[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Xen-devel] [RFC] Code of Conduct


  • To: Rich Persaud <persaur@xxxxxxxxx>, Lars Kurth <lars.kurth@xxxxxxxxxx>
  • From: George Dunlap <george.dunlap@xxxxxxxxxx>
  • Date: Fri, 16 Aug 2019 12:19:54 +0100
  • Authentication-results: esa6.hc3370-68.iphmx.com; dkim=none (message not signed) header.i=none; spf=None smtp.pra=george.dunlap@xxxxxxxxxx; spf=Pass smtp.mailfrom=George.Dunlap@xxxxxxxxxx; spf=None smtp.helo=postmaster@xxxxxxxxxxxxxxx
  • Autocrypt: addr=george.dunlap@xxxxxxxxxx; prefer-encrypt=mutual; keydata= mQINBFPqG+MBEACwPYTQpHepyshcufo0dVmqxDo917iWPslB8lauFxVf4WZtGvQSsKStHJSj 92Qkxp4CH2DwudI8qpVbnWCXsZxodDWac9c3PordLwz5/XL41LevEoM3NWRm5TNgJ3ckPA+J K5OfSK04QtmwSHFP3G/SXDJpGs+oDJgASta2AOl9vPV+t3xG6xyfa2NMGn9wmEvvVMD44Z7R W3RhZPn/NEZ5gaJhIUMgTChGwwWDOX0YPY19vcy5fT4bTIxvoZsLOkLSGoZb/jHIzkAAznug Q7PPeZJ1kXpbW9EHHaUHiCD9C87dMyty0N3TmWfp0VvBCaw32yFtM9jUgB7UVneoZUMUKeHA fgIXhJ7I7JFmw3J0PjGLxCLHf2Q5JOD8jeEXpdxugqF7B/fWYYmyIgwKutiGZeoPhl9c/7RE Bf6f9Qv4AtQoJwtLw6+5pDXsTD5q/GwhPjt7ohF7aQZTMMHhZuS52/izKhDzIufl6uiqUBge 0lqG+/ViLKwCkxHDREuSUTtfjRc9/AoAt2V2HOfgKORSCjFC1eI0+8UMxlfdq2z1AAchinU0 eSkRpX2An3CPEjgGFmu2Je4a/R/Kd6nGU8AFaE8ta0oq5BSFDRYdcKchw4TSxetkG6iUtqOO ZFS7VAdF00eqFJNQpi6IUQryhnrOByw+zSobqlOPUO7XC5fjnwARAQABtCRHZW9yZ2UgVy4g RHVubGFwIDxkdW5sYXBnQHVtaWNoLmVkdT6JAlcEEwEKAEECGwMFCwkIBwMFFQoJCAsFFgID AQACHgECF4ACGQEWIQTXqBy2bTNXPzpOYFimNjwxBZC0bQUCXEowWQUJDCJ7dgAKCRCmNjwx BZC0beKvEACJ75YlJXd7TnNHgFyiCJkm/qPeoQ3sFGSDZuZh7SKcdt9+3V2bFEb0Mii1hQaz 3hRqZb8sYPHJrGP0ljK09k3wf8k3OuNxziLQBJyzvn7WNlE4wBEcy/Ejo9TVBdA4ph5D0YaZ nqdsPmxe/xlTFuSkgu4ep1v9dfVP1TQR0e+JIBa/Ss+cKC5intKm+8JxpOploAHuzaPu0L/X FapzsIXqgT9eIQeBEgO2hge6h9Jov3WeED/vh8kA7f8c6zQ/gs5E7VGALwsiLrhr0LZFcKcw kI3oCCrB/C/wyPZv789Ra8EXbeRSJmTjcnBwHRPjnjwQmetRDD1t+VyrkC6uujT5jmgOBzaj KCqZ8PcMAssOzdzQtKmjUQ2b3ICPs2X13xZ5M5/OVs1W3TG5gkvMh4YoHi4ilFnOk+v3/j7q 65FG6N0JLb94Ndi80HkIOQQ1XVGTyu6bUPaBg3rWK91Csp1682kD/dNVF3FKHrRLmSVtmEQR 5rK0+VGc/FmR6vd4haKGWIRuPxzg+pBR77avIZpU7C7+UXGuZ5CbHwIdY8LojJg2TuUdqaVj yxmEZLOA8rVHipCGrslRNthVbJrGN/pqtKjCClFZHIAYJQ9EGLHXLG9Pj76opfjHij3MpR3o pCGAh6KsCrfrsvjnpDwqSbngGyEVH030irSk4SwIqZ7FwLkBDQRUWmc6AQgAzpc8Ng5Opbrh iZrn69Xr3js28p+b4a+0BOvC48NfrNovZw4eFeKIzmI/t6EkJkSqBIxobWRpBkwGweENsqnd 0qigmsDw4N7J9Xx0h9ARDqiWxX4jr7u9xauI+CRJ1rBNO3VV30QdACwQ4LqhR/WA+IjdhyMH wj3EJGE61NdP/h0zfaLYAbvEg47/TPThFsm4m8Rd6bX7RkrrOgBbL/AOnYOMEivyfZZKX1vv iEemAvLfdk2lZt7Vm6X/fbKbV8tPUuZELzNedJvTTBS3/l1FVz9OUcLDeWhGEdlxqXH0sYWh E9+PXTAfz5JxKH+LMetwEM8DbuOoDIpmIGZKrZ+2fQARAQABiQNbBBgBCgAmAhsCFiEE16gc tm0zVz86TmBYpjY8MQWQtG0FAlxKMJ4FCQnQ/OQBKcBdIAQZAQoABgUCVFpnOgAKCRCyFcen x4Qb7cXrCAC0qQeEWmLa9oEAPa+5U6wvG1t/mi22gZN6uzQXH1faIOoDehr7PPESE6tuR/vI CTTnaSrd4UDPNeqOqVF07YexWD1LDcQG6PnRqC5DIX1RGE3BaSaMl2pFJP8y+chews11yP8G DBbxaIsTcHZI1iVIC9XLhoeegWi84vYc8F4ziADVfowbmbvcVw11gE8tmALCwTeBeZVteXjh 