Apache Corporate Policies

The old saying goes that one of the last things done in many open source projects is the documentation. Taking this to the organizational level at the ASF – the corporate level – that’s both all too true, and not at all true.

Questions regularly come up across various ASF lists about all sorts of corporate operations, and there are a fair number of times when it takes a while to get the right answer to the questioner. Luckily, we have a lot of very experienced Members and Officers who are there to ensure the right thing does happen – but I believe that the answers come be a lot quicker if we had better documentation for these corporate operations. Namely, all the stuff that’s not dealing with code.

This is not to say we haven’t documented how the ASF as a corporation works: a lot of effort has gone into our standard operating procedures, and we’ve both covered the basic legalistic bases, as well as put serious thought into minimizing the absolute rules at Apache while providing lots of best practices. These procedures – and the discussions of pros and cons and whys explaining how they came to be that way – are all available… on the mailing lists, somewhere. 😉

The foundation of our corporate policies is The Apache Way. Understanding that, and understanding that the fundamental mission of the ASF is to produce software code for the public good, leads you to many of the policies we practice, both at the ASF and in Apache projects. To start with, here’s a brief laundry list of how to learn about Apache Corporate Policies.

  • Apache Corporate Governance and org chart describe organizationally how the ASF as a corporation is run. This also makes clear the distinction between organizational governance – the board, membership, and officers as a whole; and technical governance – the fact that PMCs independently manage their projects.
  • The Foundation page provides the overall corporate mission, and links to the Board and Membership pages with the nitty gritty of corporate records.
  • The apache.org/dev pages are both a generic project runbook, technical issues FAQ, and partial corporate operations listing. While these are written by committers, for committers and developers, they have a lot of great information on how all sorts of things at the ASF and all Apache projects should work.
  • Another key overview of organizational documentation is the Community Development project site. This aims to be a more human-friendly signpost to find the relevant technical widget or policy information elsewhere.
  • The Apache Incubator is another important place where proper procedures are documented: this is where we try to explain to prospective new communities how an Apache project should be run before the ASF formally accepts them.

Here are some other principles and rules we follow that are important to understand.

  • Transparency. All technical decisions on Apache projects are reflected on publicly archived mailing lists. The phrase “If it didn’t happen on the list, it didn’t happen” is not just an old saying, it’s the rule at Apache.
  • Respect. One of the primary exceptions to transparency are discussions about individuals. Votes on new committers and PMC members are typically held in private lists amongst a whole PMC, since this both allows better honesty of expression, as well as prevents embarrassment in rare cases where a nominee is not voted in (yet).
  • Organizational Oversight. While the ASF relies on volunteers to produce the code that we give away, we keep it organized by having oversight: the PMCs ensure that projects are managed appropriately; the board ensures that PMCs manage themselves, and corporate officers ensure that the ASF’s corporate bits are covered.
  • Member Oversight. Members of the ASF have the final level of oversight of the board and the corporate officers. All members are allowed to review any private mailing list within the ASF, including any private@ list for projects. Members do not receive special status on any lists; merely the ability to oversee all operations. The only exceptions are specifically restricted mailing aliases that are used for legally protected communications or infrastructure root level issues.

Note that while Members have a broad oversight ability within all aspects of the ASF’s operations, organizational matters like this kind of oversight are not transparent outside of the ASF. While we certainly strive to make public as many of the great lessons we’ve learned about governing community-led software projects, the operations of governance are kept primarily within the Membership.

Partly, this is due to all the lawyers. The details of running a million-dollar corporation require a fair amount of legal work. We strive to publish as much information as is practical in things like board minutes; however the actual corporate processes are done privately.

Partly, this is because part of a meritocracy is allowing those who do to do the work. Individuals who are trusted and useful to Apache projects are elected as committers or PMC members, and therefore can help directly govern those projects. Similarly, individuals who show wisdom and effort towards the goals of the ASF may be elected as Members, and therefore can help elect the board who will appoint the officers to ensure the ASF continues running smoothly.

A great place to ask questions about these kinds of issues is the Community Development mailing list.

What do you think?