3 posts were split to a new topic: FPF code of conduct
I actually think that recent is inherently better as they tend to take a more focused stance on what is an is not acceptable. I feel like old CoC’s are often “just be excellent to each other and all work together.” CoC’s, in my opinion, are more guards against the failure cases rather than promotions of the success cases of the community.
It does not contain points that matter to me such as
And that’s fair. We can obviously include things like that, but what I like about the Rust CoC is that it specifically names a number of unacceptable behaviors. What I like about the Tor CoC is it leaves wiggle room by saying that upholding the letter of the CoC without upholding the spirit is still grounds for reprimand or sanctions.
What behaviors are listed there and not in the OpenStack CoC?
https://www.contributor-covenant.org/
A Code of Conduct for Open Source Projects
Open Source has always been a foundation of the Internet, and with the advent of social open source networks this is more true than ever. But free, libre, and open source projects suffer from a startling lack of diversity, with dramatically low representation by women, people of color, and other marginalized populations.
Documentation foundation relies heavily on their manifesto and have a very short CoC. I had long discussions with their community manager and they said the foundation employees spend time daily reading all communication (mail, forums, etc.). They detect tension and often engage in verbal communication with people frustrated or aggressive to find ways to communicate better. Reason why they so rarely need to resort to the code of conduct.
To summarize the discussions of these past ten days and my own thoughts on the topic:
-
About the content of the CoC, I no longer feel it is important that it contains the language I advocated for and I’d be happy to use the Rust CoC proposed by @heartsucker, modified in the most minimal way.
-
About the enforcement of the CoC, I strongly feel that the SecureDrop Community needs the following.
- Send encrypted email to X and Y describing the situation
- You will receive an answer within 24h
- A ruling will be made when X or Y have all the information they need
- The ruling will be sent to you (in public if necessary) as well as the other people involved. It will include a clear and detailed rationale.
Going into procedural details, explicitly listing potential punishment etc. is not only necessary but potentially harmful because it turns the process into a bureaucratic nightmare that no volunteer in his right mind can deal with. It is also very important that the rationale for the decision is clearly articulated otherwise the people who rule may not realize they are biased; and the people who are targeted by the ruling may have no way to understand the ruling.
-
Defusing tension is an on-going effort that is much more important than the CoC. If tension builds slowly between individuals over a long period, the CoC will only marginally help. We are still a relatively small community with a few dozen individuals and it is fairly easy for someone to read all communications and be aware when a discussion starts to go sideways. In larger communities such as LibreOffice, it takes a few dedicated individuals, up to two hours a day to do the same. But the end result is a friendly community (I’ve experienced that first hand). What I would not want is a permanently tense community despite an elaborated CoC and hierarchy such as mediawiki. As it turns out, I currently read all mail/chat/forum/issues/comments around SecureDrop and I’d be happy to assist if there is tension. I don’t think these roles can be formalized but people who volunteer should be easy to identify.
-
The scope of the CoC is limited to the SecureDrop Community. It should be published or advertised on the website ruled by the SecureDrop Community, together with the list of people who are trusted by the SecureDrop Community to enforce it. It applies when an individual or an organization claims to belong to the SecureDrop Community. It does not apply to individuals or organizations who modify, use or distribute the SecureDrop codebase.
You say it with such ease as to forego proof.
What do you mean, and why?
Edit:
The SecureDrop community members strive to:
How would you substantiate this change, and would “strive to”, replace “must” in so doing?
There’s probably a better source with more detail (like her twitter), but here’s at least one.
Last week, Marie Gutbub, a longtime Tor Project volunteer and a former romantic partner of Appelbaum’s, announced she was quitting Tor in an email in which she accused Steele of “purging” those within the Tor community who signed an open letter in support of Appelbaum — and claimed to speak for many others.
Having read even the open letter https://web.archive.org/web/20171201000000*/ourresponse.org
I don’t see “rape apologist” substantiated, failing to see how what you posted from Buzzfeed serves as proof of your claim.
Could you clear up this matter?
Reading this sentence gives me an uneasy feeling. IMHO another wording would convey the same meaning (for instance “Is this your personal opinion or do you have proof?”) without implying @heartsucker state of mind (I am referring to the words “with such ease”).
