Code of conduct


#1

Bonjour,

A few month ago @veronika.nad, @manhack, @jpfoegle, @Beatrice, @heartsucker and myself discussed the kind of code of conduct we would like. We did not finish the conversation but I there was some kind of consensus on the fact that the OpenStack code of conduct had elements that mattered to us at the time.

As our community grows, I would like to resume this conversation and propose the following adaptation for discussion.

What do you think?


The SecureDrop community members strive to:

  • Be friendly, patient and welcoming. We strive to be a community that welcomes and supports people of all backgrounds and identities. This includes, but is not limited to, members of any race, ethnicity, culture, national origin, colour, immigration status, social and economic class, educational level, sex, sexual orientation, gender identity and expression, age, size, family status, political belief, religion and mental and physical ability.
  • Be considerate. Our work will be used by other people, and we in turn will depend on the work of others. Any decision we take will affect users and colleagues, and we should take those consequences into account when making decisions. Remember that we’re a world-wide community and we have a global base of users and of contributors. Even if it’s not obvious at the time, our contributions to projects managed by the SecureDrop Community will impact the work of others.
  • Be respectful. Not all of us will agree all the time, but disagreement is no excuse for poor behavior and poor manners. We might all experience some frustration now and then, but we cannot allow that frustration to turn into a personal attack. It’s important to remember that a community where people feel uncomfortable or threatened is not a productive one. Members of the community should be respectful when dealing with other contributors as well as with people outside of the community and with users of the projects managed by the SecureDrop Community.
  • Collaborate openly. Collaboration is central to projects managed by the SecureDrop Community and to the larger free software community. This collaboration involves individuals working within teams, cross-project collaboration within the SecureDrop Community and working with other projects outside of the SecureDrop Community. This collaboration reduces redundancy, and improves the quality of our work. Internally and externally, we should always be open to collaboration. Wherever possible, we should work closely with upstream and downstream projects and others in the free software community to coordinate our technical, advocacy, documentation and other work. Our work should be done transparently and we should involve as many interested parties as early as possible. If we decide to take a different approach than others, we will let them know early, document our work and inform others regularly of our progress. We do not create private forms of communication that take away transparency or exclude other contributors and collaborators.
  • When we disagree, try to understand why. Disagreements, both social and technical, happen all the time and the SecureDrop Community is no exception. It is important that we resolve disagreements and differing views constructively. Remember that we’re different. The strength of the SecureDrop Community comes from people with a wide range of backgrounds. Different people have different perspectives on issues. Being unable to understand why someone holds a viewpoint doesn’t mean that they’re wrong. Focus on helping to resolve issues and learning from mistakes. It is important that we resolve disagreements and differing views constructively and with the help of the community and community processes. When our goals differ dramatically, we encourage the creation of alternative implementations, so that the community can test new ideas and contribute to the discussion.
  • When we are unsure, we ask for help. Nobody knows everything, and nobody is expected to be perfect in the SecureDrop Community. Asking questions avoids many problems down the road, and so questions are encouraged. Those who are asked questions should be responsive and helpful. However, when asking a question, care must be taken to do so in an appropriate forum.

We take the following very seriously, and any violations may impact your ability to participate in the SecureDrop Community

  • Be careful with your words and actions. Do not insult or put down other participants. Harassment and other exclusionary behavior is not acceptable and should be reported. This includes but is not limited to:
    • Violent threats or language directed against another person.
    • Discriminatory jokes and language.
    • Posting sexually suggestive, explicit or violent material.
    • Posting (or threatening to post) other people’s personally identifying information (“doxing”).
    • Personal insults, especially those using racist or sexist terms.
    • Unwelcome sexual attention.
    • Advocating for, or encouraging, any of the above behavior.
    • Repeated harassment of others. In general, if someone asks you to stop, then stop.
  • Respect the decision process. Members of the SecureDrop community should not attempt to manipulate decisons based on consensus or election results. Open debate is welcome, but vote trading, ballot stuffing and other forms of abuse are not acceptable.

Update May 9th, 2018: I incorrectly implied the CoC of the SecureDrop community was discussed among the people above. I should have said that the discussion about the CoC was in the context of creating a non profit that did not happen after all. There was no previous private discussions about the CoC applied to the SecureDrop community among the people cited above.


Code of Conduct, creation and collaboration
Call for Vote: Should the SecureDrop Community have a Code of Conduct?
SecureDrop Community contact persons
FPF code of conduct
SecureDrop.club home page
SecureDrop Community contact platform: Loïc Dachary
The step too far
The step too far
Code of Conduct, creation and collaboration
Code of Conduct, creation and collaboration
#2

For the record The problem with the Code of Conduct advocate against CoC.


