This document defines the guidelines for the Apache Log4j Project. It includes definitions of how conflict is resolved by voting, who is able to vote, the procedures to follow for proposing and making changes as well as guidelines for changing code.
The objective here is to avoid unnecessary conflict over changes and continue to produce a quality system in a timely manner. Not all conflict can be avoided, but at least we can agree on the procedures for conflict to be resolved.
Membership in the Apache Logging PMC is by invitation only and must be approved by consensus of the active Logging PMC members. A PMC member is considered inactive by their own declaration or by not contributing in any form to the project for over six months. An inactive member can become active again by reversing whichever condition made them inactive ( i.e. , by reversing their earlier declaration or by once again contributing toward the project's work). Membership can be revoked by a unanimous vote of all the active PMC members other than the member in question.
Membership as a Committer is by invitation only and must be approved by consensus of the active Logging PMC members. A Committer is considered inactive by their own declaration or by not contributing in any form to the project for over six months. An inactive member can become active again by reversing whichever condition made them inactive ( i.e. , by reversing their earlier declaration or by once again contributing toward the project's work). Membership can be revoked by a unanimous vote of all the active PMC members (except the member in question if they are a PMC member).
The Log4j project uses the Jira bug tracking system hosted and maintained by the Apache Software Foundation for tracking bugs and enhancements. The project roadmap may be maintained in JIRA through its RoadMap feature and through the use of Story or Epic issues.
Many issues will be encountered by the project, each resulting in zero or more proposed action items. Issues should be raised on the mailing list as soon as they are identified. Action items must be raised on the mailing list and added to JIRA using the appropriate issue type. All action items may be voted on, but not all of them will require a formal vote.
Any of the Log4j Developers may vote on any issue or action item. However, the only binding votes are those cast by active members of the Apache Logging PMC; if the vote is about a change to source code or documentation, the primary author of what is being changed may also cast a binding vote on that issue. All other votes are non-binding. All developers are encouraged to participate in decisions, but the decision itself is made by those who have been long-time contributors to the project. In other words, the Apache Log4j Project is a minimum-threshold meritocracy.
The act of voting carries certain obligations -- voting members are not only stating their opinion, they are agreeing to help do the work of the Log4j Project. Since we are all volunteers, members often become inactive for periods of time in order to take care of their "real jobs" or devote more time to other projects. It is therefore unlikely that the entire group membership will vote on every issue. To account for this, all voting decisions are based on a minimum quorum.
Each vote can be made in one of three flavors:
An action item requiring consensus approval must receive at least 3 binding +1 votes and no vetoes. An action item requiring majority approval must receive at least 3 binding +1 votes and more +1 votes than -1 votes ( i.e. , a majority with a minimum quorum of three positive votes). All other action items are considered to have lazy approval until someone votes -1 , after which point they are decided by either consensus or a majority vote, depending upon the type of action item.
When appropriate, votes should be tallied in the JIRA issue. All votes must be either sent to the mailing list or added directly to the JIRA issue.
All product changes to the currently active repository are subject to lazy consensus. All product changes to a prior-branch (old version) repository require consensus before the change is committed.
Ideas must be review-then-commit; patches can be commit-then-review. With a commit-then-review process, we trust that the developer doing the commit has a high degree of confidence in the change. Doubtful changes, new features, and large-scale overhauls need to be discussed before being committed to a repository. Any change that affects the semantics of arguments to configurable directives, significantly adds to the runtime size of the program, or changes the semantics of an existing API function must receive consensus approval on the mailing list before being committed.
Each developer is responsible for notifying the mailing list and adding an action item to Jira when they have an idea for a new feature or major change to propose for the product. The distributed nature of the Log4j project requires an advance notice of 48 hours in order to properly review a major change -- consensus approval of either the concept or a specific patch is required before the change can be committed. Note that a member might veto the concept (with an adequate explanation), but later rescind that veto if a specific patch satisfies their objections. No advance notice is required to commit singular bug fixes.