I also get the feeling that when @heartsucker wrote “the person who made that counter point against having a CoC is a rape apologist”, the conversation went closer to the godwin point.
This is somewhat amusing given that we’re precisely discussing CoC and the benefits of having civil conversations and friendly relationships in a community 
I propose to go back to our own opinions about CoC I agree with @heartsucker on the benefits of having a CoC as well as the content he proposes. I also stated my opinion about the context, enforcement and addressing tension on an ongoing basis and would be very interested to hear yours.
P.S. We also had a friendly debate about these points during the last engineering meeting with @edenemmanuel
Jake Appelbaum is most certainly an abuser (see so many stories), and defending him makes one a rape apologist. The author of that post (the same one cited in the article) has publicly many times defended him.
I actually thought was a perfectly fair way to phrase that, and I think the tone was appropriate in the sense that unsubstantiated claims do need to be backed up. Maybe I’m too deep in this stuff to remember what is or is not common knowledge.
Bonjour,
It looks like the discussion is mostly over and we did not reach a conclusion but only three of us got a chance to express our opinions and ideas. If I had to guess why that is I would say:
- We’re still a small community
- The discussion was controversial and this is not very inviting
On the positive side it helped clarify a few things about CoC. A thread about the content of the CoC (not including the enforcement part) reached consensus and we should have that ready soon.
The next step will be to call for volunteers tasked to listen and defuse tension. IMHO this is the most important role to preserve a safe environment. And it also is something we all agree on.
Cheers
There is a sleight of hand here, from alleging someone is an abuser, to the defense of said persons other characteristics, to necessitate defense of said abuse. To that claim you have produced no proof. Critiquing said defense on its own merits is another matter, and unless you can find proof to support your claims, what you have engaged in is libelous defamation.
You further dismissed a critique of CoCs on account of stemming from the person you deemed to be a rape apologist. This is an attack of character.
Failing to demonstrate why, implying a conflict of interest on part of said person, even guilty as far as you are concerned, one would think there is some sort of causal connection between sexual misconduct and instating a CoC.
Not a chain of command and handling of information, but the very implicit nature of policing people, where the law is already clear. Splitting it up and starting out by instating ones ideal without the enforcement. That it stems from a select few integral developers, and pertains to be for the community, really begs the question of who it represents, and for what reasons.
They are not mine, and as an irrelevant contributor, i respect your meritocratic authority to enforce it, but don’t hide it from me in plain sight.
The reason it is not something I, or I imagine others, are too happy to get into, is because it seems sanctimonious. You are one of very few people, to discuss such matters privately.
I understand it is not in effect still, but as such a person, I will still hold you to it.
I don’t humor myself at the expense of others. Though I read to your benefit, and peril, a total galvanic arbitration between the two.
Central to the point of Collaborate openly. In doing so, we already get the pre-agreed text to deal with, and in the very thread that discusses its content, another human is being a rape apologist, twice.
As it should. I fail to see what backing it has, what relevancy it has to the discussion, and in particular the quality of it.
I gave you the opportunity to not double down. Entertain the idea that I know exactly what you know about what isn’t public knowledge, then defend your position as if i didn’t.
The SecureDrop community members strive to:
Be friendly, patient and welcoming. We strive to be a community that welcomes and supports people of all backgrounds and identities.
This includes, but is not limited to, members of any race, ethnicity, culture, national origin, colour, immigration status, social and economic class, educational level, sex, sexual orientation, gender identity and expression, age, size, family status, political belief, religion and mental and physical ability.
Be considerate.
Our work will be used by other people, and we in turn will depend on the work of others.
Any decision we take will affect users and colleagues, and we should take those consequences into account when making decisions.
Remember that we’re a world-wide community and we have a global base of users and of contributors.
Even if it’s not obvious at the time, our contributions to projects managed by the SecureDrop Community will impact the work of others.
This is redundant to law. The effect of stating any of this, even the innocuous bits, at length unrelated to any examples or situation, I have seen no positive effects of. It is a burden to read, which is a small concern compared to my main critique of it.
