure. This has quite a few reasons:

  1. Our Source Code Repositories are there for one reason: helping the community. This can best be supported by having one single canonical repository. Projects having multiple equitable repository clones tend to split the community.
  2. UserIDs outside of are not relyable! We can only guarantee a fully trusted authentication for servers we host ourselfs!
  3. Authentication can later be extended to support login via ssh keys uploaded to (we need to drop this as infra ticket)

  4. Relying on external infrastructure for our own core business is frankly spoken pretty unwise. This would not only split the community but also would us make loose our independence. We would have no access to the underlying hardware, thus no way to handle threats if someone tries to taint our repositories.

Project Structure

  1. Each project has at least one GIT repository which contains the main project and is read/writable for all committers.
  2. Each project can optionally have a separated PMC-private GIT repository which conains confidential legal stuff like trademark contracts, creds for community accounts like twitter, etc
  3. Some projects might need additional GIT repositories containing project parts which have a completely separated lifecycle from the main project. This can be various build-tools (checkstyle-rules, project specific maven-plugins which are needed to build the project) or the project site. This is needed because a GIT branch and tag always affects the whole repository

GIT Hooks

We need to apply some hooks to the GIT repos to prevent the user from changing a few things.

  1. It must not be possible to change the history of a project or delete certain branches. Any sha1 in master or any productive branch must not be allowed to get changed!
  2. git-rebase, git-stash and stashing via git-merge --interactive is only allowed if the history of external contributions remains preserved.
  3. It must not be possible to delete release tags.

Non-ASF repository collaboration

  1. Doing a test feature branch in private or in a forked github repository is perfectly fine. But committers should push to the canonical ASF repository early and often to prevent a fragmentation of the community development effort.
  2. Even if GIT supports the additional author information, the established policy that committers should apply their commits to the canonical repository themself remains intact.
  3. Committers pushing changes to the canonical repository must make sure that the committerIds and authorIds in the changes they submit are trustworthy (authenticated and iCLA on file).
  4. Pulling from some external (non hosted) repository must only happen if all the respective commits are done by a person which has an iCLA on file and if the diff of the pull-request is preserved on some ASF server. This can be done by extending JIRA to automatically download the diffs of a pull-request.The project shall not hesitate to animate people to sign our iCLA.
  5. Incorporating changes from other contributors (no iCLA on file) must only be handled via JIRA attached patches because of legal reasons (the 'grant inclusion under ALv2' flag in JIRA).
  6. The project documentation and project site shall mention the based GIT repo as the canonical source location.

Cutting Releases with GIT

Apache Maven supports the usage of GIT with the maven-scm-providers-git since 2008.

Be aware that the branch created by a release with GIT always covers the whole repository.