Related changes should be committed as a group, or very closely together. Half-completed projects should not be committed unless doing so is necessary to pass the baton to another developer who has agreed to complete the project in short order. All code changes must be successfully compiled and unit tests pass on the developer's platform before being committed.
The current source code tree should be capable of complete compilation at all times. However, it is sometimes impossible for a developer on one platform to avoid breaking some other platform when a change is committed, particularly when completing the change requires access to a special development tool on that other platform. If it is anticipated that a given change will break some other platform, the committer must indicate that in the commit log.
The committer is responsible for the quality of any third-party code or documentation they commit to the repository. All software committed to the repository must be covered by the Apache LICENSE or contain a copyright and license that allows redistribution under the same conditions as the Apache LICENSE.
A committed change must be reversed if it is vetoed by one of the voting members and the veto conditions cannot be immediately satisfied by the equivalent of a "bug fix" commit. The veto must be rescinded before the change can be included in any public release.
Many code changes should be noted in the changes.xml file, and all should be documented in Git commit messages. Often the text of the Git log and the changes.xml entry are the same, but the distinct requirements sometimes result in different information.
The Git commit log message contains any information needed by
If the code change was provided by a non-committer, attribute it using Submitted-by. If the change was committed verbatim, identify the committer(s) who reviewed it with Reviewed-by. If the change was committed with modifications, use the appropriate wording to document that, perhaps "committed with changes" if the person making the commit made the changes, or "committed with contributions from xxxx" if others made contributions to the code committed.
Example log message:
LOG4J2-9999 Check the return code from parsing the content length, to avoid a crash if requests contain an invalid content length. Submitted by: Jane Doe <janedoe example.com> Reviewed by: susiecommitter
changes.xml is the subset of the information that end users need to see when they upgrade from one release to the next:
All entries in changes.xml should include the appropriate Jira issue number and should credit contributions made by non-committers by referencing them in the due-to attribute even if modifications needed to be made to the contribution.
The attribution for the change is anyone responsible for the code changes.
Open source projects, ASF or otherwise, have varying procedures for commits of vulnerability fixes. One important aspect of these procedures is whether or not fixes to vulnerabilities can be committed to a repository with commit logs and possibly CHANGES entries which purposefully obscure the vulnerability and omit any available vulnerability tracking information. The Apache HTTP Server project has decided that it is in the best interest of our users that the initial commit of such code changes to any branch will provide the best description available at that time as well as any available tracking information such as CVE number. Committing of the fix will be delayed until the project determines that all of the information about the issue can be shared.
In some cases there are very real benefits to sharing code early even if full information about the issue cannot, including the potential for broader review, testing, and distribution of the fix. This is outweighed by the concern that sharing only the code changes allows skilled analysts to determine the impact and exploit mechanisms but does not allow the general user community to determine if preventative measures should be taken.
If a vulnerability is partially disclosed by committing a fix before the bug is determined to be exploitable, the httpd security team will decide on a case by case basis when to document the security implications and tracking number.
When a specific change to the software is proposed for discussion or voting on the mailing list, it should be presented in the form of input to the patch command. When sent to the mailing list, the message should contain a Subject beginning with [PATCH] and a distinctive one-line summary corresponding to the action item for that patch. Afterwords, the patch summary in the STATUS file should be updated to point to the Message-ID of that message.
The patch should be created by using the diff -u command from the original software file(s) to the modified software file(s). E.g., diff -u http_main.c.orig http_main.c >> patchfile.txt or svn diff http_main.c >> patchfile.txt All patches necessary to address an action item should be concatenated within a single patch message. If later modification of the patch proves necessary, the entire new patch should be posted and not just the difference between two patches. The STATUS file entry should then be updated to point to the new patch message.
The completed patchfile should produce no errors or prompts when the command, patch -s < patchfile is issued in the target repository.
Open source projects function best when everyone is aware of the "rules of the road" and abide by them.