Hi Rich,
thanks for the feedback. I am going to
On 15/08/2019, 18:23, "Rich Persaud" <pers...@gmail.com> wrote:
> On Aug 9, 2019, at 13:48, Lars Kurth <lars.ku...@citrix.com> wrote:
>
> Hi all,
Hi Lars,
>
> Following the discussion we had at the Developer Summit (see
https://wiki.xenproject.org/wiki/Design_Sessions_2019#Community_Issues_.2F_Improvements_-_Communication.2C_Code_of_Conduct.2C_etc.
for notes) I put together a draft for the Code of Conduct which can be found
here as well as inlined below
>
https://docs.google.com/document/d/1NnWdU_VnC1N_ZzxQG6jU9fnY2GPVCcfPJT5KY61WXJM/edit?usp=sharing
>
> It is based on the LF Events CoC as we agreed on (the diff is attached).
I took the scope and enforcement sections from
https://www.contributor-covenant.org/version/1/4/code-of-conduct.html and
simplified it rather than inventing something new.
Is there precedent for applying a legal contract (Code of Conduct) that was
designed for physical space (conference event) to an online context? Is there
an existing Code of Conduct that was legally designed for a similar, online
open-source community context, e.g. operating system or hypervisor or other
systems-level software dev?
If you look at
https://www.contributor-covenant.org/version/1/4/code-of-conduct.html or many
other examples, what we ended up with is almost identical. The same is true for
most other CoCs which are used as “gold standard”.
Also of course, the Code of Conduct is not a legal or legally enforceable
document
> # Expected Behavior
> All Xen Project community members are expected to behave in accordance
with
> professional standards, with both the Xen Project Code of Conduct as well
as their
> respective employer’s policies governing appropriate workplace behavior,
and
> applicable laws.
In the x86 community call where this was first discussed, I suggested that
we try to define desirable behavior, which we would like to incentivize and
promote. In this current draft, we have a single sentence on positive
behavior, with inclusion-by-reference to:
- professional standards
- corporate policy
- city, state and national/federal law
If it is sufficient to define acceptable behavior by reference to external
governance institutions and cultural practices, can we do the same for
unacceptable behavior, i.e. anything that violates the above?
If incorporation-by-reference is not sufficient, e.g. if we will maintain a
blacklist of unacceptable behavior for collaborative, online open-source
development, do we also need a whitelist of acceptable behavior? Within Xen
source code, we have been moving away from blacklists towards whitelists.
I think we agreed all to look at desirable behaviour, but cover this elsewhere.
This is what is covered in the “Our Pledge” section at the end. I just have not
gotten round to write this yet as it is a lot more complex. When this was
discussed, I thought we decided to keep the desirable behaviour out of the CoC
as otherwise people may get the impression that if they come across as for
example unfriendly, there may be consequences.
> # Unacceptable Behavior
> Harassment will not be tolerated in the Xen Project Community in any form,
> including but not limited to harassment based on gender, gender identity
and
> expression, sexual orientation, disability, physical appearance, body
size, race,
> age, religion, ethnicity, nationality, level of experience, education, or
> socio-economic status or any other status protected by laws in
jurisdictions in
> which community members are based. Harassment includes the use of abusive,
> offensive or degrading language, intimidation, stalking, harassing
photography
> or recording, inappropriate physical contact, sexual imagery and unwelcome
> sexual advances, requests for sexual favors, publishing others' private
> information such as a physical or electronic address without explicit
permission
Picking one item at random: would a conference-originated blacklist
prohibition be appropriate for online open-source development? E.g. if
someone's email address were included in a xen-devel thread (on the cc line),
without obtaining explicit permission, would that be unacceptable behavior for
a Xen developer? That could disqualify much of the current development
community.
Again, the list is very similar to those in most other CoC’s. So, I think the
answer is yes
> Any report of harassment within the Xen Project community will be
addressed
> swiftly. Participants asked to stop any harassing behavior are expected to
> comply immediately. Anyone who witnesses or is subjected to unacceptable
> behavior should notify the Xen Project’s CoC team via
cond...@xenproject.org.
>
> # Consequences of Unacceptable Behavior
> If a participant engages in harassing behavior, the Xen Project’s CoC
team may
> take any action it deems appropriate, ranging from issuance of a warning
to the
> offending individual to expulsion from the Xen Project community.
This is an enforceable action in the physical world, e.g. conference event,
but may be more difficult online. As the existence of spam, bots, robocallers
and cyberattack attribution forensics have shown, digital identity is not as
clear cut as physical identity at a conference. It may be better to look for
precedent CoC legal clauses that were designed for online contexts.
Let's assume that digital identity can be proven and a person can be
expelled from the Xen Project community. Would this action apply only to the
person's digital identity at Company X, or also to their new digital identity
at Company Y? i.e. would behavior and enforcement be scoped to the individual,
the company or both?
The "Acceptable Behavior" clause includes individual, company and
nation-state in scope of governance. If the "Unacceptable Behavior" clauses
would lead to economic harm for a company, e.g. impacting a company's ability
to ship a commercial release of product with Xen Project components, would the
company be given an opportunity to improve the behavior of their employee,
within the employment context of their work in the collaborative, open-source
development of Xen? What would be due process for such improvement
opportunity, in compliance with nation-state labor laws for employee
termination?
If the "Unacceptable Behavior" clauses would lead to blacklisting of a
person's digital and physical identities from the online, collaborative,
open-source development community of Xen, would this have a material impact on
the ability of that human to find employment in any company or nation-state?
If so, would such a public employment blacklist be compliant with the labor
laws of affected nation-states?
Would Xen-contributing companies be required to enforce the blacklist when
hiring employees? If so, would this create the appearance of a "cartel", a
construct prohibited by some nation-states under antitrust law. If not, would
there be dis-incentives for a Xen-contributing company to hire someone who
could not participate in the online, collaborative, open-source development
community for Xen Project?
Would these considerations influence a company which is selecting a global
labor pool of hypervisor talent and open-source hypervisor for their commercial
product? Can we perform a comparative analysis of these scenarios for the
proposed Xen Project CoC vs. other OSS hypervisors which compete with Xen?
These are some example scenarios where a conference/event CoC may not be
suitable.
In a nutshell: if for example I performed a series CoC violation that could
lead me losing my job. For example, if I were to send sexually explicit
material to another community member and that person reports it, and our CoC
team verifies that indeed the material was sent from my laptop, I would expect
that I could be expelled as community member. However, in this case (and
probably most cases) that I would also violate my employer’s policies governing
appropriate workplace and could lose my job if the victim reported the issue to
my employer.
The challenge for the project would be to communicate why a community member
was expelled. In such a scenario:
1. If we stay opaque there may be community pushback
2. If we are transparent about the reasons that may lead to severe
consequences for the person who committed a series CoC violation – primarily
because of the public nature of the communication about the CoC violation
In any case, the fact that the text was based on an events CoC is in my view
irrelevant, because the issues you outlined apply to every CoC out there. They
are intrinsic to having a CoC.
There are very few examples of how projects would indeed handle violations. A
good example is Django: see
* https://www.djangoproject.com/conduct/enforcement-manual/
* https://www.djangoproject.com/conduct/reporting/
I won’t be able to spend much time on this in the next two weeks, but I wanted
to make my position clear, before we end up in a long discussion on detail
which I think is not relevant to the specific text but to the fact that we
introduce a CoC.
Best Regards
Lars
_______________________________________________
Xen-devel mailing list
Xen-devel@lists.xenproject.org
https://lists.xenproject.org/mailman/listinfo/xen-devel
