[gentoo-project] Comrel Improvements: Expectations of Privacy

[gentoo-project] Comrel Improvements: Expectations of Privacy

[Rich Freeman]

General Background
This is the first in a series of threads I plan to start, each around
some aspect of our Comrel process.  If you have a concern that isn't
covered in this post please start a separate thread, and I do intend
to start others.  This isn't intended to suggest that this is the ONLY
issue that is worth discussion about Comrel.  I just expect there to
be potentially a large amount of interest in the topic and I think
we're better served if things are divided into somewhat-separable
topics.

In these emails I'm speaking purely on my own behalf, and not for the
Council/Foundation/etc.  I know these bodies have an interest in these
topics and may very well offer official input at some time.  I really
just want to foster open discussion so that we can air opinions before
we actually get to setting/changing policy.


The Issue
Recently there has been some questioning of whether we have the right
balance of privacy in Comrel disputes.  Some specific questions to be
addressed are:

1.  When information is turned over to comrel who does it get shared
with, and under what circumstances?
2.  Do any members of the community have an obligation to report?  Can
members of comrel/trustees/officers/council/etc be told information in
private without it being shared back with comrel for the official
record?
3. Specifically, what information gets shared with people named in a
dispute of some kind?
4. Under what circumstances will information be shared with a
government authority/etc?
5. Do subjects of comrel action generally have a "right to face their
accuser?"
6. What should be communicated about comrel actions, both proactively
and when people inquire about them?

I think there are a number of pros and cons to any approach we take,
and it is possible for reasonable people to hold a different opinion
on this topic.


The Current State
As best as I understand it (and corrections are welcome), this is how
things work today (I'm just trying to stick to the facts in this
section):

Nobody in Gentoo has an obligation to raise issues to Comrel.  If
somebody privately tells me that they're having a problem with
somebody, I can offer advice/etc, or advise them to go to Comrel, but
I'm not obligated to do so.

If somebody does go to Comrel, what they say is generally kept
confidential from anybody not in Comrel.  So, if I were to complain to
Comrel that ulm has been voting against too many of my Council
proposals, Comrel might or might not even tell ulm that there was a
complaint, and if they did they wouldn't tell him that I made the
complaint or provide any exact copies of the complaint.

If somebody appeals a Comrel decision to the Council, then all
information that Comrel has on the case is made available to the
Council.

After a case is concluded, information is maintained indefinitely, and
available to some members of Comrel.  It might be shared with all of
Comrel if another case comes up.

While this has not happened within my knowledge, I imagine that if a
lawsuit came up or a threat of one, any relevant information would be
shared with the Trustees and anybody they designate.  There isn't any
proactive monitoring by the Foundation.

In general Comrel actions are kept confidential.  A general member of
the community (developer or otherwise) typically doesn't find out that
there even has been a dispute, let alone the results of one.  However,
I know there have been exceptions, including a recent one on -core.
When significant actions like forced retirement occur non-devs on
impacted teams may not be informed, though if they make specific
inquiries a fairly minimal statement might be given.


Discussion
Here I'll offer my own opinions, though many are not strongly held.  I
really want to foster discussion around the pros/cons as I don't think
that the answers to the questions I framed are necessarily completely
obvious.

I'll start with what I see as the largest controversy: the right of
the accused to face their accuser.  In almost all courts this is a
fairly universal right.  In private companies/organizations it tends
to be much less so.  The main benefit of keeping complaints
anonymous/private is that people will feel more free to come forward
with complaints without fear of retaliation.  The obvious downside is
that the accused feels the process is unfair since it is a black box
to them, and they may be less receptive to the legitimacy of concerns,
and indeed the anonymity might result in false claims since they're
harder to refute.

I suspect private organizations also tend to keep this stuff
confidential because it makes them harder to sue, and that concern
does apply to Gentoo to some degree.

Next, mandatory reporting:  I think we ought to give serious
consideration to it for a couple of reasons.  Companies often have
mandatory reporting, for example if somebody were to copy me on an
email that violates company policy around something like sexual
content, I could be fired merely for having been sent it but not
reporting it to HR, because I have people who report to me.  For
positions like Trustees/Officers of the Foundation I suspect that if
they're aware of a potential situation where Gentoo has some
liability, they would have a fiduciary duty to act on it.  That may or
may not apply to Council members as well.  There is another reason why
mandatory reporting might make sense: it avoids putting people in
leadership situations in a tricky situation where they feel like they
have to both keep something confidential and try to deal with a
serious problem solo, because they feel like it would be wrong to
ignore it.  With a mandatory reporting policy then people know
up-front that leaders are basically an extension of Comrel, and then
once the situation is handed off to Comrel the person it was disclosed
to can safely step away and let Comrel do its job.

Finally, when it comes to communicating outcomes of comrel actions, I
suggest keeping the distribution minimal.  If somebody is forced to
retire from a leadership role, then those who were a part of their
team probably should know.  If somebody is forced to retire from a
team then the team lead should be told.  I don't really see a ton of
value in communicating comrel actions widely in general.  The problem
with communicating things widely is that it makes it harder for the
person subject to the action to re-integrate themselves into the
community once any actions expire.  Also, there is less risk of
liability for defamation/etc if nothing is publicly communicated.  At
my own workplace there is really no distinction between somebody being
fired and leaving of their own accord as far as announcements to
coworkers and such are concerned.  Indeed, there is also usually
little distinction between being fired for cause or because you simply
are no longer needed when it comes to communication with the person
being separated either.

I'll go ahead and wind this down here as it already feels a lot longer
than I intended (perhaps the topic was still too broad, though I see
these items as being fairly related).  Again, the goal here is to spur
discussion and end up with policies that there is some kind of
community backing for, whether they end up being the status quo or
otherwise.  Ultimately whatever is decided upon should be documented
so that when somebody contacts Comrel they know up-front what will be
done with any information they provide, and so on.

So, whether you think this is great or the worst drivel you've ever
read, please do speak up...

--
Rich


-- 
Rich

[gentoo-project] Comrel Improvements: Expectations of Privacy

[Raymond Jennings]

> General Background

> This is the first in a series of threads I plan to start, each around
> some aspect of our Comrel process. If you have a concern that isn't
> covered in this post please start a separate thread, and I do intend
> to start others. This isn't intended to suggest that this is the ONLY
> issue that is worth discussion about Comrel. I just expect there to
> be potentially a large amount of interest in the topic and I think
> we're better served if things are divided into somewhat-separable
> topics.
> 
> In these emails I'm speaking purely on my own behalf, and not for the
> Council/Foundation/etc. I know these bodies have an interest in these
> topics and may very well offer official input at some time. I really
> just want to foster open discussion so that we can air opinions before
> we actually get to setting/changing policy.

My personal opinion is that, whatever the policy is, having it publicly 
documented and thus setting expectations in advance will be an 
improvement by itself.

> The Issue
> Recently there has been some questioning of whether we have the right
> balance of privacy in Comrel disputes. Some specific questions to be
> addressed are:
> 
> 1. When information is turned over to comrel who does it get shared
> with, and under what circumstances?
> 2. Do any members of the community have an obligation to report? Can
> members of comrel/trustees/officers/council/etc be told information in
> private without it being shared back with comrel for the official
> record?

Depends on the issue at hand.

> 3. Specifically, what information gets shared with people named in a
> dispute of some kind?

See below

> 4. Under what circumstances will information be shared with a
> government authority/etc?

Not a lot of leeway here, if a subpoena or a search warrant gets 
involved.  IIRC, the Gentoo Foundation is a US nonprofit corporation 
and therefore subject to US law, plus the laws of whatever state a) 
contains the assets in question, and/or b) is the state of 
incorporation for the foundation.

NB:  I think that there should be public and convenient documentation 
citing where the assets containing such information are located, as a 
means of public declaration of what jurisdiction applies.

I'm not a lawyer, but I do know that the jurisdiction under which the 
information is contained and/or serves as the state of incorporation 
(new mexico, IIRC?) will control any "involuntary" disclosures that the 
foundation will not have any discretion about.

So...whatever the situation here happens to be, should at least be 
publicly documented in an easily visible manner.

> 5. Do subjects of comrel action generally have a "right to face their
> accuser?"

Yes and no, in my opinion.  The accuser should be held responsible for 
their accusation, but an offender who is rightly accused should not be 
able to intimidate a witness, so to speak.

My proposal:

1.  Anonymously provided information cannot, by itself, be used as 
evidence.  The identity of the "plaintiff" must at a minimum be known 
to comrel.

2.  Any member of comrel who accepts, uses in a comrel case, or posts 
evidence or testimony from a confidential source takes responsibility 
for the truth of the information so presented, in detail:

    * They are responsible for the truth of the information

    * If the information is challenged or rebutted, they are 
responsible for relaying the challenge to the source for rebuttal.  
This is kiiinda how spamcop works with spam reports.  If the report is 
challenged, the challenge gets sent through spamcop back to the 
reporter.

    * If the information is proven to be false or worse forged, or the 
accuser fails his duty to support his accusation, the comrel member 
responsible for it must either:

       - take the blame for the falsehood, or

       - expose the identity of the person supplying the false 
information, and possibly process a CoC violation against the original 
reporter for "perjury"

    In this case, holding comrel responsible is only intended ot make 
sure they do not willingly tolerate bad information.  If the comrel 
person responsible for the information is doing their job properly, 
they should very easily be able to take the blame and dump it where it 
belongs without any risk of eating blame they don't deserve.

3.  People who give false information to comrel must be held 
accountable for "perjury".  If someone gives false evidence or makes an 
unfounded allegation, they should be held responsible for it.

4.  People who misuse comrel by deliberately making false complaints, 
or needlessly escalating issues that do not require comrel attention, 
should be handled the same as any other CoC violation as would be 
reported to comrel to begin with.

    * Relatedly, someone who, after agreeing to be responsible to 
comrel for their report, fails to properly rebut any challenges, or 
fails to withdrawi their complaint if it proves to be unfounded, is 
themselves causing trouble for Gentoo, and should not be able to use 
comrel-provided anonymity as a shield behind which to spam their 
enemies with comrel bullets.

To be blunt:

If someone tries to abuse comrel by supplying a false accusation, they 
themselves are the ones that should be held responsible for violating 
CoC (and it should be a CoC violation to make a false complaint or 
submit false information to comrel, if it isn't a violation already), 
and it should be comrel's job to hold a malicious reporter responsible.

Furthermore, if a comrel member, hypothetically speaking, fails to hold 
the malicious or negligent reporter responsible, they are aiding and 
abetting the misconduct in question and should be willing to eat the 
blame for it if they aren't willing to expose the true culprit.

> 6. What should be communicated about comrel actions, both proactively
> and when people inquire about them?
> 
> I think there are a number of pros and cons to any approach we take,
> and it is possible for reasonable people to hold a different opinion
> on this topic.
> 
> 
> The Current State
> As best as I understand it (and corrections are welcome), this is how
> things work today (I'm just trying to stick to the facts in this
> section):
> 
> Nobody in Gentoo has an obligation to raise issues to Comrel. If
> somebody privately tells me that they're having a problem with
> somebody, I can offer advice/etc, or advise them to go to Comrel, but
> I'm not obligated to do so.
> 
> If somebody does go to Comrel, what they say is generally kept
> confidential from anybody not in Comrel. So, if I were to complain to
> Comrel that ulm has been voting against too many of my Council
> proposals, Comrel might or might not even tell ulm that there was a
> complaint, and if they did they wouldn't tell him that I made the
> complaint or provide any exact copies of the complaint.
> 
> If somebody appeals a Comrel decision to the Council, then all
> information that Comrel has on the case is made available to the
> Council.
> 
> After a case is concluded, information is maintained indefinitely, and
> available to some members of Comrel. It might be shared with all of
> Comrel if another case comes up.
> 
> While this has not happened within my knowledge, I imagine that if a
> lawsuit came up or a threat of one, any relevant information would be
> shared with the Trustees and anybody they designate. There isn't any
> proactive monitoring by the Foundation.
> 
> In general Comrel actions are kept confidential. A general member of
> the community (developer or otherwise) typically doesn't find out that
> there even has been a dispute, let alone the results of one. However,
> I know there have been exceptions, including a recent one on -core.
> When significant actions like forced retirement occur non-devs on
> impacted teams may not be informed, though if they make specific
> inquiries a fairly minimal statement might be given.
> 
> 
> Discussion
> Here I'll offer my own opinions, though many are not strongly held. I
> really want to foster discussion around the pros/cons as I don't think
> that the answers to the questions I framed are necessarily completely
> obvious.
> 
> I'll start with what I see as the largest controversy: the right of
> the accused to face their accuser. In almost all courts this is a
> fairly universal right. In private companies/organizations it tends
> to be much less so. The main benefit of keeping complaints
> anonymous/private is that people will feel more free to come forward
> with complaints without fear of retaliation. The obvious downside is
> that the accused feels the process is unfair since it is a black box
> to them, and they may be less receptive to the legitimacy of concerns,
> and indeed the anonymity might result in false claims since they're
> harder to refute.
> 
> I suspect private organizations also tend to keep this stuff
> confidential because it makes them harder to sue, and that concern
> does apply to Gentoo to some degree.
> 
> Next, mandatory reporting: I think we ought to give serious
> consideration to it for a couple of reasons. Companies often have
> mandatory reporting, for example if somebody were to copy me on an
> email that violates company policy around something like sexual
> content, I could be fired merely for having been sent it but not
> reporting it to HR, because I have people who report to me. For
> positions like Trustees/Officers of the Foundation I suspect that if
> they're aware of a potential situation where Gentoo has some
> liability, they would have a fiduciary duty to act on it. That may or
> may not apply to Council members as well. There is another reason why
> mandatory reporting might make sense: it avoids putting people in
> leadership situations in a tricky situation where they feel like they
> have to both keep something confidential and try to deal with a
> serious problem solo, because they feel like it would be wrong to
> ignore it. With a mandatory reporting policy then people know
> up-front that leaders are basically an extension of Comrel, and then
> once the situation is handed off to Comrel the person it was disclosed
> to can safely step away and let Comrel do its job.
> 
> Finally, when it comes to communicating outcomes of comrel actions, I
> suggest keeping the distribution minimal. If somebody is forced to
> retire from a leadership role, then those who were a part of their
> team probably should know. If somebody is forced to retire from a
> team then the team lead should be told. I don't really see a ton of
> value in communicating comrel actions widely in general. The problem
> with communicating things widely is that it makes it harder for the
> person subject to the action to re-integrate themselves into the
> community once any actions expire. Also, there is less risk of
> liability for defamation/etc if nothing is publicly communicated. At
> my own workplace there is really no distinction between somebody being
> fired and leaving of their own accord as far as announcements to
> coworkers and such are concerned. Indeed, there is also usually
> little distinction between being fired for cause or because you simply
> are no longer needed when it comes to communication with the person
> being separated either.
> 
> I'll go ahead and wind this down here as it already feels a lot longer
> than I intended (perhaps the topic was still too broad, though I see
> these items as being fairly related). Again, the goal here is to spur
> discussion and end up with policies that there is some kind of
> community backing for, whether they end up being the status quo or
> otherwise. Ultimately whatever is decided upon should be documented
> so that when somebody contacts Comrel they know up-front what will be
> done with any information they provide, and so on.
> 
> So, whether you think this is great or the worst drivel you've ever
> read, please do speak up...
> 
> --
> Rich

Re: [gentoo-project] Comrel Improvements: Expectations of Privacy

[Daniel Campbell]

[-- Attachment #1.1: Type: text/plain, Size: 3610 bytes --]

On 09/30/2016 05:59 PM, Rich Freeman wrote:
> [snip]
> 
> 1.  When information is turned over to comrel who does it get shared
> with, and under what circumstances?