0OELHwrc1/4j4yvENjIXRO+QLIgk43kB57Upr4tP2MEcs0odgPM+Q+oETOJ00xzLgkTnLPim C1FIW2bOZdTj+Uq6ezRS2LKsNmW+PRRvNyA5ojEbA/faxmAjMZtLdSSSeFK8y4SoCRCmNjwx BZC0bevWEACRu+GyQgrdGmorUptniIeO1jQlpTiP5WpVnk9Oe8SiLoXUhXXNj6EtzyLGpYmf kEAbki+S6WAKnzZd3shL58AuMyDxtFNNjNeKJOcl6FL7JPBIIgIp3wR401Ep+/s5pl3Nw8Ii 157f0T7o8CPb54w6S1WsMkU78WzTxIs/1lLblSMcvyz1Jq64g4OqiWI85JfkzPLlloVf1rzy ebIBLrrmjhCE2tL1RONpE/KRVb+Q+PIs5+YcZ+Q1e0vXWA7NhTWFbWx3+N6WW6gaGpbFbopo FkYRpj+2TA5cX5zW148/xU5/ATEb5vdUkFLUFVy5YNUSyeBHuaf6fGmBrDc47rQjAOt1rmyD 56MUBHpLUbvA6NkPezb7T6bQpupyzGRkMUmSwHiLyQNJQhVe+9NiJJvtEE3jol0JVJoQ9WVn FAzPNCgHQyvbsIF3gYkCYKI0w8EhEoH5FHYLoKS6Jg880IY5rXzoAEfPvLXegy6mhYl+mNVN QUBD4h9XtOvcdzR559lZuC0Ksy7Xqw3BMolmKsRO3gWKhXSna3zKl4UuheyZtubVWoNWP/bn vbyiYnLwuiKDfNAinEWERC8nPKlv3PkZw5d3t46F1Dx0TMf16NmP+azsRpnMZyzpY8BL2eur feSGAOB9qjZNyzbo5nEKHldKWCKE7Ye0EPEjECS1gjKDwbkBDQRUWrq9AQgA7aJ0i1pQSmUR 6ZXZD2YEDxia2ByR0uZoTS7N0NYv1OjU8v6p017u0Fco5+Qoju/fZ97ScHhp5xGVAk5kxZBF DT4ovJd0nIeSr3bbWwfNzGx1waztfdzXt6n3MBKr7AhioB1m+vuk31redUdnhbtvN7O40MC+ fgSk5/+jRGxY3IOVPooQKzUO7M51GoOg4wl9ia3H2EzOoGhN2vpTbT8qCcL92ZZZwkBRldoA Wn7c1hEKSTuT3f1VpSmhjnX0J4uvKZ1V2R7rooKJYFBcySC0wa8aTmAtAvLgfcpe+legOtgq DKzLuN45xzEjyjCiI521t8zxNMPJY9FiCPNv0sCkDwARAQABiQI8BBgBCgAmAhsMFiEE16gc tm0zVz86TmBYpjY8MQWQtG0FAlxKNJYFCQnQrVkACgkQpjY8MQWQtG2Xxg//RrRP+PFYuNXt 9C5hec/JoY24TkGPPd2tMC9usWZVImIk7VlHlAeqHeE0lWU0LRGIvOBITbS9izw6fOVQBvCA Fni56S12fKLusWgWhgu03toT9ZGxZ9W22yfw5uThSHQ4y09wRWAIYvhJsKnPGGC2KDxFvtz5 4pYYNe8Icy4bwsxcgbaSFaRh+mYtts6wE9VzyJvyfTqbe8VrvE+3InG5rrlNn51AO6M4Wv20 iFEgYanJXfhicl0WCQrHyTLfdB5p1w+072CL8uryHQVfD0FcDe+J/wl3bmYze+aD1SlPzFoI MaSIXKejC6oh6DAT4rvU8kMAbX90T834Mvbc3jplaWorNJEwjAH/r+v877AI9Vsmptis+rni JwUissjRbcdlkKBisoUZRPmxQeUifxUpqgulZcYwbEC/a49+WvbaYUriaDLHzg9xisijHwD2 yWV8igBeg+cmwnk0mPz8tIVvwi4lICAgXob7HZiaqKnwaDXs4LiS4vdG5s/ElnE3rIc87yru 24n3ypeDZ6f5LkdqL1UNp5/0Aqbr3EiN7/ina4YVyscy9754l944kyHnnMRLVykg0v+kakj0 h0RJ5LbfLAMM8M52KIA3y14g0Fb7kHLcOUMVcgfQ3PrN6chtC+5l6ouDIlSLR3toxH8Aam7E rIFfe2Dk+lD9A9BVd2rfoHA=
  • Cc: "minios-devel@xxxxxxxxxxxxxxxxxxxx" <minios-devel@xxxxxxxxxxxxxxxxxxxx>, xen-devel <xen-devel@xxxxxxxxxxxxxxxxxxxx>, "win-pv-devel@xxxxxxxxxxxxxxxxxxxx" <win-pv-devel@xxxxxxxxxxxxxxxxxxxx>, "committers@xxxxxxxxxxxxxx" <committers@xxxxxxxxxxxxxx>, "mirageos-devel@xxxxxxxxxxxxxxxxxxxx" <mirageos-devel@xxxxxxxxxxxxxxxxxxxx>
  • Delivery-date: Fri, 16 Aug 2019 11:20:05 +0000
  • Ironport-sdr: t+WYHGHRrnfo7Q/O9n3DWnnLjYQDSm+P/Uyfk9MpArqzRimvU2phWCB+Uzi4eQSsi1Fcw9Ayuf jWgvb4pd9ffWwF21pZP2nbPtJ3k+h1QbBNoZZPK/YC4Aj4Fw6QxRIzbmDWbPV0qLs++0VOMde4 JjIsW9hlkSHaUOsF6f/fsBTBpp5AvYOODsWkNUJE8m6JCFU811yjAD+79iEU6lSASS9UAhZjoa VBtJvMuJreE9DZKRsDnLAanO1W1yZ0Yy451tHlE9/MPuG/OhFh8ANVS5XsFHZPcl0qqMmyKabE Qgo=
  • List-id: Xen developer discussion <xen-devel.lists.xenproject.org>
  • Openpgp: preference=signencrypt

