lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <ZzJkAJEjKidV8Fiz@phenom.ffwll.local>
Date: Mon, 11 Nov 2024 21:07:28 +0100
From: Simona Vetter <simona.vetter@...ll.ch>
To: Shuah Khan <skhan@...uxfoundation.org>
Cc: gregkh@...uxfoundation.org, corbet@....net, workflows@...r.kernel.org,
	linux-doc@...r.kernel.org, linux-kernel@...r.kernel.org,
	Linus Torvalds <torvalds@...ux-foundation.org>,
	Miguel Ojeda <ojeda@...nel.org>,
	Dave Hansen <dave.hansen@...ux.intel.com>,
	Steven Rostedt <rostedt@...dmis.org>,
	Dan Williams <dan.j.williams@...el.com>,
	Dave Airlie <airlied@...il.com>,
	DRI Development <dri-devel@...ts.freedesktop.org>
Subject: Re: [PATCH] Documentation/CoC: spell out enforcement for
 unacceptable behaviors

On Fri, Nov 08, 2024 at 09:18:53AM -0700, Shuah Khan wrote:
> The Code of Conduct committee's goal first and foremost is to bring about
> change to ensure our community continues to foster respectful discussions.
> 
> In the interest of transparency, the CoC enforcement policy is formalized
> for unacceptable behaviors.
> 
> Update the Code of Conduct Interpretation document with the enforcement
> information.
> 
> Acked-by: Linus Torvalds <torvalds@...ux-foundation.org>
> Acked-by: Greg Kroah-Hartman <gregkh@...uxfoundation.org>
> Acked-by: Miguel Ojeda <ojeda@...nel.org>
> Acked-by: Dave Hansen <dave.hansen@...ux.intel.com>
> Acked-by: Jonathan Corbet <corbet@....net>
> Acked-by: Steven Rostedt <rostedt@...dmis.org>
> Acked-by: Dan Williams <dan.j.williams@...el.com>
> Signed-off-by: Shuah Khan <skhan@...uxfoundation.org>

I think it's really good to document these details. The freedesktop coc
team is going through the same process, we've also done a talk at XDC
about all these changes, and I think this helps a lot in transparency and
accountability in practice. With that, some thoughts below.

> ---
>  .../code-of-conduct-interpretation.rst        | 52 +++++++++++++++++++
>  1 file changed, 52 insertions(+)
> 
> diff --git a/Documentation/process/code-of-conduct-interpretation.rst b/Documentation/process/code-of-conduct-interpretation.rst
> index 66b07f14714c..21dd1cd871d2 100644
> --- a/Documentation/process/code-of-conduct-interpretation.rst
> +++ b/Documentation/process/code-of-conduct-interpretation.rst
> @@ -156,3 +156,55 @@ overridden decisions including complete and identifiable voting details.
>  Because how we interpret and enforce the Code of Conduct will evolve over
>  time, this document will be updated when necessary to reflect any
>  changes.
> +
> +Enforcement for Unacceptable Behavior Code of Conduct Violations
> +----------------------------------------------------------------
> +
> +The Code of Conduct committee works to ensure that our community continues
> +to be inclusive and fosters diverse discussions and viewpoints, and works
> +to improve those characteristics over time. The Code of Conduct committee
> +takes measures to restore productive and respectful collaboration when an
> +unacceptable behavior has negatively impacted that relationship.
> +
> +Seek public apology for the violation
> +*************************************
> +
> +The Code of Conduct Committee publicly calls out the behavior in the
> +setting in which the violation has taken place, seeking public apology
> +for the violation.
> +
> +A public apology for the violation is the first step towards rebuilding
> +the trust. Trust is essential for the continued success and health of the
> +community which operates on trust and respect.

Personal take, but I think a forced public apology as the primary or at
least initial coc enforcement approach is one of the worst.

First, a ban or temporary suspension seems too mechanical and not in
proportion with the offence of failing to apologize. In my enforcement
thus far as maintainer and now also freedesktop.org CoC member we only use
punishment if behavior has failed to change _and_ we need to protect the
community from further harm. Usually it takes years to get to that point,
unless in extremely severe cases (like public harrassment campaigns) or
when the person stated that they refuse to even consider changing behavior
at all.

Public means you're amping up the stakes and massively increase the odds
of people being afraid of their reputation and losing face. In my
experience people are a lot more reasonable when you discuss their
behavior and what needs to change in private. This even includes the case
where a temporary suspension had to be put in place already first, to
protect others.

Lastly, a forced apology puts any victim into the awkward position that
they're forced to decide whether they want to accept the apology, or
reject it. This essentially offloads part of the CoC enforcement work onto
victims, which often are not the ones with the power to actually stand up
to problematic behavior.

Note that I don't see this as a nack, just a heads up that there's a
potential conflict. I'm not worried though since Dave and me know pretty
much everyone involved in both CoC teams. I'm sure if this ever becomes a
real issue we can bridge things and figure out a solution.

Cheers, Sima

> +
> +Remedial measures if there is no public apology for the violation
> +*****************************************************************
> +
> +The Code of Conduct Committee determines the next course of action
> +to restore the healthy collaboration by recommending remedial measure(s)
> +to the TAB for approval.
> +
> +- Ban violator from participating in the kernel development process for
> +  a period of up to a full kernel development cycle. The Code of Conduct
> +  Committtee could require public apology as a condition for lifting the
> +  ban.
> +
> +The scope of the ban for a period of time could include:
> +
> +    a. denying patch contributions and pull requests
> +    b. pausing collaboration with the violator by ignoring their
> +       contributions and/or blocking their email account(s)
> +    c. blocking their access to kernel.org accounts and mailing lists
> +
> +Once the TAB approves one or more of the measures outlined in the scope of
> +the ban by a two-thirds vote, the Code of Conduct Committee will enforce
> +the TAB approved measure(s) in collaboration with the community, maintainers,
> +sub-maintainers, and kernel.org administrators.
> +
> +The effectiveness of the remedial measure(s) approved by the TAB depends
> +on the trust and cooperation from the community, maintainers, sub-maintainers,
> +and kernel.org administrators in enforcing them.
> +
> +The Code of Conduct Committee sincerely hopes that unacceptable behaviors
> +that require seeking public apologies continue to be exceedingly rare
> +occurrences in the future.
> -- 
> 2.40.1
> 

-- 
Simona Vetter
Software Engineer, Intel Corporation
http://blog.ffwll.ch

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