That information should be kept mainly to the comrel member(s) who were
reported to. Should the issue become more serious, share it with the
rest of comrel according to case needs (one member having a friendship
with a given developer, or a professional background in community
management, etc).

> 2.  Do any members of the community have an obligation to report?  Can
> members of comrel/trustees/officers/council/etc be told information in
> private without it being shared back with comrel for the official
> record?

An obligation to report will result in more reporting, some of which
will end up being within CoC limits or merely a misunderstanding.
Encouragement might not be a bad idea, but forcing them to is just an
easy way to make ComRel busy; I'm sure they're just as understaffed as
the rest of Gentoo, however.

> 3. Specifically, what information gets shared with people named in a
> dispute of some kind?

It depends on the type of dispute. If it's happenstance in a public
medium such as the forums, bugzilla, or the ML, then the antagonists and
their actions are known and can be shared freely.

In short I think the privacy level of a dispute should never become
lower than the occurrence of the "crime". So if it was in PMs on IRC, it
now concerns the ComRel member who was contacted, Party A, and Party B.
It should only expand when one ComRel member isn't enough.

Impactful changes to Gentoo staffing are deserving of mention, but in
general terms, like "Foobar project no longer has a lead, election
scheduled for..."

> 4. Under what circumstances will information be shared with a
> government authority/etc?

It's not written anywhere, but I think we owe it to our developers to
keep private information private. Without a sufficient reasoning and/or
legal force, imo Gentoo should not comply without overwhelming evidence
or legitimate legal threat to its incorporation status. We should treat
private and internal information like it's valuable and important,
because it is. If developers can't share information with the Foundation
and/or other developers and expect it to remain at least somewhat safe,
then it may lower morale within the Project.

> 5. Do subjects of comrel action generally have a "right to face their
> accuser?"

If the action is impacting their developer status or public/internal
image, I believe the accuser should be willing to attach their name to
their accusations.

> 6. What should be communicated about comrel actions, both proactively
> and when people inquire about them?

Proactive announcements only necessary when they impact the functioning
of Gentoo and have reason to be made public. Inquiries are a little
trickier, as we should strive for transparency internally, but keep
sensitive things from the general public.

> 
> I think there are a number of pros and cons to any approach we take,
> and it is possible for reasonable people to hold a different opinion
> on this topic.
>
> [snip]
> 
> So, whether you think this is great or the worst drivel you've ever
> read, please do speak up...
> 
> --
> Rich
> 
> 
I was wondering who would get around to writing something like this up
ever since that conversation about it a while back. :)

-- 
Daniel Campbell - Gentoo Developer
OpenPGP Key: 0x1EA055D6 @ hkp://keys.gnupg.net
fpr: AE03 9064 AE00 053C 270C  1DE4 6F7A 9091 1EA0 55D6


[-- Attachment #2: OpenPGP digital signature --]
[-- Type: application/pgp-signature, Size: 801 bytes --]

Re: [gentoo-project] Comrel Improvements: Expectations of Privacy

[Robin H. Johnson]

On Sat, Oct 01, 2016 at 01:22:24PM -0700, Raymond Jennings wrote:
> NB:  I think that there should be public and convenient documentation 
> citing where the assets containing such information are located, as a 
> means of public declaration of what jurisdiction applies.
The infra wiki pages of server lists do explicitly specify where the
various servers are physically located. None of them are in New Mexico.
What they don't visibly track is that that Infra can & does move
services around over time, depending on the availability of sponsor
hardware, requests of sponsors, and appropriate resources for the growth
of larger services. [Eg HostVirtual recently contacted us to migrate
some services, because they wanted to decommission old hardware]

> I'm not a lawyer, but I do know that the jurisdiction under which the 
> information is contained and/or serves as the state of incorporation 
> (new mexico, IIRC?) will control any "involuntary" disclosures that the 
> foundation will not have any discretion about.
One of the side bits that was done many years ago, was to put certain
things outside of the US however, to take potential advantage of more
local privacy laws. For example, Forums lives in Vancouver, BC, Canada,
and is thus subject to BC privacy laws, which are very strong. If the
data is located there, can take precedence over other jurisdictions, at
least according to some BC lawyers.

If nothing else, it's sufficiently complex privacy law to muddy the
waters over data transfer.

-- 
Robin Hugh Johnson
Gentoo Linux: Dev, Infra Lead, Foundation Trustee & Treasurer
E-Mail   : robbat2@gentoo.org
GnuPG FP : 11ACBA4F 4778E3F6 E4EDF38E B27B944E 34884E85
GnuPG FP : 7D0B3CEB E9B85B1F 825BCECF EE05E6F6 A48F6136

Re: [gentoo-project] Comrel Improvements: Expectations of Privacy

[Raymond Jennings]

On Sat, Oct 1, 2016 at 9:13 PM, Daniel Campbell <zlg@gentoo.org> wrote:
> On 09/30/2016 05:59 PM, Rich Freeman wrote:
>>  [snip]
>> 
>>  1.  When information is turned over to comrel who does it get shared
>>  with, and under what circumstances?
> 
> That information should be kept mainly to the comrel member(s) who 
> were
> reported to. Should the issue become more serious, share it with the
> rest of comrel according to case needs (one member having a friendship
> with a given developer, or a professional background in community
> management, etc).
> 
>>  2.  Do any members of the community have an obligation to report?  
>> Can
>>  members of comrel/trustees/officers/council/etc be told information 
>> in
>>  private without it being shared back with comrel for the official
>>  record?
> 
> An obligation to report will result in more reporting, some of which
> will end up being within CoC limits or merely a misunderstanding.
> Encouragement might not be a bad idea, but forcing them to is just an
> easy way to make ComRel busy; I'm sure they're just as understaffed as
> the rest of Gentoo, however.

>>  3. Specifically, what information gets shared with people named in a
>>  dispute of some kind?
> 
> It depends on the type of dispute. If it's happenstance in a public
> medium such as the forums, bugzilla, or the ML, then the antagonists 
> and
> their actions are known and can be shared freely.
> 
> In short I think the privacy level of a dispute should never become
> lower than the occurrence of the "crime". So if it was in PMs on IRC, 
> it
> now concerns the ComRel member who was contacted, Party A, and Party 
> B.
> It should only expand when one ComRel member isn't enough.
> 
> Impactful changes to Gentoo staffing are deserving of mention, but in
> general terms, like "Foobar project no longer has a lead, election
> scheduled for..."
> 
>>  4. Under what circumstances will information be shared with a
>>  government authority/etc?
> 
> It's not written anywhere, but I think we owe it to our developers to
> keep private information private. Without a sufficient reasoning 
> and/or
> legal force, imo Gentoo should not comply without overwhelming 
> evidence
> or legitimate legal threat to its incorporation status. We should 
> treat
> private and internal information like it's valuable and important,
> because it is. If developers can't share information with the 
> Foundation
> and/or other developers and expect it to remain at least somewhat 
> safe,
> then it may lower morale within the Project.

Would we assume that the foundation would be hiring counsel or 
otherwise opposing such legal threats in court?  If the foundation gets 
a subpoena or served with a search warrant, how much effort should the 
foundation put into fighting it?

>>  5. Do subjects of comrel action generally have a "right to face 
>> their
>>  accuser?"
> 
> If the action is impacting their developer status or public/internal
> image, I believe the accuser should be willing to attach their name to
> their accusations.

+1 to this.

Furthermore I believe in principle that if you aren't willing to put 
your ass on the line to back your accusation, then your testimony is 
worthless.  People are put under oath in court for a reason, and there 
are penalties for perjury.

>>  6. What should be communicated about comrel actions, both 
>> proactively
>>  and when people inquire about them?
> 
> Proactive announcements only necessary when they impact the 
> functioning
> of Gentoo and have reason to be made public. Inquiries are a little
> trickier, as we should strive for transparency internally, but keep
> sensitive things from the general public.
> 
>>  I think there are a number of pros and cons to any approach we take,
>>  and it is possible for reasonable people to hold a different opinion
>>  on this topic.
>> 
>>  [snip]
>> 
>>  So, whether you think this is great or the worst drivel you've ever
>>  read, please do speak up...
>> 
>>  --
>>  Rich
>> 
>> 
> I was wondering who would get around to writing something like this up
> ever since that conversation about it a while back. :)
> 
> --
> Daniel Campbell - Gentoo Developer
> OpenPGP Key: 0x1EA055D6 @ hkp://keys.gnupg.net
> fpr: AE03 9064 AE00 053C 270C  1DE4 6F7A 9091 1EA0 55D6

I'd also like to note for the record that the last known version of the 
developer quiz features a question about devrel (now comrel, +todo 
update it), so whoever wrote the quiz obviously feels that a good 
grounding in comrel procedures.

I would very much like this noted for the record, and in addition to 
keeping the quiz updated with whatever happens in this discussion, I'd 
also like the current devmanual policy (cited in the quiz as a 
reference) involved as a subject in this discussion...does that make 
sense?

We kinda do have documentation already, that is at the least being 
cited as a reference in the developer quiz...which I'm presently 
polishing my answers to in the wake of my pending recruitment.

Re: [gentoo-project] Comrel Improvements: Expectations of Privacy

[Raymond Jennings]

On Sat, Oct 1, 2016 at 9:51 PM, Robin H. Johnson <robbat2@gentoo.org> 
wrote:
> On Sat, Oct 01, 2016 at 01:22:24PM -0700, Raymond Jennings wrote:
>>  NB:  I think that there should be public and convenient 
>> documentation
>>  citing where the assets containing such information are located, as 
>> a
>>  means of public declaration of what jurisdiction applies.

> The infra wiki pages of server lists do explicitly specify where the
> various servers are physically located. None of them are in New 
> Mexico.
> What they don't visibly track is that that Infra can & does move
> services around over time, depending on the availability of sponsor
> hardware, requests of sponsors, and appropriate resources for the 
> growth
> of larger services. [Eg HostVirtual recently contacted us to migrate
> some services, because they wanted to decommission old hardware]
> 
>>  I'm not a lawyer, but I do know that the jurisdiction under which 
>> the
>>  information is contained and/or serves as the state of incorporation
>>  (new mexico, IIRC?) will control any "involuntary" disclosures that 
>> the
>>  foundation will not have any discretion about.
> One of the side bits that was done many years ago, was to put certain
> things outside of the US however, to take potential advantage of more
> local privacy laws. For example, Forums lives in Vancouver, BC, 
> Canada,
> and is thus subject to BC privacy laws, which are very strong. If the
> data is located there, can take precedence over other jurisdictions, 
> at
> least according to some BC lawyers.
> 
> If nothing else, it's sufficiently complex privacy law to muddy the
> waters over data transfer.

And this is exactly why members of the gentoo community should be made 
aware of any laws that may apply.

This is exactly why my opinion is strongly in favor of having the 
situation, whatever it may actually be, documented so that people who 
might get burned by having their stuff exposed by legal action will at 
least have advanced warning.

> --
> Robin Hugh Johnson
> Gentoo Linux: Dev, Infra Lead, Foundation Trustee & Treasurer
> E-Mail   : robbat2@gentoo.org
> GnuPG FP : 11ACBA4F 4778E3F6 E4EDF38E B27B944E 34884E85
> GnuPG FP : 7D0B3CEB E9B85B1F 825BCECF EE05E6F6 A48F6136
> 

Re: [gentoo-project] Comrel Improvements: Expectations of Privacy

[Daniel Campbell]

[-- Attachment #1.1: Type: text/plain, Size: 6912 bytes --]

On 10/01/2016 09:53 PM, Raymond Jennings wrote:
> 
> 
> On Sat, Oct 1, 2016 at 9:13 PM, Daniel Campbell <zlg@gentoo.org> wrote:
>> On 09/30/2016 05:59 PM, Rich Freeman wrote:
>>>  [snip]
>>>
>>>  1.  When information is turned over to comrel who does it get shared
>>>  with, and under what circumstances?
>>
>> That information should be kept mainly to the comrel member(s) who were
>> reported to. Should the issue become more serious, share it with the
>> rest of comrel according to case needs (one member having a friendship
>> with a given developer, or a professional background in community
>> management, etc).
>>
>>>  2.  Do any members of the community have an obligation to report?  Can
>>>  members of comrel/trustees/officers/council/etc be told information in
>>>  private without it being shared back with comrel for the official
>>>  record?
>>
>> An obligation to report will result in more reporting, some of which
>> will end up being within CoC limits or merely a misunderstanding.
>> Encouragement might not be a bad idea, but forcing them to is just an
>> easy way to make ComRel busy; I'm sure they're just as understaffed as
>> the rest of Gentoo, however.
> 
>>>  3. Specifically, what information gets shared with people named in a
>>>  dispute of some kind?
>>
>> It depends on the type of dispute. If it's happenstance in a public
>> medium such as the forums, bugzilla, or the ML, then the antagonists and
>> their actions are known and can be shared freely.
>>
>> In short I think the privacy level of a dispute should never become
>> lower than the occurrence of the "crime". So if it was in PMs on IRC, it
>> now concerns the ComRel member who was contacted, Party A, and Party B.
>> It should only expand when one ComRel member isn't enough.
>>
>> Impactful changes to Gentoo staffing are deserving of mention, but in
>> general terms, like "Foobar project no longer has a lead, election
>> scheduled for..."
>>
>>>  4. Under what circumstances will information be shared with a
>>>  government authority/etc?
>>
>> It's not written anywhere, but I think we owe it to our developers to
>> keep private information private. Without a sufficient reasoning and/or
>> legal force, imo Gentoo should not comply without overwhelming evidence
>> or legitimate legal threat to its incorporation status. We should treat
>> private and internal information like it's valuable and important,
>> because it is. If developers can't share information with the Foundation
>> and/or other developers and expect it to remain at least somewhat safe,
>> then it may lower morale within the Project.
> 
> Would we assume that the foundation would be hiring counsel or otherwise
> opposing such legal threats in court?  If the foundation gets a subpoena
> or served with a search warrant, how much effort should the foundation
> put into fighting it?
> 
That's a good question with a possibly-messy answer. It depends; if we
already have a lawyer on retainer or otherwise would go to bat for us
and has an understanding of such law, then sure, hire counsel. But
anything impacting the finances imo should go past the Foundation and
the treasurer first. If we lack budgeting, then depending on how bad
this request is we may ask for people to pitch in or something. I doubt
anything like that would happen, however, so the most likely case is
subpoena for logs connected to a given IP address. If they have a search
warrant, well, not much you can do about that then, huh?

I'm not a lawyer, however, and don't know the safest approach that also
protects the Foundation's members. I just don't believe in handing
things over when they're asked for without a damn good reason.
>>>  5. Do subjects of comrel action generally have a "right to face their
>>>  accuser?"
>>
>> If the action is impacting their developer status or public/internal
>> image, I believe the accuser should be willing to attach their name to
>> their accusations.
> 
> +1 to this.
> 
> Furthermore I believe in principle that if you aren't willing to put
> your ass on the line to back your accusation, then your testimony is
> worthless.  People are put under oath in court for a reason, and there
> are penalties for perjury.
I agree up to the "penalty for perjury" part. On one hand, there should
be something that prevents people from making stuff up and generally
just killing peoples' time, but on the other, punishing someone for it
could result in them leaving the Foundation, possibly taking down
important things (forums, deliberately misconfigured mailserver, etc)
beforehand.