What bringing out groups of suggested abuse does, is forever target individuals of these descriptions, some involuntary held. Nobody is the same when that is done, instead it serves a reminder of how people are different, irrelevantly so to having a good community.
Which outside of being redudant to law, begs the question of why this needs to even be stated.
Is anyone confused to the nature of this community having a policy of being, segregationist, fascist, or exlusionary in a manner of other ways. Has it then been a problem to the point it needs pointing out? If you need a notice to say the knives have to be locked in, you don’t have a home, you have an institution.
Some people belong in those, and not in a community that welcomes any mental ability. It is a technical point, that no criminal psychopath will be thwarted by, but nontheless goes to show the fundamental belief in a CoC as an instrument of changing behaviour. It is a false security, because it lacks empathy with people one ought to not feel sympathy for. The two are often openly conflated in CoCs.
Be respectful.
Not all of us will agree all the time, but disagreement is no excuse for poor behavior and poor manners.
We might all experience some frustration now and then, but we cannot allow that frustration to turn into a personal attack. It’s important to remember that a community where people feel uncomfortable or threatened is not a productive one.
Members of the community should be respectful when dealing with other contributors as well as with people outside of the community and with users of the projects managed by the SecureDrop Community.
This is a quote from the person that tried to mount a critique of CoCs, from that very text. Which it is somehow “perfectly fair” to call a rape apologist.
I am not comfortable with what I deem to be a personal attack.
Collaborate openly.
Collaboration is central to projects managed by the SecureDrop Community and to the larger free software community.
This collaboration involves individuals working within teams, cross-project collaboration within the SecureDrop Community and working with other projects outside of the SecureDrop Community.
This collaboration reduces redundancy, and improves the quality of our work.
Internally and externally, we should always be open to collaboration.
Wherever possible, we should work closely with upstream and downstream projects and others in the free software community to coordinate our technical, advocacy, documentation and other work.
Our work should be done transparently and we should involve as many interested parties as early as possible.
If we decide to take a different approach than others, we will let them know early, document our work and inform others regularly of our progress.
We do not create private forms of communication that take away transparency or exclude other contributors and collaborators.
In the vein of openness, I have invited that girl to the community, and I tried as best I could to do so. In the sense that this section described procedure, fine, but that is not conduct, and thus belongs in a different place.
In my view, it falls on me to defend said girl, for my own ideas of morality. It could be included as a point to ask of community members to do so, so not as to escalate through people that have additional power.
When we disagree, try to understand why.Disagreements, both social and technical, happen all the time and the SecureDrop Community is no exception. It is important that we resolve disagreements and differing views constructively. Remember that we’re different.
The strength of the SecureDrop Community comes from people with a wide range of backgrounds. Different people have different perspectives on issues.
Being unable to understand why someone holds a viewpoint doesn’t mean that they’re wrong. Focus on helping to resolve issues and learning from mistakes.
It is important that we resolve disagreements and differing views constructively and with the help of the community and community processes.
When our goals differ dramatically, we encourage the creation of alternative implementations, so that the community can test new ideas and contribute to the discussion.
To instead start with Evelyn Beatrice Hall of Voltaires tolerance “I wholly disapprove of what you say and will defend to the death your right to say it.”, framing this in a manner, gives an understanding of where disagreements stem from, and what they are.
When we are unsure, we ask for help. Nobody knows everything, and nobody is expected to be perfect in the SecureDrop Community.
Asking questions avoids many problems down the road, and so questions are encouraged. Those who are asked questions should be responsive and helpful.
However, when asking a question, care must be taken to do so in an appropriate forum.
Is one obliged to answer in a constructive manner, and is this logically consistent with all mental abilities? Should you try to answer questions in a manner people would know to ask if they possessed your knowledge?
Dodging questions and ducking debate is in my opinion a sign of weak character.
We take the following very seriously, and any violations may impact your ability to participate in the SecureDrop Community
Because that is the way it works in being a community, or because you will be excluded from it if not? What constitutes a violation?
Be careful with your words and actions. Do not insult or put down other participants. Harassment and other exclusionary behavior is not acceptable and should be reported.
This includes but is not limited to:
Exclusion by exclusion is not compatible with inclusion. When you remove context, and listen to one side, it throws due process out.
