[gentoo-project] ComRel / disciplinary action reform proposal

["Michał Górny" <mgorny@gentoo.org>]

[-- Attachment #1: Type: text/plain, Size: 9720 bytes --]

Hello, everyone.

Since the things around ComRel seem to have cooled down a bit, I think
we can now start a serious discussion on how disciplinary action
handling could be improved. While the recent complaints were focused on
ComRel, I would like to take a more generic approach since ComRel is
not the only body in Gentoo capable of disciplinary action.

Therefore, I'd like my proposal to concern all cases of disciplinary
action, involving but not limited to: ComRel, QA, Forum moderators, IRC
moderators, Wiki admins and any other entity capable of enforcing
a disciplinary action against developers and users.

Note: throughout the mail 'users' include all people involved on
the Gentoo communication channels, developers, users, bystanders
and bots alike.


Problems
--------
1. Lack of transparency (this seems to be improving but I don't think
we have a proper rules for that), that causes two issues:

a. Users indirectly involved in disciplinary action are unaware of it
which causes unnecessary confusion. Example: user is unaware that
a person is banned from Bugzilla, and incorrectly assumes that
the developer or user does not wish to reply to him.

b. Users presume disciplinary bodies attempt to hide their actions
which unnecessary builds tension and accusations. This becomes worse
when the subjects of those actions are the only sides speaking upon
the matter, and spreading false information.

2. Unclear appeal procedure (outside ComRel). For example, users that
get banned on IRC don't have a clear suggestion on where to appeal to
a particular decision, or whether there is any appeal possible at all.

3. Lack of supervision. Likewise, most of teams capable of some degree
of disciplinary action are not supervised by any other body in Gentoo,
some not even indirectly.

4. Lack of cooperation. Most of disciplinary teams in Gentoo operate
in complete isolation. Users affected by disciplinary actions
sometimes simply switch to another channel and continue their bad
behavior under another disciplinary team.


In this proposal, I'd like to discuss introducing a few simple rules
that would be binding to all teams capable of enforcing a disciplinary
actions, and that aim to improve the current situation. My proposed
rules are:


1. Secrecy
----------
Due to the nature of disciplinary affairs, the teams involved
in performing them are obliged to retain secrecy of the information
gathered. This includes both collected material (logs, messages, etc.)
and names of the individuals providing them.

All the sensitive information involving disciplinary affairs can be
*securely* passed only to other members of the disciplinary team
involved in the affair and the current Council members, upon legitimate
request. The obtained information should also be stored securely.

It is only necessary for a single member of the disciplinary team to
store the information (or to use a single collective store).
The Council members should remove all obtained information after
the appeal/audit.

It should be noted that an unauthorized disclosure of sensitive
information by any party involved would be a base for a strong
disciplinary action.

Rationale:

a. The collected material sometimes contains various bits of private
information whose disclosure is completely unnecessary and would only
unnecessarily violate individual's privacy. Gentoo ought to respect
privacy of users, and do not invade it without necessity.

b. Publishing names of individuals involved in a disciplinary action
could encourage the subjects to seek revenge. While keeping them secret
often does not prevent it (or even worse, causes the individuals to
seek revenge on larger group of people), we ought not to encourage
it.


2. Transparency
---------------
Any disciplinary action should be announced by the team in a manner
specific to the appropriate media where the measure applies.
The announcement should be visible to all users of that media,
and contains:

- the name of the user to whom the measure applies,

- the description and length of the measure applied.

For example, a ban on a mailing list could be announced to the mailing
list in question. A ban on Bugzilla could involve adding appropriate
note to the user's name, so that all other users see that he can't
respond at the time. A ban on IRC could be stored e.g. on wiki page,
or noted on a bug.

Furthermore, any disciplinary action must be reported to the Council.
The reporting is done through a bug that is opened at the first
disciplinary measure inflicted on a user, and reused at any following
measures. It should contain the information listed above, and have
the Council in CC. No private information should be ever included
in the bug.