There needs to be a balance. Maybe once comrel and/or the Council have
decided a matter is important, the push rights of all involved parties
is suspended to prevent in-fighting. Could be a stupid idea, I dunno.
> 
>>>  6. What should be communicated about comrel actions, both proactively
>>>  and when people inquire about them?
>>
>> Proactive announcements only necessary when they impact the functioning
>> of Gentoo and have reason to be made public. Inquiries are a little
>> trickier, as we should strive for transparency internally, but keep
>> sensitive things from the general public.
>>
>>>  I think there are a number of pros and cons to any approach we take,
>>>  and it is possible for reasonable people to hold a different opinion
>>>  on this topic.
>>>
>>>  [snip]
>>>
>>>  So, whether you think this is great or the worst drivel you've ever
>>>  read, please do speak up...
>>>
>>>  --
>>>  Rich
>>>
>>>
>> I was wondering who would get around to writing something like this up
>> ever since that conversation about it a while back. :)
>>
>> -- 
>> Daniel Campbell - Gentoo Developer
>> OpenPGP Key: 0x1EA055D6 @ hkp://keys.gnupg.net
>> fpr: AE03 9064 AE00 053C 270C  1DE4 6F7A 9091 1EA0 55D6
> 
> I'd also like to note for the record that the last known version of the
> developer quiz features a question about devrel (now comrel, +todo
> update it), so whoever wrote the quiz obviously feels that a good
> grounding in comrel procedures.
> 
> I would very much like this noted for the record, and in addition to
> keeping the quiz updated with whatever happens in this discussion, I'd
> also like the current devmanual policy (cited in the quiz as a
> reference) involved as a subject in this discussion...does that make sense?
What devmanual policy are you referring to?
> 
> We kinda do have documentation already, that is at the least being cited
> as a reference in the developer quiz...which I'm presently polishing my
> answers to in the wake of my pending recruitment.
> 
> 
Good luck on your journey to join us. :)

-- 
Daniel Campbell - Gentoo Developer
OpenPGP Key: 0x1EA055D6 @ hkp://keys.gnupg.net
fpr: AE03 9064 AE00 053C 270C  1DE4 6F7A 9091 1EA0 55D6


[-- Attachment #2: OpenPGP digital signature --]
[-- Type: application/pgp-signature, Size: 801 bytes --]

Re: [gentoo-project] Comrel Improvements: Expectations of Privacy

[Robin H. Johnson]

On Sat, Oct 01, 2016 at 09:55:31PM -0700, Raymond Jennings wrote:
> This is exactly why my opinion is strongly in favor of having the 
> situation, whatever it may actually be, documented so that people who 
> might get burned by having their stuff exposed by legal action will at 
> least have advanced warning.
The "protected" information in the case of forums would be limited to
private messages, and any private user information that was not exposed
elsewhere (eg IP address, hidden email address). Everything else on the
forums is a public posting, and thus not granted any protections.

The case that really worries me is IRC private messages. There are
generally only two parties with logs, which are likely to be the
plaintiff and defendant previously mentioned. (Both parties have an
interest in altering the messages). In most cases [1], the messages go via
one or more Freenode servers, which could in theory log them, and also
complicate the privacy jurisdiction question.

[1] IRC does have ways to directly message another person without it
going through servers; said ways originate in file tranfers between
parties and are much less common today.

-- 
Robin Hugh Johnson
Gentoo Linux: Dev, Infra Lead, Foundation Trustee & Treasurer
E-Mail   : robbat2@gentoo.org
GnuPG FP : 11ACBA4F 4778E3F6 E4EDF38E B27B944E 34884E85
GnuPG FP : 7D0B3CEB E9B85B1F 825BCECF EE05E6F6 A48F6136

Re: [gentoo-project] Comrel Improvements: Expectations of Privacy

[Raymond Jennings]

On Sat, Oct 1, 2016 at 10:20 PM, Daniel Campbell <zlg@gentoo.org> wrote:
> On 10/01/2016 09:53 PM, Raymond Jennings wrote:
>> 
>> 
>>  On Sat, Oct 1, 2016 at 9:13 PM, Daniel Campbell <zlg@gentoo.org> 
>> wrote:
>>>  On 09/30/2016 05:59 PM, Rich Freeman wrote:
>>>>   [snip]
>>>> 
>>>>   1.  When information is turned over to comrel who does it get 
>>>> shared
>>>>   with, and under what circumstances?
>>> 
>>>  That information should be kept mainly to the comrel member(s) who 
>>> were
>>>  reported to. Should the issue become more serious, share it with 
>>> the
>>>  rest of comrel according to case needs (one member having a 
>>> friendship
>>>  with a given developer, or a professional background in community
>>>  management, etc).
>>> 
>>>>   2.  Do any members of the community have an obligation to 
>>>> report?  Can
>>>>   members of comrel/trustees/officers/council/etc be told 
>>>> information in
>>>>   private without it being shared back with comrel for the official
>>>>   record?
>>> 
>>>  An obligation to report will result in more reporting, some of 
>>> which
>>>  will end up being within CoC limits or merely a misunderstanding.
>>>  Encouragement might not be a bad idea, but forcing them to is just 
>>> an
>>>  easy way to make ComRel busy; I'm sure they're just as 
>>> understaffed as
>>>  the rest of Gentoo, however.
>> 
>>>>   3. Specifically, what information gets shared with people named 
>>>> in a
>>>>   dispute of some kind?
>>> 
>>>  It depends on the type of dispute. If it's happenstance in a public
>>>  medium such as the forums, bugzilla, or the ML, then the 
>>> antagonists and
>>>  their actions are known and can be shared freely.
>>> 
>>>  In short I think the privacy level of a dispute should never become
>>>  lower than the occurrence of the "crime". So if it was in PMs on 
>>> IRC, it
>>>  now concerns the ComRel member who was contacted, Party A, and 
>>> Party B.
>>>  It should only expand when one ComRel member isn't enough.
>>> 
>>>  Impactful changes to Gentoo staffing are deserving of mention, but 
>>> in
>>>  general terms, like "Foobar project no longer has a lead, election
>>>  scheduled for..."
>>> 
>>>>   4. Under what circumstances will information be shared with a
>>>>   government authority/etc?
>>> 
>>>  It's not written anywhere, but I think we owe it to our developers 
>>> to
>>>  keep private information private. Without a sufficient reasoning 
>>> and/or
>>>  legal force, imo Gentoo should not comply without overwhelming 
>>> evidence
>>>  or legitimate legal threat to its incorporation status. We should 
>>> treat
>>>  private and internal information like it's valuable and important,
>>>  because it is. If developers can't share information with the 
>>> Foundation
>>>  and/or other developers and expect it to remain at least somewhat 
>>> safe,
>>>  then it may lower morale within the Project.
>> 
>>  Would we assume that the foundation would be hiring counsel or 
>> otherwise
>>  opposing such legal threats in court?  If the foundation gets a 
>> subpoena
>>  or served with a search warrant, how much effort should the 
>> foundation
>>  put into fighting it?
>> 
> That's a good question with a possibly-messy answer. It depends; if we
> already have a lawyer on retainer or otherwise would go to bat for us
> and has an understanding of such law, then sure, hire counsel. But
> anything impacting the finances imo should go past the Foundation and
> the treasurer first. If we lack budgeting, then depending on how bad
> this request is we may ask for people to pitch in or something. I 
> doubt
> anything like that would happen, however, so the most likely case is
> subpoena for logs connected to a given IP address. If they have a 
> search
> warrant, well, not much you can do about that then, huh?
> 
> I'm not a lawyer, however, and don't know the safest approach that 
> also
> protects the Foundation's members. I just don't believe in handing
> things over when they're asked for without a damn good reason.
>>>>   5. Do subjects of comrel action generally have a "right to face 
>>>> their
>>>>   accuser?"
>>> 
>>>  If the action is impacting their developer status or 
>>> public/internal
>>>  image, I believe the accuser should be willing to attach their 
>>> name to
>>>  their accusations.
>> 
>>  +1 to this.
>> 
>>  Furthermore I believe in principle that if you aren't willing to put
>>  your ass on the line to back your accusation, then your testimony is
>>  worthless.  People are put under oath in court for a reason, and 
>> there
>>  are penalties for perjury.
> I agree up to the "penalty for perjury" part. On one hand, there 
> should
> be something that prevents people from making stuff up and generally
> just killing peoples' time, but on the other, punishing someone for it
> could result in them leaving the Foundation, possibly taking down
> important things (forums, deliberately misconfigured mailserver, etc)
> beforehand.
> 
> There needs to be a balance. Maybe once comrel and/or the Council have
> decided a matter is important, the push rights of all involved parties
> is suspended to prevent in-fighting. Could be a stupid idea, I dunno.
>> 
>>>>   6. What should be communicated about comrel actions, both 
>>>> proactively
>>>>   and when people inquire about them?
>>> 
>>>  Proactive announcements only necessary when they impact the 
>>> functioning
>>>  of Gentoo and have reason to be made public. Inquiries are a little
>>>  trickier, as we should strive for transparency internally, but keep
>>>  sensitive things from the general public.
>>> 
>>>>   I think there are a number of pros and cons to any approach we 
>>>> take,
>>>>   and it is possible for reasonable people to hold a different 
>>>> opinion
>>>>   on this topic.
>>>> 
>>>>   [snip]
>>>> 
>>>>   So, whether you think this is great or the worst drivel you've 
>>>> ever
>>>>   read, please do speak up...
>>>> 
>>>>   --
>>>>   Rich
>>>> 
>>>> 
>>>  I was wondering who would get around to writing something like 
>>> this up
>>>  ever since that conversation about it a while back. :)
>>> 
>>>  --
>>>  Daniel Campbell - Gentoo Developer
>>>  OpenPGP Key: 0x1EA055D6 @ hkp://keys.gnupg.net
>>>  fpr: AE03 9064 AE00 053C 270C  1DE4 6F7A 9091 1EA0 55D6
>> 
>>  I'd also like to note for the record that the last known version of 
>> the
>>  developer quiz features a question about devrel (now comrel, +todo
>>  update it), so whoever wrote the quiz obviously feels that a good
>>  grounding in comrel procedures.
>> 
>>  I would very much like this noted for the record, and in addition to
>>  keeping the quiz updated with whatever happens in this discussion, 
>> I'd
>>  also like the current devmanual policy (cited in the quiz as a
>>  reference) involved as a subject in this discussion...does that 
>> make sense?
> What devmanual policy are you referring to?

The one saying that you should follow this sequence:

1.  Resolve informally

2.  Consult project lead

3.  Go to devrel (now comrel) only if you can't resolve it.

Go directly to step 3 if the misconduct is intentional or habitual.

I was told by a past mentor that "comrel doesn't want to get dragged 
into every catfight"

If you need a direct citation of the devmanual section I can do some 
digging.

>> 
>>  We kinda do have documentation already, that is at the least being 
>> cited
>>  as a reference in the developer quiz...which I'm presently 
>> polishing my
>>  answers to in the wake of my pending recruitment.
>> 
>> 
> Good luck on your journey to join us. :)
> 
> --
> Daniel Campbell - Gentoo Developer
> OpenPGP Key: 0x1EA055D6 @ hkp://keys.gnupg.net
> fpr: AE03 9064 AE00 053C 270C  1DE4 6F7A 9091 1EA0 55D6
> 

Re: [gentoo-project] Comrel Improvements: Expectations of Privacy

[Raymond Jennings]

On Sat, Oct 1, 2016 at 10:36 PM, Robin H. Johnson <robbat2@gentoo.org> 
wrote:
> On Sat, Oct 01, 2016 at 09:55:31PM -0700, Raymond Jennings wrote:
>>  This is exactly why my opinion is strongly in favor of having the
>>  situation, whatever it may actually be, documented so that people 
>> who
>>  might get burned by having their stuff exposed by legal action will 
>> at
>>  least have advanced warning.
> The "protected" information in the case of forums would be limited to
> private messages, and any private user information that was not 
> exposed
> elsewhere (eg IP address, hidden email address). Everything else on 
> the
> forums is a public posting, and thus not granted any protections.
> 
> The case that really worries me is IRC private messages. There are
> generally only two parties with logs, which are likely to be the
> plaintiff and defendant previously mentioned. (Both parties have an
> interest in altering the messages). In most cases [1], the messages 
> go via
> one or more Freenode servers, which could in theory log them, and also
> complicate the privacy jurisdiction question.

Interestingly enough, a widely used "unrealircd" strongly opposes 
logging or snooping, and people get banned from their support channels 
for even asking about it.

As for the difference between taking leads and rumors, and taking hard 
testimony that can be used in a comrel case, I propose:

1.  If its an investigation, you can be informal about it

2.  If the accuser wants to open an official complaint, they in turn 
need to be prepared to testify directly to a comrel member, who 
themselves becomes responsible as I mentioned before.  The accuser must 
swear to be held responsible for the trustworthiness and accuracy of 
their testimony, and to accept getting their ass burned IF they are 
caught lying or screwing up.  Emphasis on if.

This means, that if someone is just reporting rumor or a concern, they 
don't need to worry about getting in trouble.  But the moment they want 
to make an accusation they'd better back it up with their own skin.  
And if comrel investigates and gets its own evidence, after following 
the lead of the accuser, then the accuser was probably right and 
doesn't need to worry.

> [1] IRC does have ways to directly message another person without it
> going through servers; said ways originate in file tranfers between
> parties and are much less common today.

DCC.

> --
> Robin Hugh Johnson
> Gentoo Linux: Dev, Infra Lead, Foundation Trustee & Treasurer
> E-Mail   : robbat2@gentoo.org
> GnuPG FP : 11ACBA4F 4778E3F6 E4EDF38E B27B944E 34884E85
> GnuPG FP : 7D0B3CEB E9B85B1F 825BCECF EE05E6F6 A48F6136
> 

Re: [gentoo-project] Comrel Improvements: Expectations of Privacy

[Daniel Campbell]

[-- Attachment #1.1: Type: text/plain, Size: 788 bytes --]

On 10/01/2016 10:37 PM, Raymond Jennings wrote:
> [snip]
>> What devmanual policy are you referring to?
> 
> The one saying that you should follow this sequence:
> 
> 1.  Resolve informally
> 
> 2.  Consult project lead
> 
> 3.  Go to devrel (now comrel) only if you can't resolve it.
> 
> Go directly to step 3 if the misconduct is intentional or habitual.
> 
> I was told by a past mentor that "comrel doesn't want to get dragged
> into every catfight"
> 
> If you need a direct citation of the devmanual section I can do some
> digging.
> 
Ah, okay. No citation needed, I remember that now. Thanks for clarifying.

-- 
Daniel Campbell - Gentoo Developer
OpenPGP Key: 0x1EA055D6 @ hkp://keys.gnupg.net
fpr: AE03 9064 AE00 053C 270C  1DE4 6F7A 9091 1EA0 55D6


[-- Attachment #2: OpenPGP digital signature --]
[-- Type: application/pgp-signature, Size: 801 bytes --]

Re: [gentoo-project] Comrel Improvements: Expectations of Privacy

[Matthew Thode]

I'll echo Rich's statement that my opinions are my own, not the
Trustees, also, I am not a lawyer.

Rich, I'm glad you started these, I may send one or two as well,
however, I think it'd be good to do one at a time in order to actually
have action on them.