On 8/15/19 6:23 PM, Rich Persaud wrote:
>> On Aug 9, 2019, at 13:48, Lars Kurth <lars.kurth@xxxxxxxxxx> wrote:
>>
>> Hi all,
> 
> Hi Lars,
> 
>>
>> Following the discussion we had at the Developer Summit (see 
>> https://wiki.xenproject.org/wiki/Design_Sessions_2019#Community_Issues_.2F_Improvements_-_Communication.2C_Code_of_Conduct.2C_etc.
>>  for notes) I put together a draft for the Code of Conduct which can be 
>> found here as well as inlined below
>> https://docs.google.com/document/d/1NnWdU_VnC1N_ZzxQG6jU9fnY2GPVCcfPJT5KY61WXJM/edit?usp=sharing
>>  
>>
>> It is based on the LF Events CoC as we agreed on (the diff is attached). I 
>> took the scope and enforcement sections from 
>> https://www.contributor-covenant.org/version/1/4/code-of-conduct.html and 
>> simplified it rather than inventing something new.
> 
> Is there precedent for applying a legal contract (Code of Conduct) that was 
> designed for physical space (conference event) to an online context?   Is 
> there an existing Code of Conduct that was legally designed for a similar, 
> online open-source community context, e.g. operating system or hypervisor or 
> other systems-level software dev?