#3

Just for the record, the person who made that counter point against having a CoC is a rape apologist (and I don’t say that lightly). I would not take their stance against CoC’s even remotely seriously. Also, I know the person who wrote the CryptoParty Berlin CoC, and I think they are extremely levelheaded and considerate, so specifically writing and complaining about that seems even more ridiculous.

That said, we should include Emmanuel because I know they are working on this already. This actually came up in an email with them thread recently.

As mentioned before, I think the Rust CoC is something we should model after because it is very clear and precise about what behavior is or is not acceptable. For example:

The SecureDrop community members strive to:

“Strive to” sounds like it’s a recommendation. It’s not. The behavior expected of the community has some MUSTs and MUST NOTs, and I think the language needs to properly reflect that.


#4

Tor made their CoC public today: https://gitweb.torproject.org/community/policies.git/tree/code_of_conduct.txt

It is supplemented by a statement of values: https://gitweb.torproject.org/community/policies.git/tree/statement_of_values.txt

I think these are quite good and should also be emulated in our CoC.


#5

Cross linking to the github issue on the SD repo: https://github.com/freedomofpress/securedrop/issues/3251


#6

I have two problems with the Rust CoC:

  • It is relatively recent compared to the OpenStack CoC and I think CoC with years of practice are valuable. The OpenStack CoC has a lot in common with the Debian Code of Conduct and a dozen others. The points it contains meet the agreement of a large number of people who built communities that are sustainable. In my opinion it counts for something.
  • It does not contain points that matter to me such as: Collaborate openly, When we disagree, try to understand why and When we are unsure, we ask for help. Nor does it mention patient which is a quality of importance when disputes arise.

I have the same reservations with the newly published Tor CoC.

Please don’t get me wrong: both the Tor and the Rust CoC are absolutely fine with me. I would feel safer in these communities knowing they are enforced. Only I have a preference for a CoC that leverages years of experience in communities I know.

I would like to emphasize that I personally think having a CoC is a useful thing. It came to my attention that some people think otherwise and I believe their opinion should be heard … in accordance to the CoC we’re proposing :wink: However, if nobody want to speak against CoC, I’m also fine with that.


#7

Should we agree on a CoC (whatever this particular CoC contains), we should also designate people in the SecureDrop Community who are trusted to handle violations in ways that allows us to move forward. One remarkable counter example I experienced first hand is the Mediawiki Code of Conduct. I have been summarily rejected, punished and treated with contempt by contributors as well as people tasked to enforce the CoC. I have a few other in mind.

I believe the people trusted to uphold the CoC are also trusted to address endemic problems in how it is used. Enforcing the CoC on a case by case basis is relatively easy compared to this responsibility. And yes, it also means that if we, as a community, place our trust in people who fail to deliver, we may be doomed. But that’s a risk I’m willing to take.

After studying the Staff response procedure and taking into consideration that we’re a community of a few dozen individual and no hierarchical structure, we could propose a procedure like:

  • Send encrypted email to X and Y describing the situation
  • You will receive an answer within 24h
  • A ruling will be made when X or Y have all the information they need
  • The ruling will be sent to you (in public if necessary) as well as the other people involved. It will include a clear and detailed rationale.

What strikes me as missing in all procedures I was able to find is the lack of rationale in the ruling. If we establish a kind of judicial process, ruling is not enough. The parties involved and the general public if needed, must be able to understand why the decision was made


#8

3 posts were split to a new topic: FPF code of conduct


#10

I actually think that recent is inherently better as they tend to take a more focused stance on what is an is not acceptable. I feel like old CoC’s are often “just be excellent to each other and all work together.” CoC’s, in my opinion, are more guards against the failure cases rather than promotions of the success cases of the community.

It does not contain points that matter to me such as

And that’s fair. We can obviously include things like that, but what I like about the Rust CoC is that it specifically names a number of unacceptable behaviors. What I like about the Tor CoC is it leaves wiggle room by saying that upholding the letter of the CoC without upholding the spirit is still grounds for reprimand or sanctions.


#11

What behaviors are listed there and not in the OpenStack CoC?


#12

https://www.contributor-covenant.org/

A Code of Conduct for Open Source Projects

Open Source has always been a foundation of the Internet, and with the advent of social open source networks this is more true than ever. But free, libre, and open source projects suffer from a startling lack of diversity, with dramatically low representation by women, people of color, and other marginalized populations.