On 09/30/2016 07:59 PM, Rich Freeman wrote:
> General Background
> This is the first in a series of threads I plan to start, each around
> some aspect of our Comrel process.  If you have a concern that isn't
> covered in this post please start a separate thread, and I do intend
> to start others.  This isn't intended to suggest that this is the ONLY
> issue that is worth discussion about Comrel.  I just expect there to
> be potentially a large amount of interest in the topic and I think
> we're better served if things are divided into somewhat-separable
> topics.
> 
> In these emails I'm speaking purely on my own behalf, and not for the
> Council/Foundation/etc.  I know these bodies have an interest in these
> topics and may very well offer official input at some time.  I really
> just want to foster open discussion so that we can air opinions before
> we actually get to setting/changing policy.
> 
> 
> The Issue
> Recently there has been some questioning of whether we have the right
> balance of privacy in Comrel disputes.  Some specific questions to be
> addressed are:
> 
> 1.  When information is turned over to comrel who does it get shared
> with, and under what circumstances?

Here I feel the current status quo is fine, info turned over to comrel
resides within comrel unless an appeal is made to council, who would
then have access.  Trustees would also have access if something legal
came up.  The one change I'd like to see (and should likely go into it's
own email) is that council (that which 'governs' comrel) should be able
to spot audit them as well.

> 2.  Do any members of the community have an obligation to report?  Can
> members of comrel/trustees/officers/council/etc be told information in
> private without it being shared back with comrel for the official
> record?

Here I feel we differ slightly, in general I agree that we should
heavily encourage devs/staff/foundation-members to report I'm not sure
how we could enforce it.  I do however think that council and even more
so trustees have a duty to report, but this is not codified anywhere.

As far as being told info in private goes, I think we can be told such
info, but if something breaches a certain level it should go to comrel
(or the appropriate party).  I don't know exactly what that level is,
but it's probably just the rules we already have in place.

> 3. Specifically, what information gets shared with people named in a
> dispute of some kind?

I think this depends on how it's reported.  If it's reported from a
third party wishing to be anonymous then I don't think they necessarily
need to know.  However, if it's first party then unless there is an
amazing reason, I don't think identities need to be hidden.

As for the information, I think each party should be able to see the
evidence, if it needs to be anonymized then that can happen as well.

> 4. Under what circumstances will information be shared with a
> government authority/etc?

When it's needed?  I don't think we need to do anything more here.

> 5. Do subjects of comrel action generally have a "right to face their
> accuser?"

No.  The reason I say this is because Gentoo is not a 'court' and we are
free to do what we want here.  I generally think it's good and perhaps
even beneficial for some sort of confrontation to happen between the
accuser and the accused, but only in so much as to solve whatever issue
is at hand.  If the accuser wants to stay out of it, that's fine.

If there is someone trying to game the system I do think that needs to
be punished harshly, as it is poison.

> 6. What should be communicated about comrel actions, both proactively
> and when people inquire about them?

If something is already public then a short note is appropriate,
otherwise a short note in private upon questioning is good.  Like you
said below, a note to the project/herd/team/whatever lead is probably
useful as well.

> 
> I think there are a number of pros and cons to any approach we take,
> and it is possible for reasonable people to hold a different opinion
> on this topic.
> 
> 
> The Current State
> As best as I understand it (and corrections are welcome), this is how
> things work today (I'm just trying to stick to the facts in this
> section):
> 
> Nobody in Gentoo has an obligation to raise issues to Comrel.  If
> somebody privately tells me that they're having a problem with
> somebody, I can offer advice/etc, or advise them to go to Comrel, but
> I'm not obligated to do so.
> 
> If somebody does go to Comrel, what they say is generally kept
> confidential from anybody not in Comrel.  So, if I were to complain to
> Comrel that ulm has been voting against too many of my Council
> proposals, Comrel might or might not even tell ulm that there was a
> complaint, and if they did they wouldn't tell him that I made the
> complaint or provide any exact copies of the complaint.
> 
> If somebody appeals a Comrel decision to the Council, then all
> information that Comrel has on the case is made available to the
> Council.
> 
> After a case is concluded, information is maintained indefinitely, and
> available to some members of Comrel.  It might be shared with all of
> Comrel if another case comes up.
> 
> While this has not happened within my knowledge, I imagine that if a
> lawsuit came up or a threat of one, any relevant information would be
> shared with the Trustees and anybody they designate.  There isn't any
> proactive monitoring by the Foundation.
> 
> In general Comrel actions are kept confidential.  A general member of
> the community (developer or otherwise) typically doesn't find out that
> there even has been a dispute, let alone the results of one.  However,
> I know there have been exceptions, including a recent one on -core.
> When significant actions like forced retirement occur non-devs on
> impacted teams may not be informed, though if they make specific
> inquiries a fairly minimal statement might be given.
> 
> 
> Discussion
> Here I'll offer my own opinions, though many are not strongly held.  I
> really want to foster discussion around the pros/cons as I don't think
> that the answers to the questions I framed are necessarily completely
> obvious.
> 
> I'll start with what I see as the largest controversy: the right of
> the accused to face their accuser.  In almost all courts this is a
> fairly universal right.  In private companies/organizations it tends
> to be much less so.  The main benefit of keeping complaints
> anonymous/private is that people will feel more free to come forward
> with complaints without fear of retaliation.  The obvious downside is
> that the accused feels the process is unfair since it is a black box
> to them, and they may be less receptive to the legitimacy of concerns,
> and indeed the anonymity might result in false claims since they're
> harder to refute.
> 
> I suspect private organizations also tend to keep this stuff
> confidential because it makes them harder to sue, and that concern
> does apply to Gentoo to some degree.
> 
> Next, mandatory reporting:  I think we ought to give serious
> consideration to it for a couple of reasons.  Companies often have
> mandatory reporting, for example if somebody were to copy me on an
> email that violates company policy around something like sexual
> content, I could be fired merely for having been sent it but not
> reporting it to HR, because I have people who report to me.  For
> positions like Trustees/Officers of the Foundation I suspect that if
> they're aware of a potential situation where Gentoo has some
> liability, they would have a fiduciary duty to act on it.  That may or
> may not apply to Council members as well.  There is another reason why
> mandatory reporting might make sense: it avoids putting people in
> leadership situations in a tricky situation where they feel like they
> have to both keep something confidential and try to deal with a
> serious problem solo, because they feel like it would be wrong to
> ignore it.  With a mandatory reporting policy then people know
> up-front that leaders are basically an extension of Comrel, and then
> once the situation is handed off to Comrel the person it was disclosed
> to can safely step away and let Comrel do its job.
> 
> Finally, when it comes to communicating outcomes of comrel actions, I
> suggest keeping the distribution minimal.  If somebody is forced to
> retire from a leadership role, then those who were a part of their
> team probably should know.  If somebody is forced to retire from a
> team then the team lead should be told.  I don't really see a ton of
> value in communicating comrel actions widely in general.  The problem
> with communicating things widely is that it makes it harder for the
> person subject to the action to re-integrate themselves into the
> community once any actions expire.  Also, there is less risk of
> liability for defamation/etc if nothing is publicly communicated.  At
> my own workplace there is really no distinction between somebody being
> fired and leaving of their own accord as far as announcements to
> coworkers and such are concerned.  Indeed, there is also usually
> little distinction between being fired for cause or because you simply
> are no longer needed when it comes to communication with the person
> being separated either.
> 
> I'll go ahead and wind this down here as it already feels a lot longer
> than I intended (perhaps the topic was still too broad, though I see
> these items as being fairly related).  Again, the goal here is to spur
> discussion and end up with policies that there is some kind of
> community backing for, whether they end up being the status quo or
> otherwise.  Ultimately whatever is decided upon should be documented
> so that when somebody contacts Comrel they know up-front what will be
> done with any information they provide, and so on.
> 
> So, whether you think this is great or the worst drivel you've ever
> read, please do speak up...
> 
> --
> Rich
> 
> 


-- 
-- Matthew Thode (prometheanfire)

Re: [gentoo-project] Comrel Improvements: Expectations of Privacy

[William L. Thomson Jr.]

[-- Attachment #1: Type: text/plain, Size: 1268 bytes --]

On Friday, September 30, 2016 8:59:15 PM EDT Rich Freeman wrote:
>
> The Issue
> Recently there has been some questioning of whether we have the right
> balance of privacy in Comrel disputes. 

Anonymous stats can be produced and released without releasing any private 
information.

Such as but not limited to the following:

# of cases brought to comrel
# of cases resolved amicably
# of warnings issued
# of cases resulting in policing action, suspension, ban, etc
# of developers kicked/booted
# of developers recruited

For each of the above, there would be another field, # of comrel members who 
voted or took part in such action. That will show if it is just individuals 
having their way, or if comrel is working as a team. May even go so far as to 
record votes, x number for, x number against for each.

There could be more, but such information is very useful. All of such will 
provide a measure of accountability. It does not reveal any sensitive 
information. This would be like annually at minimum, monthly at maximum.

This could even be produced retroactively so we could see if this had an 
impact on the project at any given point in time. I suspect that might be the 
case in the past.

-- 
William L. Thomson Jr.

[-- Attachment #2: This is a digitally signed message part. --]
[-- Type: application/pgp-signature, Size: 163 bytes --]

Re: [gentoo-project] Comrel Improvements: Expectations of Privacy

[Matthew Thode]

[-- Attachment #1.1: Type: text/plain, Size: 1432 bytes --]

On 10/03/2016 11:00 AM, William L. Thomson Jr. wrote:
> On Friday, September 30, 2016 8:59:15 PM EDT Rich Freeman wrote:
>>
>> The Issue
>> Recently there has been some questioning of whether we have the right
>> balance of privacy in Comrel disputes. 
> 
> Anonymous stats can be produced and released without releasing any private 
> information.
> 
> Such as but not limited to the following:
> 
> # of cases brought to comrel
> # of cases resolved amicably
> # of warnings issued
> # of cases resulting in policing action, suspension, ban, etc
> # of developers kicked/booted
> # of developers recruited
> 
> For each of the above, there would be another field, # of comrel members who 
> voted or took part in such action. That will show if it is just individuals 
> having their way, or if comrel is working as a team. May even go so far as to 
> record votes, x number for, x number against for each.
> 
> There could be more, but such information is very useful. All of such will 
> provide a measure of accountability. It does not reveal any sensitive 
> information. This would be like annually at minimum, monthly at maximum.
> 
> This could even be produced retroactively so we could see if this had an 
> impact on the project at any given point in time. I suspect that might be the 
> case in the past.
> 

These do seem like useful stats.

-- 
-- Matthew Thode (prometheanfire)


[-- Attachment #2: OpenPGP digital signature --]
[-- Type: application/pgp-signature, Size: 801 bytes --]

Re: [gentoo-project] Comrel Improvements: Expectations of Privacy

[Rich Freeman]

On Mon, Oct 3, 2016 at 12:00 PM, William L. Thomson Jr.
<wlt-ml@o-sinc.com> wrote:
>
> Anonymous stats can be produced and released without releasing any private
> information.
>
> Such as but not limited to the following:
>
> # of cases brought to comrel
> # of cases resolved amicably
> # of warnings issued
> # of cases resulting in policing action, suspension, ban, etc
> # of developers kicked/booted

Not a bad idea.

> # of developers recruited

Comrel doesn't recruit developers, so this is a bit meaningless.

>
> For each of the above, there would be another field, # of comrel members who
> voted or took part in such action. That will show if it is just individuals
> having their way, or if comrel is working as a team. May even go so far as to
> record votes, x number for, x number against for each.
>

Somebody on Comrel could comment further, but I don't think they take
any action without a majority vote from their members, and
non-responses are effectively no votes (which might result in some
decisions dragging on).  So, that would mean that every action
involves a majority of their membership.

But, if this isn't the case it could also be a useful metric.  My
sense is that Comrel doesn't actually resolve that many cases.

-- 
Rich

Re: [gentoo-project] Comrel Improvements: Expectations of Privacy

[Andreas K. Huettel]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Am Montag, 3. Oktober 2016, 18:00:59 schrieb William L. Thomson Jr.:
> On Friday, September 30, 2016 8:59:15 PM EDT Rich Freeman wrote:
> > The Issue
> > Recently there has been some questioning of whether we have the right
> > balance of privacy in Comrel disputes.
> 
> Anonymous stats can be produced and released without releasing any private
> information.
> 

OK here's some stats:

I became Comrel lead in September 2014 (ca 2 years ago). Since then, i.e. for 
the duration of 2 years, there were (the numbers are from memory / estimated):

* cases where a full comrel vote about disciplinary action was held: 2

* cases where comrel got involved in recruiting: 1 (hi there)

* cases where a short penalty according to the code of conduct rules was 
handed out (requires 2 team members to agree): ~ 5-10
(I.e., 48h bugzilla ban or 7day mailing list ban.)

* cases where someone had a chat ("this wasn't so great, please think about 
doing it better next time") or sent an e-mail: ~ 10-15, maybe more

* cases where someone was shouting for comrel to intervene: far too many
(Somehow the ability of people to solve interpersonal problems on their own 
seems to get lost. Also, this is a really good point why teams should have an 
active team lead- who is the first point of contact and knows the involved 
persons better.)

- -- 

Andreas K. Huettel
Gentoo Linux developer 
dilfridge@gentoo.org
http://www.akhuettel.de/

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2

iQJ8BAEBCgBmBQJX8pA3XxSAAAAAAC4AKGlzc3Vlci1mcHJAbm90YXRpb25zLm9w
ZW5wZ3AuZmlmdGhob3JzZW1hbi5uZXRDMjhGQ0IwRjdCRUQxMzdBQUNCMDJEODlB
NDRDRjM3M0U3RUU5OUU0AAoJEKRM83Pn7pnkOoMP/2INn4Sv0NZahtH+by8Xpcxs
nN84tPxh4b9aGbwrG1zeZvuCWc3XyXNsXH17jvPSuCZyuH+47YUU4+ZRkerMrBri
GB8nOliH+QAto/lpku0scyfYFtP8RwXfzgEPliyPV/Z7LN1jL14V2F0Ya46+g9On
i2YgpIlksv7vdF6BGDIKjnczrObaFvgtipob70V9NyNvkBSUxZGVxs9zDFgnot0A
P7uF58k9GFOhV5cABW1McoEtWelt3FPY9Svy6DNH9mtX/sLmOkcjlHU66JOhOtuu
E6g5s8PNQ4j5h6TkKuAVDZQeq0f3/gUw632H+yZ7FwvTBoSnrx/IuL8a2Ly/ToTn
HcP1xqV9VZUrFiMvJ1Srg1QaLUhLa51tM13fbkg7PJONccdV4cuom7lAcdBbgTEn
nSvfW1peijN34YcvLYMkQDlMoIU79rj8VpPgnAQEJz/1y2tULXuG63rHItiAnnkW
6Oar6OpRu/drIHbmKg/zBYoAKuNzdsZJE+fCbl99PQ4XknrkifDa+80scMmKGPdT
UWw5mGcbqS0zpCjSuTxWtuOjNMf9nYm99xTL5Pdk/UWY5czVwKKcFPHPn1uT5wkH
Dqwz6k5Dpja0SQYkhuD57bOV0cQBhoS94WUbNf6Hbcny79OxTayIUSsuLabwu15a
xx5n/lPJKFZQ2wq3k9pE
=QU+s
-----END PGP SIGNATURE-----

Re: [gentoo-project] Comrel Improvements: Expectations of Privacy

[William L. Thomson Jr.]

[-- Attachment #1: Type: text/plain, Size: 2098 bytes --]

On Monday, October 3, 2016 12:16:47 PM EDT Rich Freeman wrote:
>
> > # of developers recruited
> 
> Comrel doesn't recruit developers, so this is a bit meaningless.