Rationale:

a. As noted above, the disciplinary measure often affect more users
than the subject of the action. It is therefore most advisable to
notice them of the action (i.e. that they can't expect the particular
user to reply) and their length, while protecting as much privacy as
possible.

b. It is also beneficial for the subject of the action to have
a publicly visible note of the measure applied, and clear statement of
its length.

c. Opening bugs for all disciplinary actions helps teams keep track of
them and their durations, note repeated offenders and finally report
all actions to the Council for auditing purposes.


3. Appeal
---------
All disciplinary decisions (both actions and refusals to perform
action) can be appealed to the Council. In this case, the disciplinary
team is obliged to securely pass all material collected to the Council.
The Council can either support, modify or dismiss the decision
entirely. There is no further appeal.

It should be noted that the disciplinary actions must not prevent
the appeal from being filed.

Rationale:

a. Having a single body to handle all appeals makes the procedures
simpler to our users and more consistent. This also guarantees that
all measures can be appealed exactly once, and no channels are
privileged.

b. The Council is currently the highest body elected by Gentoo
developers with the trust of being able to handle appeals from ComRel
decisions. It seems reasonable to extend that to all disciplinary
decisions in Gentoo.


4. Supervision
--------------
At the same time, Council is assumed to supervise all disciplinary
affairs in Gentoo. As noted in 2., all decisions made are reported to
the Council for auditing. Those reports combined with appeals should
allow the Council to notice any suspicious behavior from particular
disciplinary teams.

For the necessity of audit, the disciplinary teams should retain all
material supporting their disciplinary audit in a secure manner,
throughout the time of the disciplinary action and at least half a year
past it. The Council can request all this information to audit
the behavior of a particular team and/or its member.

Rationale:

a. Having a proper auditing procedure in place is necessary to improve
the trust our users put in our disciplinary teams. It should discourage
any members of our disciplinary teams from attempting to abuse their
privileges, and help discover that quickly if it actually happens.

b. The necessity of storing information supporting disciplinary
decisions is helpful both for the purpose of auditing as well as for
(potentially late) appeals. Keeping old information is necessary to
support stronger decisions made for repeat offenders.


5. Cooperation
--------------
While it is not strictly necessary for different disciplinary teams to
cooperate, in some cases it could be useful to handle troublemakers
more efficiently across different channels.

Since all disciplinary actions are published, a team may notice that
another team has enforced a disciplinary action on their user. This
could be used as a suggestion that the user is a potential troublemaker
but the team must collect the evidence of wrongdoing in their own
channel before enforcing any action. It should be noted that
disciplinary teams are not allowed to exchange private information.

When multiple teams inflict disciplinary actions on the same user, they
can request the Council to consider issuing a cross-channel Gentoo
disciplinary action. In this case, the Council requests material from
all involved teams (alike when auditing) and may request a consistent
disciplinary action from all disciplinary teams in Gentoo.

Rationale:

a. Under normal circumstances, a bad behavior on one communication
channel should not prevent the user from contributing on another.
However, we should have a more efficient procedure to handle the case
when user is a repeating troublemaker and moves from one channel to
another.

b. Preventing information exchange serves the purpose of protecting
users' privacy. The access to sensitive information should be
restricted as narrowly as possible. Disciplinary teams should perform
decisions autonomously to prevent corruption of one team resulting
in unnecessary actions from another.


Migration
---------
It would seem unreasonable to request all disciplinary teams to either
report all their past decisions right now, or to lift them immediately.
However, if this policy is accepted, all teams would be obliged to
follow it for any further decisions.

It would also be recommended for teams to appropriate update at least
recent decisions or those that are brought up again (e.g. via appeal or
repeat offense).


What do you think?

-- 
Best regards,
Michał Górny
<http://dev.gentoo.org/~mgorny/>

[-- Attachment #2: OpenPGP digital signature --]
[-- Type: application/pgp-signature, Size: 963 bytes --]