#13

Documentation foundation relies heavily on their manifesto and have a very short CoC. I had long discussions with their community manager and they said the foundation employees spend time daily reading all communication (mail, forums, etc.). They detect tension and often engage in verbal communication with people frustrated or aggressive to find ways to communicate better. Reason why they so rarely need to resort to the code of conduct.


#14

To summarize the discussions of these past ten days and my own thoughts on the topic:

  • About the content of the CoC, I no longer feel it is important that it contains the language I advocated for and I’d be happy to use the Rust CoC proposed by @heartsucker, modified in the most minimal way.

  • About the enforcement of the CoC, I strongly feel that the SecureDrop Community needs the following.

    • Send encrypted email to X and Y describing the situation
    • You will receive an answer within 24h
    • A ruling will be made when X or Y have all the information they need
    • The ruling will be sent to you (in public if necessary) as well as the other people involved. It will include a clear and detailed rationale.

    Going into procedural details, explicitly listing potential punishment etc. is not only necessary but potentially harmful because it turns the process into a bureaucratic nightmare that no volunteer in his right mind can deal with. It is also very important that the rationale for the decision is clearly articulated otherwise the people who rule may not realize they are biased; and the people who are targeted by the ruling may have no way to understand the ruling.

  • Defusing tension is an on-going effort that is much more important than the CoC. If tension builds slowly between individuals over a long period, the CoC will only marginally help. We are still a relatively small community with a few dozen individuals and it is fairly easy for someone to read all communications and be aware when a discussion starts to go sideways. In larger communities such as LibreOffice, it takes a few dedicated individuals, up to two hours a day to do the same. But the end result is a friendly community (I’ve experienced that first hand). What I would not want is a permanently tense community despite an elaborated CoC and hierarchy such as mediawiki. As it turns out, I currently read all mail/chat/forum/issues/comments around SecureDrop and I’d be happy to assist if there is tension. I don’t think these roles can be formalized but people who volunteer should be easy to identify.

  • The scope of the CoC is limited to the SecureDrop Community. It should be published or advertised on the website ruled by the SecureDrop Community, together with the list of people who are trusted by the SecureDrop Community to enforce it. It applies when an individual or an organization claims to belong to the SecureDrop Community. It does not apply to individuals or organizations who modify, use or distribute the SecureDrop codebase.


#15

You say it with such ease as to forego proof.

What do you mean, and why?

Edit:

The SecureDrop community members strive to:

How would you substantiate this change, and would “strive to”, replace “must” in so doing?


#16

There’s probably a better source with more detail (like her twitter), but here’s at least one.

Last week, Marie Gutbub, a longtime Tor Project volunteer and a former romantic partner of Appelbaum’s, announced she was quitting Tor in an email in which she accused Steele of “purging” those within the Tor community who signed an open letter in support of Appelbaum — and claimed to speak for many others.

Source.


#17

Having read even the open letter https://web.archive.org/web/20171201000000*/ourresponse.org
I don’t see “rape apologist” substantiated, failing to see how what you posted from Buzzfeed serves as proof of your claim.
Could you clear up this matter?


#18

Reading this sentence gives me an uneasy feeling. IMHO another wording would convey the same meaning (for instance “Is this your personal opinion or do you have proof?”) without implying @heartsucker state of mind (I am referring to the words “with such ease”).

I also get the feeling that when @heartsucker wrote “the person who made that counter point against having a CoC is a rape apologist”, the conversation went closer to the godwin point.

This is somewhat amusing given that we’re precisely discussing CoC and the benefits of having civil conversations and friendly relationships in a community :wink:

I propose to go back to our own opinions about CoC I agree with @heartsucker on the benefits of having a CoC as well as the content he proposes. I also stated my opinion about the context, enforcement and addressing tension on an ongoing basis and would be very interested to hear yours.

P.S. We also had a friendly debate about these points during the last engineering meeting with @edenemmanuel


#19

Jake Appelbaum is most certainly an abuser (see so many stories), and defending him makes one a rape apologist. The author of that post (the same one cited in the article) has publicly many times defended him.

I actually thought was a perfectly fair way to phrase that, and I think the tone was appropriate in the sense that unsubstantiated claims do need to be backed up. Maybe I’m too deep in this stuff to remember what is or is not common knowledge.


#20

Bonjour,

It looks like the discussion is mostly over and we did not reach a conclusion but only three of us got a chance to express our opinions and ideas. If I had to guess why that is I would say:

  • We’re still a small community :wink:
  • The discussion was controversial and this is not very inviting

On the positive side it helped clarify a few things about CoC. A thread about the content of the CoC (not including the enforcement part) reached consensus and we should have that ready soon.