Violent threats or language directed against another person.
Discriminatory jokes and language.
Posting sexually suggestive, explicit or violent material.
So sexuality is deemed immoral or unwanted now is it? How humane is that?
For a community that deals in whistleblowing, violent material is bound to come up sooner or later.
In what context it is used, and with what discretion, is relevant. It’s nature isn’t.
Posting (or threatening to post) other people’s personally identifying information (“doxing”).
Personal insults, especially those using racist or sexist terms.
I can’t help but feel condescended upon by a being of greater virtue.
If you treat people as children, they behave as children.
To any adult, intent matters.
You can’t detail a system of social interaction in writing, it is far too complex, and policing it with infractions of no feedback-loops, is a de-facto police state.
Unwelcome sexual attention.
This is not how sexual attraction works, which in no way is an excuse of sexual abuse.
Advocating for, or encouraging, any of the above behavior.
So if I tell someone they should for try their luck with a potential mate, and the first and only occurrence is deemed unwanted, I am now in the wrong. Guilt by association, and removal of agency. It doesn’t get better because it sounds better.
Repeated harassment of others. In general, if someone asks you to stop, then stop.
The first, not exhaustive nor conclusive, occurrence of harassment is blowing past the first “stop”.
The word “repeated” is used to no great result here.
Respect the decision process.Members of the SecureDrop community should not attempt to manipulate decisons based on consensus or election results.
Open debate is welcome, but vote trading, ballot stuffing and other forms of abuse are not acceptable.
↓
This is an appeal to?
This is an appeal to said implied authority.
Who are we, and what makes you so sure this naturally follows? I only know of one non-sequitur there, and it is alarming.
I feel like the older CoCs belong to the mafia and the catholic church, and that their totalitarian and moralizing nature carries over. To some degree the samurai honour code applies to the description of being an old CoC.
Why?
I will make no attempt to read into this what ellipsis and winks adds. Would you be fine instating it if nobody appeared to speak out against it?
What does this mean, and what does it point to?
The only thing I can find is
That sounds nice, but who decides that?
If you have to read into it things that you should just understand, is it not redundant to culture?
The initiated need no confirmation, and the uninitiated are none the wiser.
To summarize the discussions of these past weeks and my own thoughts on the topic (this is an updated version of a previous summary from last month):
-
On having a CoC or not, I think it is useful and the SecureDrop Community needs one. Its existence is a message to newcomers telling them there is an active effort to make them feel safe. The absence of Code of Conduct conveys the opposite message.
-
About the content of the CoC, I do not feel the wording is important as long as the spirit is good and the content Emmanuel and Heartsucker worked on look fine to me.
-
About the enforcement of the CoC, I think that the SecureDrop Community needs the following procedure:
- Send encrypted email to X and Y describing the situation
- You will receive an answer within 24h
- A ruling will be made when X or Y have all the information they need
- The ruling will be sent to you (in public if necessary) as well as the other people involved. It will include a clear and detailed rationale.
It only has four steps and leaves a lot to interpretation. But going into procedural details, explicitly listing potential punishment etc. is potentially harmful because it creates a bureaucratic process that very few volunteers can deal with. It is also very important that the rationale for the decision is clearly articulated otherwise the people who rule may not realize they are biased; and the people who are targeted by the ruling may have no way to understand it.
-
Defusing tension is an on-going effort that is more important than the CoC and member of the SecureDrop Community who do that should be easy to find and appreciated.
-
The scope of the CoC is limited to the SecureDrop Community. It should be published or advertised on the website ruled by the SecureDrop Community, together with the list of people who are trusted by the SecureDrop Community to enforce it. It applies when an individual or an organization claims to belong to the SecureDrop Community. It does not apply to individuals or organizations who modify, use or distribute the SecureDrop codebase.
You have not substantiated why it is useful, where it has been useful, or why the community here needs one. You have met my claims to the contrary wrt. its implementation with no evidence.
What “problems down the road” are avoided if asked questions go unanswered?
You will start as soon as the CoC that is so adamant about it is instated. No, I don’t believe it holds such powers. Either the proof is in the pudding of a thread discussing its merits, or it isn’t.