This is sort of a strange question.

Generally speaking, there was a link Lars pointed to in an earlier
thread in preparation for this, making two suggestions about adopting a CoC:

1. Don't create your own CoC from scratch.  Learn from other people's
experiences, mistakes, and so on, rather than re-inventing the wheel.
This will hopefully reduce the chance of re-hashing mistakes other
communities have made.

2. Don't copy-and-paste a CoC unmodified from another project.  Consider
it, adapt it to your own community culture and situation.  This makes
sure that the CoC is not a tick-box exercise, but that people in your
community have thoughfully considered various issues and genuinely
decided to commit to them.

I think both of those bits of advice are good; and it appears to me that
this is exactly what Lars (with input from a number of others) has done.

There are two things that we want, in general:

1. To cast a vision for what ideal contributor behavior should be

2. To set a bar for minimum acceptable behavior, and a way for excluding
people whose behavior consistently falls below that bar.

One area in particular where Lars thought other CoCs were weak was in
trying to combine #1 and #2.  They need different responses.  #1 needs
encouragement and vision.  #2 needs teeth: We need to be able to apply
penalties and exclude people.

As a result, Lars has suggested (and many people have agreed), that we
separate the two functions.  This document is about #2, not #1.  We plan
to do #1 after #2 is completed.

>> # Expected Behavior
>> All Xen Project community members are expected to behave in accordance with 
>> professional standards, with both the Xen Project Code of Conduct as well as 
>> their 
>> respective employer’s policies governing appropriate workplace behavior, and 
>> applicable laws.
> 
> In the x86 community call where this was first discussed, I suggested that we 
> try to define desirable behavior, which we would like to incentivize and 
> promote.   In this current draft, we have a single sentence on positive 
> behavior, with inclusion-by-reference to:

We plan on doing this, but in another document.

> If incorporation-by-reference is not sufficient, e.g. if we will maintain a 
> blacklist of unacceptable behavior for collaborative, online open-source 
> development, do we also need a whitelist of acceptable behavior?  Within Xen 
> source code, we have been moving away from blacklists towards whitelists.

Unlike hypercalls, all human behavior cannot be enumerated; and if it
could, 100% certainty cannot be obtained about what a certain behavior
is, or even exactly what did or did not happen.  No matter what we write
down, at some point, you're just going to have to either trust the
people making the decisions.