They are related projects, both under the same Community Resources project. 3 
of 5 recruiters are members of comrel. 
https://wiki.gentoo.org/wiki/Project:ComRes

The number of new developers is very important relating to the number that may 
have been driven away, either kicked out, or like me motivated to retired/
resign. Or had action taken against them.

If say comrel took action against 5 in a year, and say 10 were recruited. That 
is bad stats for Gentoo as a whole. If more are being effected by comrel than 
recruited in a year even worse. Again that is very important information to 
know.
 
> Somebody on Comrel could comment further, but I don't think they take
> any action without a majority vote from their members, and
> non-responses are effectively no votes (which might result in some
> decisions dragging on).  So, that would mean that every action
> involves a majority of their membership.

They already have. It is where I found out that you have to REQUEST a vote 
from all members of comrel. Which implies that any one can act without a vote 
from all. I have never read this before and I just learned about it with this 
post.

"As also documented there, if you disagree you can request a full comrel team 
vote. "
https://archives.gentoo.org/gentoo-project/message/
ba54d01631cb6d299d11007998fd5a34

Even more interesting, it say as documented there, referencing my bug. I think 
that is hardly the place for official information on comrel. With regard to 
requesting a vote from all members.

> But, if this isn't the case it could also be a useful metric.  My
> sense is that Comrel doesn't actually resolve that many cases.

That has been my main point since 2008. An entity that should resolve 
problems, instead creates them, and makes them much bigger and worse. That is 
my assumption, but facts can show one way or another. I hope I am wrong, but 
if I am right...

-- 
William L. Thomson Jr.

[-- Attachment #2: This is a digitally signed message part. --]
[-- Type: application/pgp-signature, Size: 163 bytes --]

Re: [gentoo-project] Comrel Improvements: Expectations of Privacy

[Rich Freeman]

On Mon, Oct 3, 2016 at 1:34 PM, William L. Thomson Jr.
<wlt-ml@o-sinc.com> wrote:
> On Monday, October 3, 2016 12:16:47 PM EDT Rich Freeman wrote:
>>
>> > # of developers recruited
>>
>> Comrel doesn't recruit developers, so this is a bit meaningless.
>
> They are related projects, both under the same Community Resources project. 3
> of 5 recruiters are members of comrel.
> https://wiki.gentoo.org/wiki/Project:ComRes
>
> The number of new developers is very important relating to the number that may
> have been driven away, either kicked out, or like me motivated to retired/
> resign. Or had action taken against them.
>
> If say comrel took action against 5 in a year, and say 10 were recruited. That
> is bad stats for Gentoo as a whole. If more are being effected by comrel than
> recruited in a year even worse. Again that is very important information to
> know.

This assumes that what is good for Gentoo is more developers, and what
is bad for Gentoo is less developers.

By that argument we shouldn't have Comrel at all, and we should give
dev access to anybody who asks for it.

The criteria Comrel should be judged on is whether it is correctly
apply the Code of Conduct.

While I certainly would prefer to see developers change their behavior
than see them be kicked out, I'd rather see them be kicked out than
see them continue their previous behavior if it is egregious.

>> But, if this isn't the case it could also be a useful metric.  My
>> sense is that Comrel doesn't actually resolve that many cases.
>
> That has been my main point since 2008. An entity that should resolve
> problems, instead creates them, and makes them much bigger and worse. That is
> my assumption, but facts can show one way or another. I hope I am wrong, but
> if I am right...
>

By the time Comrel steps in a problem already exists.

And by resolving I meant driving to a conclusion.  Ideally that
conclusion is that people are behaving nicely.  However, a situation
where somebody who does not demonstrate a change in behavior is
removed is a resolution.

-- 
Rich

Re: [gentoo-project] Comrel Improvements: Expectations of Privacy

[Raymond Jennings]

On Mon, Oct 3, 2016 at 10:49 AM, Rich Freeman <rich0@gentoo.org> wrote:
> On Mon, Oct 3, 2016 at 1:34 PM, William L. Thomson Jr.
> <wlt-ml@o-sinc.com> wrote:
>>  On Monday, October 3, 2016 12:16:47 PM EDT Rich Freeman wrote:
>>> 
>>>  > # of developers recruited
>>> 
>>>  Comrel doesn't recruit developers, so this is a bit meaningless.
>> 
>>  They are related projects, both under the same Community Resources 
>> project. 3
>>  of 5 recruiters are members of comrel.
>>  https://wiki.gentoo.org/wiki/Project:ComRes
>> 
>>  The number of new developers is very important relating to the 
>> number that
>>  may
>>  have been driven away, either kicked out, or like me motivated to 
>> retired/
>>  resign. Or had action taken against them.
>> 
>>  If say comrel took action against 5 in a year, and say 10 were 
>> recruited. That
>>  is bad stats for Gentoo as a whole. If more are being effected by 
>> comrel than
>>  recruited in a year even worse. Again that is very important 
>> information to
>>  know.
> 
> This assumes that what is good for Gentoo is more developers, and what
> is bad for Gentoo is less developers.
> 
> By that argument we shouldn't have Comrel at all, and we should give
> dev access to anybody who asks for it.
> 
> The criteria Comrel should be judged on is whether it is correctly
> apply the Code of Conduct.
> 
> While I certainly would prefer to see developers change their behavior
> than see them be kicked out, I'd rather see them be kicked out than
> see them continue their previous behavior if it is egregious.

I see a good opportunity to make an analogy here.

Gentoo is a strawberry field that makes strawberry jam.

Developers are the plants.

Users are the happy customers of the field who put strawberry jam on 
their toast every morning when they use a gentoo system.

Recruiters are the guys who go to the seed market, sift through the 
supplies, and find the best, healthiest seeds to plant in the field.  
They are the farmers.

Comrel is the undertaker that applies pesticides and if necessary 
uproots bad plants.

Now, I think both roles are important.  However, for the field to grow, 
there must, by sheer mathematical logic, be more strawberries being 
planted than strawberries being uprooted.

Comrel can, and must, continue to weed out bad developers who are 
hurting the project with toxic behavior.  The users who are eating 
their toast in the morning don't want rotten berries in their jam.

However, if there's a shortage of jam (bugs being neglected, new 
packages being sluggish on uptake) then we need more developers to 
handle the workload.  And if the strawberry field is thin, we need more 
farmers (recruiters) to plant more strawberries.

Considering we have only 5 recruiters, 3 of which were cited as also 
being comrel members...I have a hunch we have a manpower issue, and we 
should get more recruiters.  As a developer-in-the-making myself I've 
felt the frustration this has caused.  I personally do not think 5 
recruiters is enough, especially if 3 of them have a conflict of duty 
where their time is divided with comrel tasks instead of recruiting. My 
personal opinion is that, barring the synergy of having a person 
skilled in both, that members of comrel should not also be members of 
recruiters unless their dual posting is accounted for in terms of a 
manpower census.

>>>  But, if this isn't the case it could also be a useful metric.  My
>>>  sense is that Comrel doesn't actually resolve that many cases.
>> 
>>  That has been my main point since 2008. An entity that should 
>> resolve
>>  problems, instead creates them, and makes them much bigger and 
>> worse. That is
>>  my assumption, but facts can show one way or another. I hope I am 
>> wrong, but
>>  if I am right...

As I cited, I don't think that comrel is causing a problem on its own.  
As long as the people comrel ejects are indeed bad developers, they 
need to go anyway.

The gentoo farm may have a shortage of jam, but just like Applejack's 
cider from Sweet Apple Acres, there's a reputation of quality that has 
to be preserved at pretty much all costs.  Taking shortcuts by easing 
comrel off its human resources QA task is not the right answer.

If comrel is weeding out good developers though, that IS a problem.

No, I don't know if this is actually the case

> By the time Comrel steps in a problem already exists.
> 
> And by resolving I meant driving to a conclusion.  Ideally that
> conclusion is that people are behaving nicely.  However, a situation
> where somebody who does not demonstrate a change in behavior is
> removed is a resolution.
> 
> --
> Rich
> 

Re: [gentoo-project] Comrel Improvements: Expectations of Privacy

[Rich Freeman]

On Mon, Oct 3, 2016 at 2:05 PM, Raymond Jennings <shentino@gmail.com> wrote:
>
> Considering we have only 5 recruiters, 3 of which were cited as also being
> comrel members...I have a hunch we have a manpower issue, and we should get
> more recruiters.  As a developer-in-the-making myself I've felt the
> frustration this has caused.  I personally do not think 5 recruiters is
> enough, especially if 3 of them have a conflict of duty where their time is
> divided with comrel tasks instead of recruiting. My personal opinion is
> that, barring the synergy of having a person skilled in both, that members
> of comrel should not also be members of recruiters unless their dual posting
> is accounted for in terms of a manpower census.
>

Keep in mind that this could just as easily result in only having 2
recruiters as it could result in having 5 fully-dedicated recruiters.

That's the thing with volunteer organizations.  You can only tell
people that they aren't allowed to do something.  You can't really
force them to work on what you consider the highest priority.

There are a LOT of vital roles in Gentoo that are understaffed.  And
yet there are a lot of developers who work on completely unrelated
things that perhaps aren't as vital.  The problem is we can't just
treat them as fungible resources that can be reassigned.

>
> If comrel is weeding out good developers though, that IS a problem.
>
> No, I don't know if this is actually the case
>

I don't think anybody has an argument with this.

-- 
Rich

Re: [gentoo-project] Comrel Improvements: Expectations of Privacy

[William L. Thomson Jr.]

[-- Attachment #1: Type: text/plain, Size: 4641 bytes --]

On Monday, October 3, 2016 1:49:47 PM EDT Rich Freeman wrote:
> 
> This assumes that what is good for Gentoo is more developers, and what
> is bad for Gentoo is less developers.

Is the amount of open source software increasing or decreasing?

Just about every aspect of Gentoo is lacking manpower. I am not aware of any 
part of Gentoo that is over staffed. You cannot always pick the ideal person 
to get involved, with the perfect personality and skills. At some point Gentoo 
as a project needs to learn to work with what it has, good or bad, for the 
good of it all.
 
> By that argument we shouldn't have Comrel at all, and we should give
> dev access to anybody who asks for it.

That is closer to how Gentoo started. It would be interesting to see when 
comrel/devrel came into existence and the impact on the project since then. 
Devrel/comrel was not present when Gentoo first started as a project. It came 
about later on.

> The criteria Comrel should be judged on is whether it is correctly
> apply the Code of Conduct.

Gentoo is a technical project, not a social one. Social conduct should not 
hold back development. Social conflict is inevitable in technology not to 
mention international development with different cultures, language 
translations etc.

Tech is known for people who do not act right or nicely. I have never heard 
anyone say Bill Gates, Steve Jobs, Mark Zuckerburg, Larry Ellison and many 
others were nice guys... Many were known if not famous for not being nice 
guys... You need strong personalities and at times brute force to get things 
done.

Darwin is not about being nice but surviving.  Gentoo's goal should not be the 
most peaceful distro or development process. It should be to have the latest 
of all software, which means there will be conflicts, at the technical level 
and otherwise.

If adherence to a CoC makes Gentoo suffer in any way technically. Then it 
should be modified to suit the technical direction, not social.

> While I certainly would prefer to see developers change their behavior
> than see them be kicked out, I'd rather see them be kicked out than
> see them continue their previous behavior if it is egregious.

There is more to it than just kicked out. There are those like me who are 
motivated to lose interest. I believe many more have voluntarily left the 
project as I did, than were kicked out.

Losing developers and talent will never be good for Gentoo. Not unless they 
are replaced with another or two or more. Thus far that is not the case. Most 
developers lost are not replaced.

I am ok with comrel/recruiting driving people away either by force or 
motivation. But either way they should be replacing them, yet make no effort 
to do such.

> By the time Comrel steps in a problem already exists.

Not always, but do we have facts to go on?

At least in my case in 2008, the problem was resolved and ended before devrel 
sought to take action. If they did not then, none of this would have existed.

I was banned from posting to -nfp. I made 1 post after that ban. I could have 
posted much more. I stopped, the problem ended. Days later devrel decided I 
needed to be suspended for 15 days for the 1 post. Despite nothing after that 
post and the matter having ended. They got involved when they needed not, took 
action beyond what they needed to resolve the issue, and the result has 
created a problem spanning ~8 years.
 
Same in 2015. I was proceeding with jlec, till others decided they need to 
participate and cause problems rather than be helpful.

> And by resolving I meant driving to a conclusion.  Ideally that
> conclusion is that people are behaving nicely.  However, a situation
> where somebody who does not demonstrate a change in behavior is
> removed is a resolution.

You cannot control peoples behavior. This is a volunteer project. The main 
goal is to continue to attract volunteers and keep the project moving forward 
technically.

If you seek harmony in this process. You are seeking something that will never 
be obtained, and the process of achieving such harmony will have its own 
consequences. Which could potentially effect things as a whole much worse than 
the original problem.

That has been the case with me. The problem created by devrel/comrel has set 
back Gentoo Java over 8 years, and also hurt the foundation regarding its IRS 
status. Neither is good for Gentoo. For any harm I may have brought to Gentoo 
since 2008. What if I brought more good than bad?

None the less, bad will always be there, Gentoo needs all the good, 
developers, manpower, and contributions it can get.

-- 
William L. Thomson Jr.

[-- Attachment #2: This is a digitally signed message part. --]
[-- Type: application/pgp-signature, Size: 163 bytes --]

Re: [gentoo-project] Comrel Improvements: Expectations of Privacy

[Raymond Jennings]

On Mon, Oct 3, 2016 at 11:15 AM, Rich Freeman <rich0@gentoo.org> wrote:
> On Mon, Oct 3, 2016 at 2:05 PM, Raymond Jennings <shentino@gmail.com> 
> wrote:
>> 
>>  Considering we have only 5 recruiters, 3 of which were cited as 
>> also being
>>  comrel members...I have a hunch we have a manpower issue, and we 
>> should get
>>  more recruiters.  As a developer-in-the-making myself I've felt the
>>  frustration this has caused.  I personally do not think 5 
>> recruiters is
>>  enough, especially if 3 of them have a conflict of duty where their 
>> time is
>>  divided with comrel tasks instead of recruiting. My personal 
>> opinion is
>>  that, barring the synergy of having a person skilled in both, that 
>> members
>>  of comrel should not also be members of recruiters unless their 
>> dual posting
>>  is accounted for in terms of a manpower census.
>> 
> 
> Keep in mind that this could just as easily result in only having 2
> recruiters as it could result in having 5 fully-dedicated recruiters.

I don't have a problem with recruiters having comrel duties or vice 
versa.  Just with them being counted as full members of both in terms 
of manpower audits.

> That's the thing with volunteer organizations.  You can only tell
> people that they aren't allowed to do something.  You can't really
> force them to work on what you consider the highest priority.
> 
> There are a LOT of vital roles in Gentoo that are understaffed.  And
> yet there are a lot of developers who work on completely unrelated
> things that perhaps aren't as vital.  The problem is we can't just
> treat them as fungible resources that can be reassigned.

Maybe not, but it might be a good idea to have recruiting drives in 
those areas.  Advertise "help wanted here", perhaps even in the 
recruiting department itself.

And on that note, is there more to the task than just running a recruit 
through the quizzes and checking off that they understand gentoo?