What a CoC isn’t, and how you defend it, is by way of detailing a way to escalate matters.
The difference in the wording of “strive to” and “must” matters, because there is total exclusion with a zero-tolerance policy at the other end of this.
Not having a CoC does not imply lawlessness, that is not the current CoC-less situation, nor is the proposed CoC not superficial to current laws. So general and common, they can actually be described in such a sweeping notion. The defence of having laws, or in place for appeasement does not make them good laws. So the need is different, but the false security is the same in that comparison. If internal morality is not sourced from god(s), how do you manage to put yourself higher?
Conflict resolution is not a code on how to conduct yourself. Nor would I argume, good people need any external motivation for. The beurocracy of which is best kept at a minimum, sure, the logical extension of your concern is none. I like the opt in nature of reporting for it, a tangible working cyberocracy, in addition to what is a meritocracy in outcome of the resulting non-social aspect of the project.
How do you see determination of trust, other than by action, content of presentation or popular vote? In trying to change how social hierarchies work, you must account for both truly good and truly bad people. This does neither.
It applies when an individual or an organization claims to belong to the SecureDrop Community.
Reserving membership as a admission of entry is beurocracy. This CoC never had a community backing. The current community exists without it, and claiming it sees no activity because the community is small, is evidence to the contrary of popularity when the community that does exist outside of people discussing it, is comparatively huge. Self-representation and voluntary alignment are community values, unrepresentative representation is not.
It does not apply to individuals or organizations who modify, use or distribute the SecureDrop codebase.
The only way we see eye to eye on community is not dictating it.
So the you effectively decided you needed this for yourself, representing by example, “new users” and
What happened to people representing themselves, before you came to their aid by deciding they were marginalized?
Your concern for the governance of marginalized people, is marginalizing. They are powerless to escape your labelling, and are also dehumanized in narrowing their views down to being those of their observed groups.
Pairing meaningful diversity to gender and race is a tacid way of pushing the word “suffering” in front of you. It is the concession to the very focus you put on it. Whereas the neutral retort would be consideration of merit having no bearing on any external factor, you are left defending what “un-diverse” people aren’t bringing to the table, or why you removed agency based on gender and race in choosing to join such efforts.
A culture doing something for one group, or that group engaging in the culture of doing something, is in no way evidence of exclusion of another.
Or, do you include yourself in the supposed marginalization you claimed on part of others, or do you part-take in it in the way you imply happening? In which case you will have to distance yourself in a meaningful way from me claiming I respectively am not marginalized, and do not marginalize. Because marginalization loses its meaning if everyone is marginalized. Though you could buy into the victim culture of intersectionality, in my view a culture of making victims and barriers of people on outside of supposed victimhood, on equal footing to discuss among themselves.
As an alternative to that, an equal opportunity structure owes nothing to society at large. In assuming equity of outcome, you are implying guilt, on part of SD. I want no part in that.
If I were to conflate the remains of your argument to one central tenant, it would be you see the social aspect of being in the SecureDrop community fully superficial to the making of SD in how the CoC applies.
To that I would say, if the actual work that goes into it, and the code is not, and can not be represented by this CoC, why should the people that make SD and its community?
(Curiously here, one is free to freely associate based on arbitrary reasons to the development of free software. The only groups I have known to do so are the very pushers of marginalization. Paradoxical irony on every level. Otoh, to your credit in being male, you are engaging in the otherwise female-dominated field of CoC advocacy and writing. Where the inherent irony of exhibiting the supposed underrepresentation of “women in tech” could not be more stark. Please interject that this is not a field or people in tech, and I stand corrected.)
I am btw. of no illusion that purely social things never help development.
Otherwise, the ease with which one decides to be a member, does not follow in the lines of an imposed ruleset to do so. There is no logical corollary, what you have instead is a open door leading to a barrier explained away by it. Quite the opposite…
I don’t want to be part of any community that dictates this way. It is not welcoming, and would in my opinion reflect badly on me if I did.
-
why it is useful: I think it is useful because it is visible to newcomers and is a sign an active effort is made to make them feel safe.