The next step will be to call for volunteers tasked to listen and defuse tension. IMHO this is the most important role to preserve a safe environment. And it also is something we all agree on.

Cheers


#21

There is a sleight of hand here, from alleging someone is an abuser, to the defense of said persons other characteristics, to necessitate defense of said abuse. To that claim you have produced no proof. Critiquing said defense on its own merits is another matter, and unless you can find proof to support your claims, what you have engaged in is libelous defamation.

You further dismissed a critique of CoCs on account of stemming from the person you deemed to be a rape apologist. This is an attack of character.

Failing to demonstrate why, implying a conflict of interest on part of said person, even guilty as far as you are concerned, one would think there is some sort of causal connection between sexual misconduct and instating a CoC.

Not a chain of command and handling of information, but the very implicit nature of policing people, where the law is already clear. Splitting it up and starting out by instating ones ideal without the enforcement. That it stems from a select few integral developers, and pertains to be for the community, really begs the question of who it represents, and for what reasons.

They are not mine, and as an irrelevant contributor, i respect your meritocratic authority to enforce it, but don’t hide it from me in plain sight.

The reason it is not something I, or I imagine others, are too happy to get into, is because it seems sanctimonious. You are one of very few people, to discuss such matters privately.
I understand it is not in effect still, but as such a person, I will still hold you to it.

I don’t humor myself at the expense of others. Though I read to your benefit, and peril, a total galvanic arbitration between the two.

Central to the point of Collaborate openly. In doing so, we already get the pre-agreed text to deal with, and in the very thread that discusses its content, another human is being a rape apologist, twice.

As it should. I fail to see what backing it has, what relevancy it has to the discussion, and in particular the quality of it.

I gave you the opportunity to not double down. Entertain the idea that I know exactly what you know about what isn’t public knowledge, then defend your position as if i didn’t.

The SecureDrop community members strive to:

Be friendly, patient and welcoming. We strive to be a community that welcomes and supports people of all backgrounds and identities.
This includes, but is not limited to, members of any race, ethnicity, culture, national origin, colour, immigration status, social and economic class, educational level, sex, sexual orientation, gender identity and expression, age, size, family status, political belief, religion and mental and physical ability.
Be considerate.
Our work will be used by other people, and we in turn will depend on the work of others.
Any decision we take will affect users and colleagues, and we should take those consequences into account when making decisions.
Remember that we’re a world-wide community and we have a global base of users and of contributors.
Even if it’s not obvious at the time, our contributions to projects managed by the SecureDrop Community will impact the work of others.

This is redundant to law. The effect of stating any of this, even the innocuous bits, at length unrelated to any examples or situation, I have seen no positive effects of. It is a burden to read, which is a small concern compared to my main critique of it.
What bringing out groups of suggested abuse does, is forever target individuals of these descriptions, some involuntary held. Nobody is the same when that is done, instead it serves a reminder of how people are different, irrelevantly so to having a good community.

Which outside of being redudant to law, begs the question of why this needs to even be stated.
Is anyone confused to the nature of this community having a policy of being, segregationist, fascist, or exlusionary in a manner of other ways. Has it then been a problem to the point it needs pointing out? If you need a notice to say the knives have to be locked in, you don’t have a home, you have an institution.

Some people belong in those, and not in a community that welcomes any mental ability. It is a technical point, that no criminal psychopath will be thwarted by, but nontheless goes to show the fundamental belief in a CoC as an instrument of changing behaviour. It is a false security, because it lacks empathy with people one ought to not feel sympathy for. The two are often openly conflated in CoCs.

Be respectful.
Not all of us will agree all the time, but disagreement is no excuse for poor behavior and poor manners.
We might all experience some frustration now and then, but we cannot allow that frustration to turn into a personal attack. It’s important to remember that a community where people feel uncomfortable or threatened is not a productive one.
Members of the community should be respectful when dealing with other contributors as well as with people outside of the community and with users of the projects managed by the SecureDrop Community.

This is a quote from the person that tried to mount a critique of CoCs, from that very text. Which it is somehow “perfectly fair” to call a rape apologist.

I am not comfortable with what I deem to be a personal attack.

Collaborate openly.
Collaboration is central to projects managed by the SecureDrop Community and to the larger free software community.
This collaboration involves individuals working within teams, cross-project collaboration within the SecureDrop Community and working with other projects outside of the SecureDrop Community.
This collaboration reduces redundancy, and improves the quality of our work.
Internally and externally, we should always be open to collaboration.
Wherever possible, we should work closely with upstream and downstream projects and others in the free software community to coordinate our technical, advocacy, documentation and other work.
Our work should be done transparently and we should involve as many interested parties as early as possible.
If we decide to take a different approach than others, we will let them know early, document our work and inform others regularly of our progress.
We do not create private forms of communication that take away transparency or exclude other contributors and collaborators.