>> # Unacceptable Behavior
>> Harassment will not be tolerated in the Xen Project Community in any form, 
>> including but not limited to harassment based on gender, gender identity and 
>> expression, sexual orientation, disability, physical appearance, body size, 
>> race, 
>> age, religion, ethnicity, nationality, level of experience, education, or 
>> socio-economic status or any other status protected by laws in jurisdictions 
>> in 
>> which community members are based. Harassment includes the use of abusive, 
>> offensive or degrading language, intimidation, stalking, harassing 
>> photography 
>> or recording, inappropriate physical contact, sexual imagery and unwelcome 
>> sexual advances, requests for sexual favors, publishing others' private 
>> information such as a physical or electronic address without explicit 
>> permission
> 
> Picking one item at random:  would a conference-originated blacklist 
> prohibition be appropriate for online open-source development?  E.g. if 
> someone's email address were included in a xen-devel thread (on the cc line), 
> without obtaining explicit permission, would that be unacceptable behavior 
> for a Xen developer?  That could disqualify much of the current development 
> community.

Suppose Bob has a private email address that he doesn't want to become
public.  Suppose that Alice knows this address, and also knows that Bob
wants this to be private.  And suppose that Alice and purposely CC's
Bob's private email address on a mail to xen-devel in retribution for
something (for instance, because Bob broke up with Alice).

Is that harassment?  Yes, absolutely.

Now, it may sometimes be difficult to determine whether something like
"Alice knew that Bob wanted this private" and "Alice purposely revealed
Bob's address" are true statements or not.  It may be in fact that *Bob*
is raising a false issue with the CoC team in retribution for something
*Alice* has done.

This sort of situation puts the CoC team in a difficult place: If they
don't act, and Alice really was harassing Bob, then they are effectively
enabling Alice's behavior.  People like Bob will leave, and more people
like Alice will come.  If they do act, and Alice wasn't really harassing
Bob, then they are effectively enabling Bob's behavior; people like
Alice will leave, and more people like Bob will come.

Life is often unclear and messy; but that doesn't excuse us from acting.
 We've all got to try to make the best decision we can with limited
information.

>> Any report of harassment within the Xen Project community will be addressed 
>> swiftly. Participants asked to stop any harassing behavior are expected to 
>> comply immediately. Anyone who witnesses or is subjected to unacceptable 
>> behavior should notify the Xen Project’s CoC team via conduct@xxxxxxxxxxxxxx.
>>
>> # Consequences of Unacceptable Behavior
>> If a participant engages in harassing behavior, the Xen Project’s CoC team 
>> may 
>> take any action it deems appropriate, ranging from issuance of a warning to 
>> the 
>> offending individual to expulsion from the Xen Project community.
> 
> This is an enforceable action in the physical world, e.g. conference event, 
> but may be more difficult online.  As the existence of spam, bots, 
> robocallers and cyberattack attribution forensics have shown, digital 
> identity is not as clear cut as physical identity at a conference.   It may 
> be better to look for precedent CoC legal clauses that were designed for 
> online contexts.

I think you're overthinking this.  If someone is banned and then creates
a false identity which thereafter behaves in such a way that we cannot
tell it is the original person, then we will still have accomplished our
goal of creating a harassment-free environment.  If someone is banned
and continues to create false identities which continue to misbehave in
the same way as the banned person, then 1) it will be clear who they
are, and 2) we can temporarily prevent new addresses from subscribing to
the list without a second level of approval.

If we really get some sort of persistent troll who just won't go away,
then we can decide what to do at that point.  But I would have
absolutely no regrets about attempting to remove such a person from our
community.

> Let's assume that digital identity can be proven and a person can be expelled 
> from the Xen Project community.  Would this action apply only to the person's 
> digital identity at Company X, or also to their new digital identity at 
> Company Y?  i.e. would behavior and enforcement be scoped to the individual, 
> the company or both?  

Your examples are really contrived.