>>  If comrel is weeding out good developers though, that IS a problem.
>> 
>>  No, I don't know if this is actually the case
>> 
> 
> I don't think anybody has an argument with this.
> 
> --
> Rich
> 

Re: [gentoo-project] Comrel Improvements: Expectations of Privacy

[Raymond Jennings]

If we have manpower problems, we need more recruiters.  Ironically, 
having a manpower shortage in the recruiters project is probably a 
problem that is self aggravating.

I would like to propose that the recruiters project open the doors to 
more recruiters in training.  As far as I know they are severely 
overworked already.

No, new devs should not be forced to be recruiters, but...if anyone out 
there IS interested in being a recruiter, maybe recruiters should open 
their doors to new team members.

I can't speak for recruiters myself, but it does make sense.

Re: [gentoo-project] Comrel Improvements: Expectations of Privacy

[Rich Freeman]

On Mon, Oct 3, 2016 at 2:35 PM, Raymond Jennings <shentino@gmail.com> wrote:
>
> I would like to propose that the recruiters project open the doors to more
> recruiters in training.  As far as I know they are severely overworked
> already.
>

This was the subject of a recent email to -core in Aug.  I realize you
couldn't have read it (it really should have been sent out to
-dev-announce since it isn't sensitive in any way; -core is mainly for
things like trading phone numbers at conferences and such).

Out of politeness I won't quote it, but it basically said that there
was an interest both in people interested in joining recruiters, and
in ideas to improve the process.

-- 
Rich

Re: [gentoo-project] Comrel Improvements: Expectations of Privacy

[Raymond Jennings]

On Mon, Oct 3, 2016 at 11:16 AM, William L. Thomson Jr. 
<wlt-ml@o-sinc.com> wrote:
> I was banned from posting to -nfp. I made 1 post after that ban. I 
> could have
> posted much more. I stopped, the problem ended. Days later devrel 
> decided I
> needed to be suspended for 15 days for the 1 post. Despite nothing 
> after that
> post and the matter having ended. They got involved when they needed 
> not, took
> action beyond what they needed to resolve the issue, and the result 
> has
> created a problem spanning ~8 years.

In my personal opinion, you should have appealed your -nfp ban through 
proper channels.  Evading a posting ban of any sort is a serious 
offense.  I've learned the hard way elsewhere that whether you are 
banned fairly or not, defying the ban is an automatic wrong.

Its like getting kicked out of a sports bar for a totally bullshit 
reason, like being a fan of the wrong sports team or whatever.  But no 
matter how mean or wrong the bouncer was, its still his bar, and if you 
go back after you've been kicked out, the cops will, rightly, slap 
handcuffs on you and drag you to jail for trespassing.  The proper 
response is to contact the liquor board or the bar's owner and have the 
errant bouncer dealt with (appeal).

That said, maybe comrel was a bit too heavy handed?  I don't know.  But 
if I were a comrel member myself, your post would have at a minimum 
earned you a formal reprimand for breaching a posting ban.

A 15 day ban is a finite period of time, and also far shorter than 8 
years, so unless you're speaking of something beyond your 15 day ban 
(and you probably are), the math here isn't adding up.

> Same in 2015. I was proceeding with jlec, till others decided they 
> need to
> participate and cause problems rather than be helpful.
> 
>>  And by resolving I meant driving to a conclusion.  Ideally that
>>  conclusion is that people are behaving nicely.  However, a situation
>>  where somebody who does not demonstrate a change in behavior is
>>  removed is a resolution.
> 
> You cannot control peoples behavior. This is a volunteer project. The 
> main
> goal is to continue to attract volunteers and keep the project moving 
> forward
> technically.
> 
> If you seek harmony in this process. You are seeking something that 
> will never
> be obtained, and the process of achieving such harmony will have its 
> own
> consequences. Which could potentially effect things as a whole much 
> worse than
> the original problem.
> 
> That has been the case with me. The problem created by devrel/comrel 
> has set
> back Gentoo Java over 8 years, and also hurt the foundation regarding 
> its IRS
> status. Neither is good for Gentoo. For any harm I may have brought 
> to Gentoo
> since 2008. What if I brought more good than bad?
> 
> None the less, bad will always be there, Gentoo needs all the good,
> developers, manpower, and contributions it can get.

And this is why I'm personally advocating for more recruiters.

Re: [gentoo-project] Comrel Improvements: Expectations of Privacy

[Raymond Jennings]

On Mon, Oct 3, 2016 at 11:43 AM, Rich Freeman <rich0@gentoo.org> wrote:
> On Mon, Oct 3, 2016 at 2:35 PM, Raymond Jennings <shentino@gmail.com> 
> wrote:
>> 
>>  I would like to propose that the recruiters project open the doors 
>> to more
>>  recruiters in training.  As far as I know they are severely 
>> overworked
>>  already.
> 
> This was the subject of a recent email to -core in Aug.  I realize you
> couldn't have read it (it really should have been sent out to
> -dev-announce since it isn't sensitive in any way; -core is mainly for
> things like trading phone numbers at conferences and such).
> 
> Out of politeness I won't quote it,

I'd have reported you for a CoC violation if your quote had any 
sensitive information in it ;).

OTOH, if the email did NOT contain any sensitive information, perhaps 
you could ask the sender for consent to forward it to g-d-a?

> but it basically said that there
> was an interest both in people interested in joining recruiters, and
> in ideas to improve the process.

> --
> Rich
> 

Re: [gentoo-project] Comrel Improvements: Expectations of Privacy

[William L. Thomson Jr.]

[-- Attachment #1: Type: text/plain, Size: 2740 bytes --]

On Monday, October 3, 2016 11:35:27 AM EDT Raymond Jennings wrote:
> If we have manpower problems, we need more recruiters.  Ironically,
> having a manpower shortage in the recruiters project is probably a
> problem that is self aggravating.
> 
> I would like to propose that the recruiters project open the doors to
> more recruiters in training.  As far as I know they are severely
> overworked already.
> 
> No, new devs should not be forced to be recruiters, but...if anyone out
> there IS interested in being a recruiter, maybe recruiters should open
> their doors to new team members.
> 
> I can't speak for recruiters myself, but it does make sense.

I had many discussions about recruiting over the years with betelgeuse -
Petteri Raty, who I had worked with on the Java team.  When he was head of 
recruiting for several years. I even said if got back on I would help with 
recruiting and actively recruit people.

Things like...

"Hi So and So, my name is William, I am a Gentoo Recruiter. I see you have 
been contributing, thank you for that. Have you considered becoming a 
developer? If there is anything I can do to help you become a developer, 
please do not hesitate. Also if you do not mind, I will follow up with you 
from time to time, to see if I can help you become a developer..."

You know actively recruit people contributing rather than act as HR waiting 
for people to show. Recruiters should be aware of any regular contributor 
contributing anything of substance and seek them out. Recruiters should NEVER 
ask to see work from an active contributor. They should already be aware.

I believe part of why I have been kept out is fear of change. What people are 
likely not aware of, that was part of my demise. I had just conducted a public 
review of the Gentoo By Laws in full on the -nfp list. Some things I changed 
people did not like and contested. Like saying you cannot be a council member 
and trustee. Big changes led to others harassing me, and me stepping down to 
speak my mind, not as a Trustee. That led to my ban on -nfp, and the rest is 
known.

I was one seeking to do big things in Gentoo, causing controversy, but looking 
to make big changes and move things forward. Others knowing this once I was 
out. Sought to keep me out, to keep the status quo and resist change.

Sadly I never took the matter to the community. I assumed it was just me and 
not a larger problem effecting others. Others may not like that I took this to 
the community this time. But I have learned in this process, and heard from 
some others I never knew were effected by comrel. Its been interesting I 
should have done it years ago.

-- 
William L. Thomson Jr.

[-- Attachment #2: This is a digitally signed message part. --]
[-- Type: application/pgp-signature, Size: 163 bytes --]

Re: [gentoo-project] Comrel Improvements: Expectations of Privacy

[William L. Thomson Jr.]

[-- Attachment #1: Type: text/plain, Size: 4097 bytes --]

On Monday, October 3, 2016 11:49:19 AM EDT Raymond Jennings wrote:

> In my personal opinion, you should have appealed your -nfp ban through
> proper channels.  Evading a posting ban of any sort is a serious
> offense.  I've learned the hard way elsewhere that whether you are
> banned fairly or not, defying the ban is an automatic wrong.

It was not done correctly. I was not notified of the ban, only found out when a 
post was rejected. The ban ended up being permanent not temporary per policy. 
Not to mention it takes some nerve to ban a just resigned Trustee from a 
Foundation list. That is pretty insulting. If you look at list archives. The 
list was dead before I stirred the pot, and then I get banned. Which it ended 
up mostly dying off again.

At least in my case, devrel nor comrel has ever followed their own published 
policies. I can prove that with just about every action they took, it is fact 
not opinion.

> Its like getting kicked out of a sports bar for a totally bullshit
> reason, like being a fan of the wrong sports team or whatever.  But no
> matter how mean or wrong the bouncer was, its still his bar, and if you
> go back after you've been kicked out, the cops will, rightly, slap
> handcuffs on you and drag you to jail for trespassing.  The proper
> response is to contact the liquor board or the bar's owner and have the
> errant bouncer dealt with (appeal).

Please stop bringing up the concept of being kicked out. That was NEVER on the 
table. At no time was I at risk of being kicked out or booted.

The most I was facing was a 15 days suspension of no commits. I felt that was 
stupid, further insult after the insults to a just resigned Trustee, so I 
retired as a developer, against the recommendation and pleas from others.

There is a big difference between someone voluntarily resigning, both as a 
Trustee and Developer. Than someone being kicked/removed from the project.

> That said, maybe comrel was a bit too heavy handed?  I don't know.  But
> if I were a comrel member myself, your post would have at a minimum
> earned you a formal reprimand for breaching a posting ban.

The ban should never have been put into place. The one person who complained 
to devrel, regretted it after. Given what all devrel did, they did not want to 
see happen.

But again, you DO NOT ban a Foundation Trustee who just resigned from a 
foundation mailing list. You can go see my posts, they were not that bad. Also 
no action was taken against those harassing me. Because they were members of 
devrel....

Members of devrel provoked me, caused me to get out of line, then took action 
after.

> A 15 day ban is a finite period of time, and also far shorter than 8
> years, so unless you're speaking of something beyond your 15 day ban
> (and you probably are), the math here isn't adding up.

I objected to the 15 day ban. I gave them a choice, 15 days, or I can just 
resign. That was their choice just as much as mine. But ask yourself why the 
15 days? For 1 post? Does that really make sense?

But all that is in the past and moot. What is the end result? Java not moving 
forward on Gentoo since ~2008-2010, and not having all filings in order with 
the IRS. Those are 2 major issues.

Even if the action against me was 100% justified, which it was not. The harm 
done to Gentoo is substantially grater than any harm they were seeking to 
protect Gentoo from. Many of those involved have moved on, while Gentoo 
suffers and I remain. The logic?

> And this is why I'm personally advocating for more recruiters.

They are the gate keepers. They do not want more, its been this way for years.

It is like going to Congress and having them pass terms and limits on 
themselves. If will never happen. Also while Council and Trustees are elected, 
Comrel/recruiting is not, and has no term limit. They can serve indefinitely, 
with little new blood, and tainting any new blood with past events.

If nothing else, its likely both comrel and recruiting should be cycled out 
every so often. To ensure a clean slate, fresh views, etc.

-- 
William L. Thomson Jr.

[-- Attachment #2: This is a digitally signed message part. --]
[-- Type: application/pgp-signature, Size: 163 bytes --]

Re: [gentoo-project] Comrel Improvements: Expectations of Privacy

[Rich Freeman]

On Mon, Oct 3, 2016 at 2:55 PM, William L. Thomson Jr.
<wlt-ml@o-sinc.com> wrote:
>
> I believe part of why I have been kept out is fear of change. What people are
> likely not aware of, that was part of my demise. I had just conducted a public
> review of the Gentoo By Laws in full on the -nfp list. Some things I changed
> people did not like and contested. Like saying YOU CANNOT BE A COUNCIL MEMBER
> AND TRUSTEE. Big changes led to others harassing me, and me stepping down to
> speak my mind, not as a Trustee. That led to my ban on -nfp, and the rest is
> known.
>

(EMPHASIS MINE)

I don't know all the events that led to your departure.  However, I
doubt it was because of things like this.

I'm not sure which side on this debate you took.

If you took the side that this should be policy, then that is in fact
what is policy today, so it could have hardly been a tiny minority
opinion likely to get you persecuted.

If you took the side that this should not be policy, then that is a
position I've been a fairly vocal advocate of myself, and while my
sense is that I'm in the minority, it hasn't caused me any trouble,
nor has it made it impossible for me to be elected to Trustees or to
Council (and I remain a Foundation officer today).  Heck, I wrote an
overly-long blog post on the topic which is still up there for anybody
who cares to read it.  I'm sure there are running debates on
-project/-nfp from the same timeframe in the archives.

I wouldn't try to use my position to change the policy unless I had
more assurance that this was in fact a majority opinion, but I
certainly don't hesitate to bring up arguments when the issue comes up
and try to persuade others.  As the code of conduct states:
Respectfully disagree with or challenge other members.  When I was
elected to Council I stepped down as a Trustee, and I had warned the
Trustees in advance that it was my intention to do so if elected so
that they could prepare, and of course I'm always willing to try to
help out with the Foundation when I can (you don't need to be a
Trustee to contribute to the Foundation).

Certainly this isn't the only opinion I've raised that is a minority
opinion around here.  (Let's not talk about what I run as pid 1.)
Gentoo is actually a fairly diverse place, and this is one of the
reasons we need a code of conduct in the first place.

-- 
Rich

Re: [gentoo-project] Comrel Improvements: Expectations of Privacy

[Raymond Jennings]

On Mon, Oct 3, 2016 at 12:12 PM, William L. Thomson Jr. 
<wlt-ml@o-sinc.com> wrote:
> On Monday, October 3, 2016 11:49:19 AM EDT Raymond Jennings wrote:
> 
>>  In my personal opinion, you should have appealed your -nfp ban 
>> through
>>  proper channels.  Evading a posting ban of any sort is a serious
>>  offense.  I've learned the hard way elsewhere that whether you are
>>  banned fairly or not, defying the ban is an automatic wrong.
> 
> It was not done correctly. I was not notified of the ban, only found 
> out when a
> post was rejected. The ban ended up being permanent not temporary per 
> policy.

This is important contextual information to include.  Have you included 
this in your appeal?

> Not to mention it takes some nerve to ban a just resigned Trustee 
> from a
> Foundation list. That is pretty insulting. If you look at list 
> archives. The
> list was dead before I stirred the pot, and then I get banned. Which 
> it ended
> up mostly dying off again.
> 
> At least in my case, devrel nor comrel has ever followed their own 
> published
> policies. I can prove that with just about every action they took, it 
> is fact
> not opinion.

Then the council needs to be made aware of this.

>>  Its like getting kicked out of a sports bar for a totally bullshit
>>  reason, like being a fan of the wrong sports team or whatever.  But 
>> no
>>  matter how mean or wrong the bouncer was, its still his bar, and if 
>> you
>>  go back after you've been kicked out, the cops will, rightly, slap
>>  handcuffs on you and drag you to jail for trespassing.  The proper
>>  response is to contact the liquor board or the bar's owner and have 
>> the
>>  errant bouncer dealt with (appeal).
> 
> Please stop bringing up the concept of being kicked out. That was 
> NEVER on the
> table. At no time was I at risk of being kicked out or booted.

