[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [MirageOS-devel] [Xen-devel] [RFC] Code of Conduct

Hi Rich,


thanks for the feedback. I am going to


On 15/08/2019, 18:23, "Rich Persaud" <persaur@xxxxxxxxx> wrote:


    > On Aug 9, 2019, at 13:48, Lars Kurth <lars.kurth@xxxxxxxxxx> wrote:


    > Hi all,


    Hi Lars,



    > Following the discussion we had at the Developer Summit (see https://wiki.xenproject.org/wiki/Design_Sessions_2019#Community_Issues_.2F_Improvements_-_Communication.2C_Code_of_Conduct.2C_etc. for notes) I put together a draft for the Code of Conduct which can be found here as well as inlined below

    > https://docs.google.com/document/d/1NnWdU_VnC1N_ZzxQG6jU9fnY2GPVCcfPJT5KY61WXJM/edit?usp=sharing


    > It is based on the LF Events CoC as we agreed on (the diff is attached). I took the scope and enforcement sections from https://www.contributor-covenant.org/version/1/4/code-of-conduct.html and simplified it rather than inventing something new.


    Is there precedent for applying a legal contract (Code of Conduct) that was designed for physical space (conference event) to an online context?   Is there an existing Code of Conduct that was legally designed for a similar, online open-source community context, e.g. operating system or hypervisor or other systems-level software dev?


If you look at https://www.contributor-covenant.org/version/1/4/code-of-conduct.html or many other examples, what we ended up with is almost identical. The same is true for most other CoCs which are used as “gold standard”.

Also of course, the Code of Conduct is not a legal or legally enforceable document


    > # Expected Behavior

    > All Xen Project community members are expected to behave in accordance with

    > professional standards, with both the Xen Project Code of Conduct as well as their

    > respective employer’s policies governing appropriate workplace behavior, and

    > applicable laws.


    In the x86 community call where this was first discussed, I suggested that we try to define desirable behavior, which we would like to incentivize and promote.   In this current draft, we have a single sentence on positive behavior, with inclusion-by-reference to:


    - professional standards

    - corporate policy

    - city, state and national/federal law


    If it is sufficient to define acceptable behavior by reference to external governance institutions and cultural practices, can we do the same for unacceptable behavior, i.e. anything that violates the above?


    If incorporation-by-reference is not sufficient, e.g. if we will maintain a blacklist of unacceptable behavior for collaborative, online open-source development, do we also need a whitelist of acceptable behavior?  Within Xen source code, we have been moving away from blacklists towards whitelists.


I think we agreed all to look at desirable behaviour, but cover this elsewhere. This is what is covered in the “Our Pledge” section at the end. I just have not gotten round to write this yet as it is a lot more complex. When this was discussed, I thought we decided to keep the desirable behaviour out of the CoC as otherwise people may get the impression that if they come across as for example unfriendly, there may be consequences.  


    > # Unacceptable Behavior

    > Harassment will not be tolerated in the Xen Project Community in any form,

    > including but not limited to harassment based on gender, gender identity and

    > _expression_, sexual orientation, disability, physical appearance, body size, race,

    > age, religion, ethnicity, nationality, level of experience, education, or

    > socio-economic status or any other status protected by laws in jurisdictions in

    > which community members are based. Harassment includes the use of abusive,

    > offensive or degrading language, intimidation, stalking, harassing photography

    > or recording, inappropriate physical contact, sexual imagery and unwelcome

    > sexual advances, requests for sexual favors, publishing others' private

    > information such as a physical or electronic address without explicit permission


    Picking one item at random:  would a conference-originated blacklist prohibition be appropriate for online open-source development?  E.g. if someone's email address were included in a xen-devel thread (on the cc line), without obtaining explicit permission, would that be unacceptable behavior for a Xen developer?  That could disqualify much of the current development community.


Again, the list is very similar to those in most other CoC’s. So, I think the answer is yes


    > Any report of harassment within the Xen Project community will be addressed

    > swiftly. Participants asked to stop any harassing behavior are expected to

    > comply immediately. Anyone who witnesses or is subjected to unacceptable

    > behavior should notify the Xen Project’s CoC team via conduct@xxxxxxxxxxxxxx.


    > # Consequences of Unacceptable Behavior

    > If a participant engages in harassing behavior, the Xen Project’s CoC team may

    > take any action it deems appropriate, ranging from issuance of a warning to the

    > offending individual to expulsion from the Xen Project community.


    This is an enforceable action in the physical world, e.g. conference event, but may be more difficult online.  As the existence of spam, bots, robocallers and cyberattack attribution forensics have shown, digital identity is not as clear cut as physical identity at a conference.   It may be better to look for precedent CoC legal clauses that were designed for online contexts.


    Let's assume that digital identity can be proven and a person can be expelled from the Xen Project community.  Would this action apply only to the person's digital identity at Company X, or also to their new digital identity at Company Y?  i.e. would behavior and enforcement be scoped to the individual, the company or both? 


    The "Acceptable Behavior" clause includes individual, company and nation-state in scope of governance.  If the "Unacceptable Behavior" clauses would lead to economic harm for a company, e.g. impacting a company's ability to ship a commercial release of  product with Xen Project components, would the company be given an opportunity to improve the behavior of their employee, within the employment context of their work in the collaborative, open-source development of Xen?  What would be due process for such improvement opportunity, in compliance with nation-state labor laws for employee termination?


    If the "Unacceptable Behavior" clauses would lead to blacklisting of a person's digital and physical identities from the online, collaborative, open-source development community of Xen, would this have a material impact on the ability of that human to find employment in any company or nation-state?  If so, would such a public employment blacklist be compliant with the labor laws of affected nation-states? 


    Would Xen-contributing companies be required to enforce the blacklist when hiring employees?  If so, would this create the appearance of a "cartel", a construct prohibited by some nation-states under antitrust law.  If not, would there be dis-incentives for a Xen-contributing company to hire someone who could not participate in the online, collaborative, open-source development community for Xen Project?


    Would these considerations influence a company which is selecting a global labor pool of hypervisor talent and open-source hypervisor for their commercial product?  Can we perform a comparative analysis of these scenarios for the proposed Xen Project CoC vs. other OSS hypervisors which compete with Xen?


    These are some example scenarios where a conference/event CoC may not be suitable.


In a nutshell: if for example I performed a series CoC violation that could lead me losing my job. For example, if I were to send sexually explicit material to another community member and that person reports it, and our CoC team verifies that indeed the material was sent from my laptop, I would expect that I could be expelled as community member.  However, in this case (and probably most cases) that I would also violate my employer’s policies governing appropriate workplace and could lose my job if the victim reported the issue to my employer.


The challenge for the project would be to communicate why a community member was expelled. In such a scenario:

  1. If we stay opaque there may be community pushback
  2. If we are transparent about the reasons that may lead to severe consequences for the person who committed a series CoC violation – primarily because of the public nature of the communication about the CoC violation

In any case, the fact that the text was based on an events CoC is in my view irrelevant, because the issues you outlined apply to every CoC out there. They are intrinsic to having a CoC.


There are very few examples of how projects would indeed handle violations. A good example is Django: see

* https://www.djangoproject.com/conduct/enforcement-manual/

* https://www.djangoproject.com/conduct/reporting/


I won’t be able to spend much time on this in the next two weeks, but I wanted to make my position clear, before we end up in a long discussion on detail which I think is not relevant to the specific text but to the fact that we introduce a CoC.


Best Regards







MirageOS-devel mailing list



Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.