The goal of the CoC, as stated, is to create a harassment-free
environment.  If person A has done harassing at company X, and we ban
them, then naturally they're banned at company Y as well.

Banning other people at company X will generally not promote
harassment-free environment; but you could imagine situations where it
would.  That would obviously be a drastic step.

> The "Acceptable Behavior" clause includes individual, company and 
> nation-state in scope of governance.  If the "Unacceptable Behavior" clauses 
> would lead to economic harm for a company, e.g. impacting a company's ability 
> to ship a commercial release of  product with Xen Project components, would 
> the company be given an opportunity to improve the behavior of their 
> employee, within the employment context of their work in the collaborative, 
> open-source development of Xen?  What would be due process for such 
> improvement opportunity, in compliance with nation-state labor laws for 
> employee termination?

Not sure what the first sentence has to do with the rest of the
paragraph.  You seem to be muddling up a couple of questions:

1. Will offenders be given opportunity to amend their behavior before
being permanently banned?

2. Can people be given more lenient treatment if they are economically
important to a company?

3. If an employee is banned, does the company have to fire them?

The answer to #1 is, "if possible".  If genuine change and
reconciliation can take place, that's obviously better than expulsion.
Relatively minor violations, where it's clear that expectations were not
understood, would probably only receive a warning.  Serious violations
may require a temporary ban on principle, but "temporary ban" implies
the expectation that things can improve.  Extremely serious violations
may require an immediate permanent ban.

The answer to #2 is, as far as I'm concerned, "absolutely not".

The answer to #3 is, "that's not really any of our business".

> If the "Unacceptable Behavior" clauses would lead to blacklisting of a 
> person's digital and physical identities from the online, collaborative, 
> open-source development community of Xen, would this have a material impact 
> on the ability of that human to find employment in any company or 
> nation-state?  If so, would such a public employment blacklist be compliant 
> with the labor laws of affected nation-states?  

What happens if Xen becomes so ubiquitous our important that not being
able to submit patches or participate in our mailing list means you
can't find a job at all as a software developer at all, in any country
or any company?  I think we'll cross that bridge when we come to it. :-)

More seriously: Yes, if we permanently ban someone from the mailing
list, it's possible they may sue us claiming that it's an illegal
employment blacklist.  Assuming we've only banned people who have either
persistently displayed bad behavior, or displayed extreme behavior at
least once,  I expect the law will be on our side.  If not, we'll have
to figure out how to adapt our policies based on the details of that
particular case.

(If you know of any relevant case law, then of course please share it.)

> If not, would there be dis-incentives for a Xen-contributing company to hire 
> someone who could not participate in the online, collaborative, open-source 
> development community for Xen Project?

Um, yes?  But hopefully a larger dis-incentive would be to hire someone
who had acted in such a way as to get banned in the first place.

Your attitude seems to be, "Oh, what about poor Alice, who has been
banned from the community and now can't get a job working on Xen!"
Don't forget Bob, whom (as far as we can tell) Alice has been
persistently harassing, in spite of repeated warnings to stop.  In such
a situation *one of those two people are going to be excluded*.  If we
do not exclude Alice, then Bob will be excluded from the community by
Alice's behavior (and the rest of us ignoring it).

Assuming that we've investigated the issue and determined that Alice is
the one behaving inappropriately, I'd much rather exclude Alice than Bob.

> Would these considerations influence a company which is selecting a global 
> labor pool of hypervisor talent and open-source hypervisor for their 
> commercial product?  Can we perform a comparative analysis of these scenarios 
> for the proposed Xen Project CoC vs. other OSS hypervisors which compete with 
> Xen?

I firmly believe that a community that insists on minimum standards of
behavior will be "more competitive" than a community which tolerates
toxic behavior because the people who do so seem to get a lot of work done.

But even if that's not the case, I'd rather work in a slightly less
"competitive" community than put up with toxic behavior.

> These are some example scenarios where a conference/event CoC may not be 
> suitable.

I don't see how any of your arguments are particular to conferences.

 -George

_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxxxxxxxxx
https://lists.xenproject.org/mailman/listinfo/xen-devel

 


Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.