lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <87d0rx65xs.fsf@notabene.neil.brown.name>
Date:   Fri, 26 Oct 2018 09:02:23 +1100
From:   NeilBrown <neil@...wn.name>
To:     Laura Abbott <labbott@...hat.com>,
        Greg Kroah-Hartman <gregkh@...uxfoundation.org>,
        linux-kernel <linux-kernel@...r.kernel.org>,
        Linus Torvalds <torvalds@...ux-foundation.org>
Cc:     ksummit-discuss@...ts.linuxfoundation.org,
        Thomas Gleixner <tglx@...utronix.de>,
        Olof Johansson <olof@...om.net>, Chris Mason <clm@...com>,
        Mishi Choudhary <mishi@...ux.com>
Subject: Re: Call to Action Re: [PATCH 0/7] Code of Conduct: Fix some wording, and add an interpretation document

On Wed, Oct 24 2018, Laura Abbott wrote:

> On 10/21/2018 02:20 PM, NeilBrown wrote:
>
> <snip>
>
>> I call on the community to consider what *does* need to be said, about
>> conduct, to people outside the community and who have recently joined.
>> What is the document that you would have liked to have read as you were
>> starting out?  It is all too long ago for me to remember clearly, and so
>> much has changed.
>> 
>
> I joined much more recently than many and what I would have wanted
> then is an interesting question. I probably would _not_ have wanted
> a code of conduct when I first started working in open source. I also
> said things in my younger years I regret and probably wouldn't have
> said if I was held to a higher standard of conduct. Younger me frequently
> put up with behavior I wouldn't tolerate today. Younger me also
> greatly benefited from the experience of other kernel developers
> giving me firm feedback in a helpful way and saying no to bad approaches.
> I don't believe I would have continued if I hadn't been given that
> feedback in a useful way.

Thanks for this thoughtful reply.  You seem to make two key points.

Firstly, you repeatedly value feedback - both positive and negative.  I
agree.  One of the worst things that can happen when I post a patch, is
that it get ignored (no feedback).
This gels with what Linus said recently, as reported in
 https://lwn.net/Articles/769117/

     To that end, he asked the assembled group to watch his emails and
     let him know if things start to get close to the edge.

He explicitly asked for feedback, giving people permission to speak up
when they thought he was out of line.  I personally think this is a
very significant statement.  Not for what it tells those maintainers
(who probably generally knew that already) so much as for what it tells
the broader community who don't know Linus so well: Feedback about
behaviour is explicitly welcome.

You go on to say, below, that a private e-mail can resolve things.  I
don't actually think that a private e-mail is such a good idea because
even though it might resolve things, it doesn't let the broader
community know they are resolved, and doesn't set any example of how
resolution works.  Giving feedback in public is hard, but if there was a
clearly established mechanism, that might make it easier.  I wouldn't
choose the wording you provided as it focuses on "you" rather than "me",
but that sort of gentleness is definitely appropriate.

Your second point is about more serious issues and particularly how they
will be handled.  As I have said elsewhere, and will not belabor here,
I think this is upside down: we can and should give power to the weak,
rather than trying to curb the power of the strong.

Extrapolating from the "feedback" point, I'm imagining having a document
which starts:

  In the Linux kernel community we try to be helpful and not hurtful.
  The best way to understand how this applies in practice is to give,
  receive, and observe feedback.

  If someone says/does/writes something that you think is helpful, consider
  saying so: "Thank you, I found that to be helpful".
  - You can your own words if you wish.
  - You might like to add your voice to others if the situation warrants
    it.
  If someone says/does/writes something that you think is hurtful
  (whether to yourself or someone else), please consider saying
  something:
  "This seems hurtful to me"
  - It is best to use exactly this wording.  In particular, don't
    embellish or explain unless asked.
  - Normally just one voice is sufficient.  If an individual repeats
    the hurtful behavior, one new voice per instance is sufficient.


It might then continue with some specifics, though there seems to be
some debate on whether such specifics are a good idea.  I don't have a
firm opinion.

Thanks a lot,
NeilBrown

  
  

>
> Today, I think the code of conduct is a very important addition to
> the community. It's a stronger assertion that the kernel community
> is committed to raising the bar for behavior. I have no concern about
> patch review or quality dropping because most maintainers demonstrate
> every day that they can give effective feedback. We're all going to
> screw that up sometimes and the Code of Conduct reminds us to do our
> best. Most issues that arise can be resolved with a private e-mail
> going "you might want to rethink your wording there."
>
> What the Code of Conduct also provides is confidence that more serious
> community issues such as harassment not related to patch
> review can be handled. It spells out certain behaviors that won't
> be tolerated and explains how those problems will be dealt with.
> Will those problems actually be handled appropriately when the time
> comes? I can't actually say for sure, but the kernel community works
> on trust so I guess I have to trust that it will. I really hope I never
> have to report harassment but I'm glad there's a process in place.
>
> Thanks,
> Laura

Download attachment "signature.asc" of type "application/pgp-signature" (833 bytes)

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