I meant kicked out of the nfp list.  Sorry for not being specific :P

> The most I was facing was a 15 days suspension of no commits. I felt 
> that was
> stupid, further insult after the insults to a just resigned Trustee, 
> so I
> retired as a developer, against the recommendation and pleas from 
> others.
> 
> There is a big difference between someone voluntarily resigning, both 
> as a
> Trustee and Developer. Than someone being kicked/removed from the 
> project.
> 
>>  That said, maybe comrel was a bit too heavy handed?  I don't know.  
>> But
>>  if I were a comrel member myself, your post would have at a minimum
>>  earned you a formal reprimand for breaching a posting ban.
> 
> The ban should never have been put into place. The one person who 
> complained
> to devrel, regretted it after. Given what all devrel did, they did 
> not want to
> see happen.

Since you have now included the context (that you were never notified 
of the ban), you were apparently the victim of bad communcation that 
accidentally set you up for a suspension you didn't actually earn.

With this in mind, I fully support an appeal!

> But again, you DO NOT ban a Foundation Trustee who just resigned from 
> a
> foundation mailing list. You can go see my posts, they were not that 
> bad. Also
> no action was taken against those harassing me. Because they were 
> members of
> devrel....
> 
> Members of devrel provoked me, caused me to get out of line, then 
> took action
> after.
> 
>>  A 15 day ban is a finite period of time, and also far shorter than 8
>>  years, so unless you're speaking of something beyond your 15 day ban
>>  (and you probably are), the math here isn't adding up.
> 
> I objected to the 15 day ban. I gave them a choice, 15 days, or I can 
> just
> resign. That was their choice just as much as mine. But ask yourself 
> why the
> 15 days? For 1 post? Does that really make sense?

Not if you were never notified of your ban from nfp in the first place. 
 That turns this from a ban dodge to a simple accident.

Have you pointed this out in an appeal?

> But all that is in the past and moot. What is the end result? Java 
> not moving
> forward on Gentoo since ~2008-2010, and not having all filings in 
> order with
> the IRS. Those are 2 major issues.
> 
> Even if the action against me was 100% justified, which it was not. 
> The harm
> done to Gentoo is substantially grater than any harm they were 
> seeking to
> protect Gentoo from. Many of those involved have moved on, while 
> Gentoo
> suffers and I remain. The logic?
> 
>>  And this is why I'm personally advocating for more recruiters.
> 
> They are the gate keepers. They do not want more, its been this way 
> for years.
> 
> It is like going to Congress and having them pass terms and limits on
> themselves. If will never happen. Also while Council and Trustees are 
> elected,
> Comrel/recruiting is not, and has no term limit. They can serve 
> indefinitely,
> with little new blood, and tainting any new blood with past events.
> 
> If nothing else, its likely both comrel and recruiting should be 
> cycled out
> every so often. To ensure a clean slate, fresh views, etc.
> 
> --
> William L. Thomson Jr.

Re: [gentoo-project] Comrel Improvements: Expectations of Privacy

[William L. Thomson Jr.]

[-- Attachment #1: Type: text/plain, Size: 4388 bytes --]

On Monday, October 3, 2016 12:17:50 PM EDT Raymond Jennings wrote:
>
> This is important contextual information to include.  Have you included
> this in your appeal?

I have never appealed anything.  What I would appeal has never been clear.

Other than appealing the 15 day ban. Which at the time enough noise was made 
on -core, and else where. Despite devrel's inability to deescalate the matter. 
It was within my power to just end the matter by going away, which I did. Thus 
no appealing the 15 day suspension. Though the appeal process may have taken 
15 days or more, so what would have been the point?

Since the 15 days suspension it is not clear what I would be appealing to the 
council. Would I be I appealing a decision of all of comrel/recruiting or from 
a single member? 

How does that work after appeal? Say I win, if comrel/recruiting already does 
not like me. Having council say you must do this is not likely to make that 
any better. Then what if comrel wants to come after me afterward?

I believe the appeal process is half baked, maybe a good concept but in 
reality how does it work, after the fact? If a appeal is denied no problem, 
but otherwise, problems...

> Then the council needs to be made aware of this.

It likely should have made the council and others aware. But keep something in 
mind comrel frequently disregards. I did not want to escalate this matter. I 
did not want to make it bigger than it was, and get any others involved. There 
is lots of should have done, but I was trying to keep things to a minimum. The 
entire situation spiraled out of control. Others did not seem to be able to 
stop that, only I could by doing nothing sadly.

> I meant kicked out of the nfp list.  Sorry for not being specific :P

I wasn't even kicked off that list. I just could not post for a period of 
time. But I never knew about any of that till a post was rejected. Which is 
why I sent a single post, of outrage and insult. The nerve to take actions 
against a former trustee on the -nfp list.

See my comments, no one contacted me. I was not unruly in that post, nothing 
violating CoC. Just they did not like me posting after they tried to control 
me. I question the ban in the first place, thus every action afterward.
https://archives.gentoo.org/gentoo-nfp/message/
7ef33e6807214587fdb825bebe590887

After that post, I unsubscribed, never to post again. Good job devrel/comrel. 
I hope they go to resume the work with the IRS I was doing that is still yet 
to be done. Though Trustees have made efforts since.

> Since you have now included the context (that you were never notified
> of the ban), you were apparently the victim of bad communcation that
> accidentally set you up for a suspension you didn't actually earn.

And it continued. The ban was never removed, the 15 day suspension also was 
never removed. Even though I resigned, these things were never done right. 
Nothing was done per policy, not a single thing...

> With this in mind, I fully support an appeal!

Appeal to what? What took place in 2008 or stuff since?

I do not feel it is good use of the councils time to be dealing with such 
appeals. I do not believe such situation should ever exist. The purpose of 
comrel is to resolve matters. We should not have to rely on appeals, and I 
doubt comrel will be happy if their decisions are overturned on appeal.


> Not if you were never notified of your ban from nfp in the first place.
>  That turns this from a ban dodge to a simple accident.

It does not matter. comrel/devrel will never enforce CoC against themselves. 
If that was the case, those harassing me citing the CoC on devrel at the time 
would have had their own action.

I was not acting in a vaccum, and others were responsible for my behavior just 
as much as I was, as they were participants. To punish one side is unfair, not 
to mention going after the wrong one because others were members of devrel.

I was a trustee, if anyone has a right to post to -nfp list it was a Trustee. 
Respect should be given to past trustees, and only in VERY extreme situations 
should action be taken against a former Trustee. I was elected as a Trustee, 
devrel is not elected....

> Have you pointed this out in an appeal?

No appeal, I do not see myself ever wasting time with such. Even if I knew 
what I would be appealing specifically.

-- 
William L. Thomson Jr.

[-- Attachment #2: This is a digitally signed message part. --]
[-- Type: application/pgp-signature, Size: 163 bytes --]

Re: [gentoo-project] Comrel Improvements: Expectations of Privacy

[Raymond Jennings]

I think the fact that this post about comrel wound up stirring up angry 
hurt feelings from the past is evidence that there may have been some 
serious errors in the past.

I would at least like to see that this sort of mistake doesn't happen 
again.

William's appeal, though apparently meritorious, might be off topic to 
this general discussion about comrel policy?

Ok, so the issues I see so far

* William was apparently never notified of the ban from nfp

Solution: When someone is banned from any venue, they are notified by 
some sort of official means.  NOBODY should be surprised after the 
fact, especially if comrel intends to enforce consequences with 
suspending developer privileges in the event of a breach.

If this is not already the case, it should be.

I would propose:

- When someone has been removed or blocked or banned, and they are a 
gentoo developer, in addition to the enforcement measures, there should 
be an email sent to the developer's @gentoo address or some other means 
of communication that is registered.

- If this notification is not issued, then comrel should not suspend 
people for violating the ban if they didn't know about it.

Re: [gentoo-project] Comrel Improvements: Expectations of Privacy

[William L. Thomson Jr.]

[-- Attachment #1: Type: text/plain, Size: 3644 bytes --]

On Monday, October 3, 2016 12:57:06 PM EDT Raymond Jennings wrote:
> I think the fact that this post about comrel wound up stirring up angry
> hurt feelings from the past is evidence that there may have been some
> serious errors in the past.
> 
> I would at least like to see that this sort of mistake doesn't happen
> again.
> 
> William's appeal, though apparently meritorious, might be off topic to
> this general discussion about comrel policy?
> 
> Ok, so the issues I see so far
> 
> * William was apparently never notified of the ban from nfp
> 
> Solution: When someone is banned from any venue, they are notified by
> some sort of official means.  NOBODY should be surprised after the
> fact, especially if comrel intends to enforce consequences with
> suspending developer privileges in the event of a breach.

Per policy they are supposed to be contacted to resolve matters before any 
action is taken.

" Important
Before applying any of the following disciplinary policies, the ComRel team 
will try to discuss the problem with the offender in order to solve it in a 
more peaceful way. However, it is possible for the ComRel team to apply the 
penalty without further discussions in severe CoC violations (direct attacks, 
insults, name-calling etc)."
https://wiki.gentoo.org/wiki/Project:ComRel

They never contacted me before or after the ban on -nfp.

In 2015. I was silenced in the #comrel IRC channel. Which also goes directly 
against their own policy. As the 24 hour ban should come after contact. But 
when you are in "THEIR" channel as it was even called in the IRC logs. You are 
subject to what ever they can do within their power, policy or not.

"[00:59:36] <jmbsvicetto> wltjr: Stop spamming our channel
[00:59:39] <wltjr> I so knew better, and things were proceeding with jlec till 
he talked to someone I can only assume, since the ohters are newer
[00:59:44] <wltjr> jmbsvicetto: its NOT YOUR CHANNEL
[00:59:50] <wltjr> its a community channel, and I am still a foundation member 
fool
[01:00:00] <jmbsvicetto> If you want to stay here and wait for an answer, do 
it. But stop wasting our time
[01:00:07] <wltjr> jmbsvicetto: this belongs to the GENTOO FOUNDATION and it a 
public freenode channel and its hardly spam
[01:00:14] <wltjr> jmbsvicetto: if you don't like it, ingore it your IRC 
client should support
[01:00:19] *** Modus #gentoo-comrel +b wltjr!*@* by dilfridge
[01:03:34] <-- wltjr (~wltjr@unaffiliated/wltjr) hat #gentoo-comrel verlassen"
https://bugs.gentoo.org/attachment.cgi?id=397252

I never directly attacked, called anyone names, insults etc.  I guess fool 
could be seen as a name calling, but I can thank of many much more harsh and 
using fowl language. Though one comment implying lack of thick skin could be 
taken out of context and seen as profanity. Though I have seen far worse.

Pussified/Pussification
"pussification(noun): the state in which a society becomes less and less tough. 
This noun's originator is the famous comedian George Carlin."
http://www.urbandictionary.com/define.php?term=pussification

If you look at the reasoning for 2015, there isn't any. No clear violation of 
CoC, no mention of anything. But implies I was calling people names, and 
exploding over mailing lists. Despite the fact I have not been in any Gentoo 
mailing list in years. I could easily if I wanted like with these threads.
https://bugs.gentoo.org/show_bug.cgi?id=135927#c43

If we were talking straight CoC. Its likely members of comrel/devrel would 
have faced policing action themselves.... There were much greater policy 
violations by their own members...

-- 
William L. Thomson Jr.

[-- Attachment #2: This is a digitally signed message part. --]
[-- Type: application/pgp-signature, Size: 163 bytes --]

Re: [gentoo-project] Comrel Improvements: Expectations of Privacy

[Paweł Hajdan, Jr.]

[-- Attachment #1.1: Type: text/plain, Size: 1052 bytes --]

On 03/10/16 22:16, William L. Thomson Jr. wrote:
> [00:59:50] <wltjr> its a community channel, and I am still a foundation member 
> fool
> I never directly attacked, called anyone names, insults etc.  I guess fool 
> could be seen as a name calling, but I can thank of many much more harsh and 
> using fowl language. Though one comment implying lack of thick skin could be 
> taken out of context and seen as profanity. Though I have seen far worse.
> [...]
> If we were talking straight CoC. Its likely members of comrel/devrel would 
> have faced policing action themselves.... There were much greater policy 
> violations by their own members...

You may have a point there. I'd agree in several cases comrel/devrel
action (or lack of it) have made things worse.

I believe your technical contributions could indeed be very helpful for
Gentoo and community. However, it seems wise to pick your battles in
that case. It doesn't seem productive to contest so many things at a
time about project you're trying to join.

Paweł


[-- Attachment #2: OpenPGP digital signature --]
[-- Type: application/pgp-signature, Size: 827 bytes --]

Re: [gentoo-project] Comrel Improvements: Expectations of Privacy

[Gregory Woodbury]

[-- Attachment #1: Type: text/plain, Size: 2240 bytes --]

It has become clear that William has a problem with the way that
comrel is dealing with the existing rules. He wants the rules to
be changed, which is not a problem in and of itself, but he wants
them changed before he will actually be in a positions to get
the changes effected.

It has been said several times in several places that history
shows some "errors" occurred in dealing with William and
others. There is obviously some room for the process to be
fixed, but that it cannot and will not be changed just for this
case.  It does not make sense for the process to be changed
just because one person doesn't want to comply with the
current rules.

Were I the one applying, I would just drop any blather about history
and changing the rules immediately, and do the necessary technical
work to become a developer.  Then, once having the necessary
status, I would introduce a discussion in some appropriate forum
to get the rules changed so that future problems don't happen.

William has stated that he has a problem with the rules as they
stand, and he cannot (will not) comply with them as a matter of
principle.  That is unfortunate, as it puts the cart before the horse,
and basically says, I want to offer your this precious talent I have
for the project, but I want a special dispensation before I will deign
to give it to you.

I agree that the history of the whole affair is sordid and marks a
problem with the process. However, I know enough about group
politics to realize that one can't demand a special exemption just
so that a theoretical contribution might be made.

It has been said that William is both his best and his own worst
advocate. It is now clear that William feels that he cannot give
his talent to Gentoo until he gets his way.

William: concentrate on the process and realize that you will
not get your way until after you show that you can deal with
the structure as it stands at the moment.  It will not be until
you show that you can deal with it that you will be given an
opportunity effect a change.

While there are clear problems, this particular case is dragging
on to ridiculous extremes, and I can see that it is not going to
end well for ANYONE involved.

-- 
G.Wolfe Woodbury
redwolfe@gmail.com

[-- Attachment #2: Type: text/html, Size: 2972 bytes --]

Re: [gentoo-project] Comrel Improvements: Expectations of Privacy

[Raymond Jennings]

My personal opinion is that william's personal case is off topic in 
this discussion about comrel improvements as a whole, and in this 
thread, we should stick to whatever problems need to be fixed with 
comrel policy.

Tangling up this discussion with a side-trip into williams and his case 
is distracting from the main point of this discussion.

Yes, I think williams's points need addressed, but I do not think this 
is the proper venue for it.

That said, if williams has brought up valid concerns with current 
comrel policy (and there should be a check to make sure that his 
problems with the process at the time are not still problems now), they 
should be addressed.

I think of williams's complaints as a bug report against comrel policy, 
and should be handled accordingly.

