Things you should do when you become a committer

This page describes stuff you'd want to do when you become elected a committer – in other words, when you're given write access to the SpamAssassin codebase. As described at ProjectRoles, the SpamAssassin project has 3 levels of involvement – the same as many Apache Software Foundation (ASF) projects.

You must have a CLA on File

See About CLAs. Typically, unless a company is involved, you fill out the ICLA at and then typically email a scan of the signed copy to with the form filled out to notify SpamAssassin Project.

Set Your SVN Password

When your account is created, an ASF infrastructure volunteer will send you a password for the Apache login server (currently This allows you to log in to set your SVN password, as described here. Here's a quick summary of what to do:

  $ ssh -l MYUSERNAME
  $ passwd

And enter your desired password twice to set it. If you have difficulties logging in with SSH for the first time, make sure you use a keyboard interactive password method.

To set your SVN password visit , and provide your username and generated password to log in.

If all else fails, mail root at apache dot org.

This keeps changing, so look at and for a more canonical set of instructions. If those pages differ from this page, they're more likely to be reliable.

Writable SVN checkout

When you become a committer, you should check out the svn repository using the HTTPS url instead of the HTTP one, so that you have read/write access to the repo. To check out from scratch, assuming that you're using the standard svn commandline client:

  svn checkout

or, if you have an existing read-only SVN checkout, to switch an existing checkout to HTTPS:

  cd /path/to/checkedout/tree
  svn switch --relocate http:// https://

Changes to the SVN tree can now be checked in directly using svn commit -m 'a comment about the commit'.

The first time a file is checked in using svn commit, you will be prompted for your username and password. This will then be cached for all further commits.

One of your first commits can be to check the spelling of your name and add a wishlist to the CREDITS file.

The first time you commit something your commit message needs to be moderated through, so don't be surprised if it doesn't show up for awhile.


You should also ensure that their checkout has the svn:eol-style property set to native throughout, as (apparently) this policy cannot be set server-wide. Do this by editing the file ~/.subversion/config and adding these lines to the end:

enable-auto-props = yes
*.pm = svn:eol-style=native
*.pl = svn:eol-style=native
*.PL = svn:eol-style=native
*.in = svn:eol-style=native
*.t = svn:eol-style=native
*.c = svn:eol-style=native
*.h = svn:eol-style=native
*.xml = svn:eol-style=native
*.html = svn:eol-style=native
*.css = svn:eol-style=native
*.bat = svn:eol-style=native

Rulesrc Sandbox

In order to use the NightlyMassCheck to test new rules, create a rulesrc sandbox cd /trunk/rulesrc/sandbox/; mkdir <apache username>. Please use your Apache login as the name for your sandbox.

Rules placed in this directory will then be tested with the nightly mass check once commited to the SVN repository. NOTE: the rulesrc is external to the repository so you must commit changes here seperately, i.e. cd /trunk/rulesrc/sandbox/; svn commit -m 'spammers beware! new rules are on the prowl'

You can review the results of the Nightly Mass Check at


You should subscribe to the security list by sending a subscription request to security-subscribe at

Be sure to read how-it-works.html – there's lots of useful stuff about ASF processes there.

Things the PMC need to do on your behalf

First, propose a vote to add the person as a committer on the private at list. Usually the subject is [VOTE] Name, btw. You need 3 +1s. Allow 72 hours to ensure everyone has time to see the call for votes and have their say. Your own vote counts as one +1.

Templates for the emails calling for a vote and announcing the results of the vote can be found at Email Templates. Use the templates to facilitate automated processing in creating the new committer account.

Upon a successful vote, send an invite to the person (text below). If the invitation is accepted, grant the person's Bugzilla account with the 'EditBugs', 'HasCla', and 'Security' group permissions. This is done by following the "Users" link in Bugzilla, specifying the account by email address, clicking on the correct username, scrolling to "Group Access" and ticking the appropriate checkboxes. Ask the person to subscribe to the security mailing list, and approve their subscription request.

Then, ask infra to set up an account: . The UNIX group to request is "spamassassin".

Once they do this, they'll mail the private list with a mail from root/at/apache noting "Account created: Name (username)".

The PMC chair then needs to follow the instructions at to give the new committer r/w access to the SVN repositories.

Finally, add the Committer to the CREDITS file for SpamAssassin.

Given CPAN co-maint status

Given your CPAN userid, someone with the karma – this may be just JMASON – logs in to the PAUSE Share Permissions page, and selects '3.1 Make somebody else co-maintainer', filling in your userid. (This can wait until it's needed, since you probably won't know the committer's CPAN userid right now.)

Invitation Text

To: invitee-email-address
Cc: private
Subject: Committer status invite from Apache SpamAssassin

Dear [First Name],

On behalf of the Apache SpamAssassin Project, we are pleased to offer
you SVN write access ("commit access") to the SpamAssassin project

Please read these web pages for background on how Apache works and what
being a committer means.

  on committer status
    SA specifics,

  on voting
    SA specifics,

  on SA development

If you accept this invitation, please reply in the affirmative and
include in your reply your preference of account name at,
and your forwarding email address.

Thanks for your sustained contributions to SpamAssassin!


The SpamAssassin PMC