Hi Rich,

thanks for the feedback. I am going to

On 15/08/2019, 18:23, "Rich Persaud" <pers...@gmail.com> wrote:

    > On Aug 9, 2019, at 13:48, Lars Kurth <lars.ku...@citrix.com> wrote:


    > Hi all,

    Hi Lars,


    > Following the discussion we had at the Developer Summit (see 
 for notes) I put together a draft for the Code of Conduct which can be found 
here as well as inlined below



    > It is based on the LF Events CoC as we agreed on (the diff is attached). 
I took the scope and enforcement sections from 
https://www.contributor-covenant.org/version/1/4/code-of-conduct.html and 
simplified it rather than inventing something new.

    Is there precedent for applying a legal contract (Code of Conduct) that was 
designed for physical space (conference event) to an online context?   Is there 
an existing Code of Conduct that was legally designed for a similar, online 
open-source community context, e.g. operating system or hypervisor or other 
systems-level software dev?

If you look at 
https://www.contributor-covenant.org/version/1/4/code-of-conduct.html or many 
other examples, what we ended up with is almost identical. The same is true for 
most other CoCs which are used as “gold standard”.

Also of course, the Code of Conduct is not a legal or legally enforceable 

    > # Expected Behavior

    > All Xen Project community members are expected to behave in accordance 

    > professional standards, with both the Xen Project Code of Conduct as well 
as their

    > respective employer’s policies governing appropriate workplace behavior, 

    > applicable laws.

    In the x86 community call where this was first discussed, I suggested that 
we try to define desirable behavior, which we would like to incentivize and 
promote.   In this current draft, we have a single sentence on positive 
behavior, with inclusion-by-reference to:

    - professional standards

    - corporate policy

    - city, state and national/federal law

    If it is sufficient to define acceptable behavior by reference to external 
governance institutions and cultural practices, can we do the same for 
unacceptable behavior, i.e. anything that violates the above?

    If incorporation-by-reference is not sufficient, e.g. if we will maintain a 
blacklist of unacceptable behavior for collaborative, online open-source 
development, do we also need a whitelist of acceptable behavior?  Within Xen 
source code, we have been moving away from blacklists towards whitelists.

I think we agreed all to look at desirable behaviour, but cover this elsewhere. 
This is what is covered in the “Our Pledge” section at the end. I just have not 
gotten round to write this yet as it is a lot more complex. When this was 
discussed, I thought we decided to keep the desirable behaviour out of the CoC 
as otherwise people may get the impression that if they come across as for 
example unfriendly, there may be consequences.

    > # Unacceptable Behavior

    > Harassment will not be tolerated in the Xen Project Community in any form,

    > including but not limited to harassment based on gender, gender identity 

    > expression, sexual orientation, disability, physical appearance, body 
size, race,

    > age, religion, ethnicity, nationality, level of experience, education, or

    > socio-economic status or any other status protected by laws in 
jurisdictions in

    > which community members are based. Harassment includes the use of abusive,

    > offensive or degrading language, intimidation, stalking, harassing 

    > or recording, inappropriate physical contact, sexual imagery and unwelcome

    > sexual advances, requests for sexual favors, publishing others' private

    > information such as a physical or electronic address without explicit 

    Picking one item at random:  would a conference-originated blacklist 
prohibition be appropriate for online open-source development?  E.g. if 
someone's email address were included in a xen-devel thread (on the cc line), 
without obtaining explicit permission, would that be unacceptable behavior for 
a Xen developer?  That could disqualify much of the current development 

Again, the list is very similar to those in most other CoC’s. So, I think the 
answer is yes

    > Any report of harassment within the Xen Project community will be 

    > swiftly. Participants asked to stop any harassing behavior are expected to

    > comply immediately. Anyone who witnesses or is subjected to unacceptable

    > behavior should notify the Xen Project’s CoC team via 


    > # Consequences of Unacceptable Behavior

    > If a participant engages in harassing behavior, the Xen Project’s CoC 
team may

    > take any action it deems appropriate, ranging from issuance of a warning 
to the

    > offending individual to expulsion from the Xen Project community.

    This is an enforceable action in the physical world, e.g. conference event, 
but may be more difficult online.  As the existence of spam, bots, robocallers 
and cyberattack attribution forensics have shown, digital identity is not as 
clear cut as physical identity at a conference.   It may be better to look for 
precedent CoC legal clauses that were designed for online contexts.

    Let's assume that digital identity can be proven and a person can be 
expelled from the Xen Project community.  Would this action apply only to the 
person's digital identity at Company X, or also to their new digital identity 
at Company Y?  i.e. would behavior and enforcement be scoped to the individual, 
the company or both?

    The "Acceptable Behavior" clause includes individual, company and 
nation-state in scope of governance.  If the "Unacceptable Behavior" clauses 
would lead to economic harm for a company, e.g. impacting a company's ability 
to ship a commercial release of  product with Xen Project components, would the 
company be given an opportunity to improve the behavior of their employee, 
within the employment context of their work in the collaborative, open-source 
development of Xen?  What would be due process for such improvement 
opportunity, in compliance with nation-state labor laws for employee 

    If the "Unacceptable Behavior" clauses would lead to blacklisting of a 
person's digital and physical identities from the online, collaborative, 
open-source development community of Xen, would this have a material impact on 
the ability of that human to find employment in any company or nation-state?  
If so, would such a public employment blacklist be compliant with the labor 
laws of affected nation-states?

    Would Xen-contributing companies be required to enforce the blacklist when 
hiring employees?  If so, would this create the appearance of a "cartel", a 
construct prohibited by some nation-states under antitrust law.  If not, would 
there be dis-incentives for a Xen-contributing company to hire someone who 
could not participate in the online, collaborative, open-source development 
community for Xen Project?

    Would these considerations influence a company which is selecting a global 
labor pool of hypervisor talent and open-source hypervisor for their commercial 
product?  Can we perform a comparative analysis of these scenarios for the 
proposed Xen Project CoC vs. other OSS hypervisors which compete with Xen?

    These are some example scenarios where a conference/event CoC may not be 

In a nutshell: if for example I performed a series CoC violation that could 
lead me losing my job. For example, if I were to send sexually explicit 
material to another community member and that person reports it, and our CoC 
team verifies that indeed the material was sent from my laptop, I would expect 
that I could be expelled as community member.  However, in this case (and 
probably most cases) that I would also violate my employer’s policies governing 
appropriate workplace and could lose my job if the victim reported the issue to 
my employer.

The challenge for the project would be to communicate why a community member 
was expelled. In such a scenario:

  1.  If we stay opaque there may be community pushback
  2.  If we are transparent about the reasons that may lead to severe 
consequences for the person who committed a series CoC violation – primarily 
because of the public nature of the communication about the CoC violation

In any case, the fact that the text was based on an events CoC is in my view 
irrelevant, because the issues you outlined apply to every CoC out there. They 
are intrinsic to having a CoC.

There are very few examples of how projects would indeed handle violations. A 
good example is Django: see
* https://www.djangoproject.com/conduct/enforcement-manual/
* https://www.djangoproject.com/conduct/reporting/

I won’t be able to spend much time on this in the next two weeks, but I wanted 
to make my position clear, before we end up in a long discussion on detail 
which I think is not relevant to the specific text but to the fact that we 
introduce a CoC.

Best Regards

MirageOS-devel mailing list

Reply via email to