In the vein of openness, I have invited that girl to the community, and I tried as best I could to do so. In the sense that this section described procedure, fine, but that is not conduct, and thus belongs in a different place.

In my view, it falls on me to defend said girl, for my own ideas of morality. It could be included as a point to ask of community members to do so, so not as to escalate through people that have additional power.

When we disagree, try to understand why.

Disagreements, both social and technical, happen all the time and the SecureDrop Community is no exception. It is important that we resolve disagreements and differing views constructively. Remember that we’re different.
The strength of the SecureDrop Community comes from people with a wide range of backgrounds. Different people have different perspectives on issues.
Being unable to understand why someone holds a viewpoint doesn’t mean that they’re wrong. Focus on helping to resolve issues and learning from mistakes.
It is important that we resolve disagreements and differing views constructively and with the help of the community and community processes.
When our goals differ dramatically, we encourage the creation of alternative implementations, so that the community can test new ideas and contribute to the discussion.

To instead start with Evelyn Beatrice Hall of Voltaires tolerance “I wholly disapprove of what you say and will defend to the death your right to say it.”, framing this in a manner, gives an understanding of where disagreements stem from, and what they are.

When we are unsure, we ask for help. Nobody knows everything, and nobody is expected to be perfect in the SecureDrop Community.
Asking questions avoids many problems down the road, and so questions are encouraged. Those who are asked questions should be responsive and helpful.
However, when asking a question, care must be taken to do so in an appropriate forum.

Is one obliged to answer in a constructive manner, and is this logically consistent with all mental abilities? Should you try to answer questions in a manner people would know to ask if they possessed your knowledge?

Dodging questions and ducking debate is in my opinion a sign of weak character.

We take the following very seriously, and any violations may impact your ability to participate in the SecureDrop Community

Because that is the way it works in being a community, or because you will be excluded from it if not? What constitutes a violation?

Be careful with your words and actions. Do not insult or put down other participants. Harassment and other exclusionary behavior is not acceptable and should be reported.
This includes but is not limited to:

Exclusion by exclusion is not compatible with inclusion. When you remove context, and listen to one side, it throws due process out.

Violent threats or language directed against another person.
Discriminatory jokes and language.
Posting sexually suggestive, explicit or violent material.

So sexuality is deemed immoral or unwanted now is it? How humane is that?
For a community that deals in whistleblowing, violent material is bound to come up sooner or later.

In what context it is used, and with what discretion, is relevant. It’s nature isn’t.

Posting (or threatening to post) other people’s personally identifying information (“doxing”).
Personal insults, especially those using racist or sexist terms.

I can’t help but feel condescended upon by a being of greater virtue.
If you treat people as children, they behave as children.
To any adult, intent matters.
You can’t detail a system of social interaction in writing, it is far too complex, and policing it with infractions of no feedback-loops, is a de-facto police state.

    Unwelcome sexual attention.

This is not how sexual attraction works, which in no way is an excuse of sexual abuse.

    Advocating for, or encouraging, any of the above behavior.

So if I tell someone they should for try their luck with a potential mate, and the first and only occurrence is deemed unwanted, I am now in the wrong. Guilt by association, and removal of agency. It doesn’t get better because it sounds better.

Repeated harassment of others. In general, if someone asks you to stop, then stop.

The first, not exhaustive nor conclusive, occurrence of harassment is blowing past the first “stop”.
The word “repeated” is used to no great result here.

Respect the decision process.

Members of the SecureDrop community should not attempt to manipulate decisons based on consensus or election results.
Open debate is welcome, but vote trading, ballot stuffing and other forms of abuse are not acceptable.

This is an appeal to?

This is an appeal to said implied authority.

Who are we, and what makes you so sure this naturally follows? I only know of one non-sequitur there, and it is alarming.

I feel like the older CoCs belong to the mafia and the catholic church, and that their totalitarian and moralizing nature carries over. To some degree the samurai honour code applies to the description of being an old CoC.

Why?

I will make no attempt to read into this what ellipsis and winks adds. Would you be fine instating it if nobody appeared to speak out against it?

What does this mean, and what does it point to?

The only thing I can find is

That sounds nice, but who decides that?
If you have to read into it things that you should just understand, is it not redundant to culture?
The initiated need no confirmation, and the uninitiated are none the wiser.