-
where it has been useful: I feel safer when entering a Free Software project that has a Code of Conduct instead of not, this is where it has been useful to me. To be specific, the OpenStack community is a particular Free Software project where I felt safer because it has a Code of Conduct. I have been involved in OpenStack as an employee and volunteer during about four years, contributing code as well as organizing community driven activities (yes, I can’t help it ;-).
-
why the community here needs one: I think that the absence of Code of Conduct may be interpreted as a sign that the community here does not make an effort to make everyone feel safe. There are other reasons I can think of but if there was only this one, I think it would be enough.
1 Like
You can signal safety by presenting yourself, no need to represent others, or impose anything on them. Just signaling virtue or the implication of effort, is not actual virtue, nor actual safety.
What would change about the OpenStack community if it didn’t have a code of conduct?
If you fear your fellow man to the point of needing an extra reassurance that law is in place, in a way that suggests it is superior to it, then what you are describing is not the fear of a free software project.
You are creating fear by giving in to the fearful idea that a CoC-less community is one that can not be seen to care. The idea that a community out to hurt anyone, could not also instate a CoC, is in line with antisocial behavior. The idea that someone might think something, is of a wishful sort.
If you can’t help it, nor can a CoC. I am glad your propensity isn’t community driven lynchings 
If you want to attract people such as yourself, remind yourself of how you got here without a CoC in place. Otherwise stand up to your wishes of having a CoC with your own need.
If you want to attract less central figures, such as myself, creating a community outwards, in which you can rise to the top by merit, let me be an actual voice of denouncing its absence as an effect on me doing so.
People make free software, the freedom of people make free software. You don’t tell people how to conduct themselves. Hacker culture is based on an ethos, and a manifesto that you may or may not aspire to.
This statement is not acceptable to me. Underrepresentation of women in tech can hardly be contested. And when I read “female-dominated field” it sounds like you are claiming that CoC advocates deliberately exclude male participation, which is not only contrary to my experience but is also an accusation of gender discrimination. Maybe what you had in mind was different from what I read?
1 Like
I contest it by numbers saying the people that advocate for its presence in tech, join social advocacy and policy-making, not tech. Not that the two are mutually exclusive, but in this sense they are.
To me I sound like I didn’t say that at all, because what i did say was:
A culture doing something for one group, or that group engaging in the culture of doing something, is in no way evidence of exclusion of another.
That is an accusation of gender discrimination, but I didn’t make it. You didn’t read me engaging in one, because I didn’t write such a thing. What happened was I wrote something different from what you interpreted.
What field of free software is not open to any one person punching endlessly far beyond their weight? I will give you the bulk and bloat, where one can apply oneself by tenacity, but nothing that is truly special.
You would first have to prove there is an identitarian exclusion policy or practice in place, and second of all either stop saying women do the same things because they are alike if you use “representation” that way, or allow for the incredible talent of any one of them to outweigh anything and anyone else if you don’t. In which case the ones that do, don’t need you to imply they are underrepresented in this fashion.
I can state that I for one was surprised when I started working on SecureDrop development in 2016 that it did not have a Code of Conduct given the project’s stature. This was a negative in my opinion, but I decided to work on SecureDrop anyway because I felt particularly passionate about the project goals. Perhaps there are others, given many interesting projects to choose from, who selected another project to contribute to instead of SecureDrop. This would be a shame.
If projects like this one are to maintain a healthy and professional working environment, I think that a Code of Conduct is a critical step in the positive direction, building on all the excellent progress so far bringing in a diverse set of people who have contributed a lot to the project so far. As such, I strongly support the work done by @dachary, @heartsucker, @edenemmanuel, @eloquence, and others in working on the Code of Conduct.
In my view, a Code of Conduct is a statement of very basic professional norms. If people think that the items contained in this document are not necessary to state as they are obvious, I can assure you that there are many people for which that item is not obvious. For example, I might assume that the discussion of sexual content being totally unprofessional and inappropriate is obvious, but even in this thread there is disagreement on this point. If there are further questions regarding why a Code of Conduct is important, I recommend this excellent Code of Conduct 101 FAQ: https://www.ashedryden.com/blog/codes-of-conduct-101-faq
Perhaps we should see if the broader community likes the current draft? It might be best to start a new thread with a poll.
2 Likes