On Mon, Oct 3, 2016 at 2:14 PM, Gregory Woodbury <redwolfe@gmail.com> 
wrote:
> It has become clear that William has a problem with the way that
> comrel is dealing with the existing rules. He wants the rules to
> be changed, which is not a problem in and of itself, but he wants
> them changed before he will actually be in a positions to get
> the changes effected.
> 
> It has been said several times in several places that history
> shows some "errors" occurred in dealing with William and
> others. There is obviously some room for the process to be
> fixed, but that it cannot and will not be changed just for this
> case.  It does not make sense for the process to be changed
> just because one person doesn't want to comply with the
> current rules.
> 
> Were I the one applying, I would just drop any blather about history
> and changing the rules immediately, and do the necessary technical
> work to become a developer.  Then, once having the necessary
> status, I would introduce a discussion in some appropriate forum
> to get the rules changed so that future problems don't happen.
> 
> William has stated that he has a problem with the rules as they
> stand, and he cannot (will not) comply with them as a matter of
> principle.  That is unfortunate, as it puts the cart before the horse,
> and basically says, I want to offer your this precious talent I have
> for the project, but I want a special dispensation before I will deign
> to give it to you.
> 
> I agree that the history of the whole affair is sordid and marks a
> problem with the process. However, I know enough about group
> politics to realize that one can't demand a special exemption just
> so that a theoretical contribution might be made.
> 
> It has been said that William is both his best and his own worst
> advocate. It is now clear that William feels that he cannot give
> his talent to Gentoo until he gets his way.
> 
> William: concentrate on the process and realize that you will
> not get your way until after you show that you can deal with
> the structure as it stands at the moment.  It will not be until
> you show that you can deal with it that you will be given an
> opportunity effect a change.
> 
> While there are clear problems, this particular case is dragging
> on to ridiculous extremes, and I can see that it is not going to
> end well for ANYONE involved.
> 
> --
> G.Wolfe Woodbury
> redwolfe@gmail.com

Re: [gentoo-project] Comrel Improvements: Expectations of Privacy

[Matthew Thode]

[-- Attachment #1.1: Type: text/plain, Size: 491 bytes --]

Just had a thought related to this that should probably be talked about.

Why doesn't wilikins log all chat and post it online?  I'll probably be
stating this a few times, but openstack does it and it works.  It may
also help for 'evidence' gathering, at least for public channels.  It
was suggested that #gentoo-chat shouldn't be logged because of stupid
stuff that goes on there, but I'd rather it be cleaned up than not
logged personally.

-- 
Matthew Thode (prometheanfire)


[-- Attachment #2: OpenPGP digital signature --]
[-- Type: application/pgp-signature, Size: 801 bytes --]

Re: [gentoo-project] Comrel Improvements: Expectations of Privacy

[NP-Hardass]

[-- Attachment #1.1: Type: text/plain, Size: 1095 bytes --]

On 10/04/2016 12:32 AM, Matthew Thode wrote:
> Just had a thought related to this that should probably be talked about.
> 
> Why doesn't wilikins log all chat and post it online?  I'll probably be
> stating this a few times, but openstack does it and it works.  It may
> also help for 'evidence' gathering, at least for public channels.  It
> was suggested that #gentoo-chat shouldn't be logged because of stupid
> stuff that goes on there, but I'd rather it be cleaned up than not
> logged personally.
> 

While I see a benefit to the proposal, I'm not sure that it addresses
the problem.  In my recent experiences, when there is an issue publicly,
there are usually enough corroborating witnesses.  Doesn't help with
PMs, which are pervasive.   There are certain situations, where I agree
we could benefit from logging, IMO, it is far from a comprehensive
solution.  If we did have a system for public logging, it'd be worth
considering the merits of opt-in vs opt-out vs mandatory logging as well
as whether the logs should be search engine indexable.

-- 
NP-Hardass


[-- Attachment #2: OpenPGP digital signature --]
[-- Type: application/pgp-signature, Size: 819 bytes --]

Re: [gentoo-project] Comrel Improvements: Expectations of Privacy

[Matthew Thode]

[-- Attachment #1.1: Type: text/plain, Size: 1372 bytes --]

On 10/03/2016 11:55 PM, NP-Hardass wrote:
> On 10/04/2016 12:32 AM, Matthew Thode wrote:
>> Just had a thought related to this that should probably be talked about.
>>
>> Why doesn't wilikins log all chat and post it online?  I'll probably be
>> stating this a few times, but openstack does it and it works.  It may
>> also help for 'evidence' gathering, at least for public channels.  It
>> was suggested that #gentoo-chat shouldn't be logged because of stupid
>> stuff that goes on there, but I'd rather it be cleaned up than not
>> logged personally.
>>
> 
> While I see a benefit to the proposal, I'm not sure that it addresses
> the problem.  In my recent experiences, when there is an issue publicly,
> there are usually enough corroborating witnesses.  Doesn't help with
> PMs, which are pervasive.   There are certain situations, where I agree
> we could benefit from logging, IMO, it is far from a comprehensive
> solution.  If we did have a system for public logging, it'd be worth
> considering the merits of opt-in vs opt-out vs mandatory logging as well
> as whether the logs should be search engine indexable.
> 

I realize it's not perfect, but it's a step in the right direction.
Also, I'd prefer if they are fully public and indexable.  A bunch of
good info is only in irc sometimes :P

-- 
-- Matthew Thode (prometheanfire)


[-- Attachment #2: OpenPGP digital signature --]
[-- Type: application/pgp-signature, Size: 801 bytes --]

Re: [gentoo-project] Comrel Improvements: Expectations of Privacy

[NP-Hardass]

[-- Attachment #1.1: Type: text/plain, Size: 3298 bytes --]

On 10/03/2016 01:07 PM, Andreas K. Huettel wrote:
> Am Montag, 3. Oktober 2016, 18:00:59 schrieb William L. Thomson Jr.:
>> On Friday, September 30, 2016 8:59:15 PM EDT Rich Freeman wrote:
>>> The Issue
>>> Recently there has been some questioning of whether we have the right
>>> balance of privacy in Comrel disputes.
> 
>> Anonymous stats can be produced and released without releasing any private
>> information.
> 
> 
> OK here's some stats:
> 
> I became Comrel lead in September 2014 (ca 2 years ago). Since then, i.e. for 
> the duration of 2 years, there were (the numbers are from memory / estimated):
> 
> * cases where a full comrel vote about disciplinary action was held: 2
> 
Not knowing how other projects fare, but 1 major incident doesn't sound
like ComRel is inundated with situations requiring heavy handed action.
> * cases where comrel got involved in recruiting: 1 (hi there)
> 
> * cases where a short penalty according to the code of conduct rules was 
> handed out (requires 2 team members to agree): ~ 5-10
> (I.e., 48h bugzilla ban or 7day mailing list ban.)
> 
Again, given our user base, a minor incident every two to four months
doesn't sound bad to me.
> * cases where someone had a chat ("this wasn't so great, please think about 
> doing it better next time") or sent an e-mail: ~ 10-15, maybe more
Same as previous statement.
> 
> * cases where someone was shouting for comrel to intervene: far too many
> (Somehow the ability of people to solve interpersonal problems on their own 
> seems to get lost. Also, this is a really good point why teams should have an 
> active team lead- who is the first point of contact and knows the involved 
> persons better.)
What degree of transparency is the reporter given at this point
regarding how their incident will (not?) be handled?  I feel like it is
probably hard for someone to assess when their situation is so far
devolved that it necessitates escalation.

Overall, I find your stats, though informal, somewhat reassuring,  Seems
that we have a fairly low incidence of action being taken and/or needing
to be taken by ComRel, which is good in the respect that it means that
they likely aren't over-acting.

On the other hand, the last section of your post makes me a little
uncomfortable.  Given my experiences with ComRel,  I wonder how many
incidents could or should have been escalated. See my previous comment
re: transparency and subsequent comment regarding status updates.

Per the previous statement in this thread about whether reporting is
mandatory, is there a way for an individual to ensure that their inquiry
to ComRel is being forwarded to the body itself rather than handled and
potentially dismissed without official reporting/escalation?  For
example, if I message a member of ComRel because I'm having some issue,
do I have any guarantee of it reaching ComRel, itself?  Additionally
(and probably more critically) is there a way for me to check on the
status (both initial and as a case is progressing)?  I would imagine
without some feedback mechanism, a person experiencing conflict that
warrants ComRel intervention might feel that their situation is being
ignored or not handled with an appropriate speed.

-- 
NP-Hardass


[-- Attachment #2: OpenPGP digital signature --]
[-- Type: application/pgp-signature, Size: 819 bytes --]

Re: [gentoo-project] Comrel Improvements: Expectations of Privacy

[Kristian Fiskerstrand]

[-- Attachment #1.1: Type: text/plain, Size: 1442 bytes --]

On 10/04/2016 06:59 AM, Matthew Thode wrote:
> On 10/03/2016 11:55 PM, NP-Hardass wrote:
>> On 10/04/2016 12:32 AM, Matthew Thode wrote:
>>> Just had a thought related to this that should probably be talked about.
>>>

..

> 
> I realize it's not perfect, but it's a step in the right direction.
> Also, I'd prefer if they are fully public and indexable.  A bunch of
> good info is only in irc sometimes :P
> 

On some level you have privacy concerns, IRC messages are quick in
nature and can be easy to read out of context, in particular if people
use it correctly as an asynchronous medium and not run around with naked
pings to establishing synchronous means.

The Freenode Channel Guidelines says: "If you are con­sid­er­ing
pub­lish­ing chan­nel logs, think it through. The freen­ode net­work is
an in­ter­ac­tive, re­al-­time en­vi­ron­ment where dis­cus­sions may be
heav­i­ly in­flu­enced by ex­ter­nal con­text. Even on pub­lic
chan­nels, most users do not weigh their com­ments with the idea that
they will be en­shrined in per­pe­tu­ity to stand on their own. For that
rea­son, few par­tic­i­pants pub­lish logs and we en­cour­age those
com­mu­ni­ties that do to make their par­tic­i­pants aware of this fact."

-- 
Kristian Fiskerstrand
OpenPGP keyblock reachable at hkp://pool.sks-keyservers.net
fpr:94CB AFDD 3034 5109 5618 35AA 0B7F 8B60 E3ED FAE3


[-- Attachment #2: OpenPGP digital signature --]
[-- Type: application/pgp-signature, Size: 455 bytes --]

Re: [gentoo-project] Comrel Improvements: Expectations of Privacy

[Rich Freeman]

On Tue, Oct 4, 2016 at 1:20 AM, NP-Hardass <NP-Hardass@gentoo.org> wrote:
> Per the previous statement in this thread about whether reporting is
> mandatory, is there a way for an individual to ensure that their inquiry
> to ComRel is being forwarded to the body itself rather than handled and
> potentially dismissed without official reporting/escalation?  For
> example, if I message a member of ComRel because I'm having some issue,
> do I have any guarantee of it reaching ComRel, itself?  Additionally
> (and probably more critically) is there a way for me to check on the
> status (both initial and as a case is progressing)?  I would imagine
> without some feedback mechanism, a person experiencing conflict that
> warrants ComRel intervention might feel that their situation is being
> ignored or not handled with an appropriate speed.

I think that this could probably be best handled with better
documentation/formalization of the engagement model, combined with
tracking.

My sense is that if you need to engage Comrel you email comrel@ (which
may not be how they're always engaged).  The question of how Council
appeals work also came up recently as we haven't had many, and we
would like to document this as well.

As far as things not falling through the cracks goes, an obvious
solution is bugzilla.  As soon as any inquiry comes in, create a bug
to track it.  By all means close it the next day if it needs to be
dismissed, but this creates some kind of record of the engagement and
makes it clear that the situation is considered resolved.  My sense is
that we're not creating bugs until situations become fairly severe,
which will of course make it easier for things to fall through the
cracks.

However, as we've seen on numerous other projects, simply creating
bugs doesn't make things actually happen.  I could easily see this
turning the Comrel queue into something resembling the amd64 stable
queue.  It would let people know where their complaints stand, but a
lot of the minor stuff would probably still end up in limbo.  This is
just my personal speculation based on what I'm hearing, Comrel could
probably comment further.

I'm not sure if having people complaining that Comrel is too
heavy-handed and also having people complain that Comrel isn't doing
enough means that we're in the Goldilocks zone.  It really seems like
one of those roles that is both vital and thankless, because people
are going to want them to take their side, and will naturally be
disappointed when they don't.  And, when people complain they really
can't publicly defend themselves because they need to maintain
privacy, avoid defamation, etc.  Hence I'm trying to frame this
discussion at a high level in terms of what the policies ought to be.
Whether Comrel is following policy is a different matter (which I'm
sure will end up in a thread at some point, but in the end people are
probably going to have to trust that somebody is doing their job
right).  The idea of anonymous stats was a good one though.

-- 
Rich

Re: [gentoo-project] Comrel Improvements: Expectations of Privacy

[Matthew Thode]

[-- Attachment #1.1: Type: text/plain, Size: 1592 bytes --]

On 10/04/2016 02:36 AM, Kristian Fiskerstrand wrote:
> On 10/04/2016 06:59 AM, Matthew Thode wrote:
>> On 10/03/2016 11:55 PM, NP-Hardass wrote:
>>> On 10/04/2016 12:32 AM, Matthew Thode wrote:
>>>> Just had a thought related to this that should probably be talked about.
>>>>
> 
> ..
> 
>>
>> I realize it's not perfect, but it's a step in the right direction.
>> Also, I'd prefer if they are fully public and indexable.  A bunch of
>> good info is only in irc sometimes :P
>>
> 
> On some level you have privacy concerns, IRC messages are quick in
> nature and can be easy to read out of context, in particular if people
> use it correctly as an asynchronous medium and not run around with naked
> pings to establishing synchronous means.
> 
> The Freenode Channel Guidelines says: "If you are con­sid­er­ing
> pub­lish­ing chan­nel logs, think it through. The freen­ode net­work is
> an in­ter­ac­tive, re­al-­time en­vi­ron­ment where dis­cus­sions may be
> heav­i­ly in­flu­enced by ex­ter­nal con­text. Even on pub­lic
> chan­nels, most users do not weigh their com­ments with the idea that
> they will be en­shrined in per­pe­tu­ity to stand on their own. For that
> rea­son, few par­tic­i­pants pub­lish logs and we en­cour­age those
> com­mu­ni­ties that do to make their par­tic­i­pants aware of this fact."
> 

I'd definitely make people aware of the fact if we did go down the
publishing route.  I mainly want the logs because they can prove useful
as well.

-- 
-- Matthew Thode (prometheanfire)


[-- Attachment #2: OpenPGP digital signature --]
[-- Type: application/pgp-signature, Size: 801 bytes --]

Re: [gentoo-project] Comrel Improvements: Expectations of Privacy

[Matthew Thode]

[-- Attachment #1.1: Type: text/plain, Size: 3390 bytes --]

On 10/04/2016 08:24 AM, Rich Freeman wrote:
> On Tue, Oct 4, 2016 at 1:20 AM, NP-Hardass <NP-Hardass@gentoo.org> wrote:
>> Per the previous statement in this thread about whether reporting is
>> mandatory, is there a way for an individual to ensure that their inquiry
>> to ComRel is being forwarded to the body itself rather than handled and
>> potentially dismissed without official reporting/escalation?  For
>> example, if I message a member of ComRel because I'm having some issue,
>> do I have any guarantee of it reaching ComRel, itself?  Additionally
>> (and probably more critically) is there a way for me to check on the
>> status (both initial and as a case is progressing)?  I would imagine
>> without some feedback mechanism, a person experiencing conflict that
>> warrants ComRel intervention might feel that their situation is being
>> ignored or not handled with an appropriate speed.
> 
> I think that this could probably be best handled with better
> documentation/formalization of the engagement model, combined with
> tracking.
> 
> My sense is that if you need to engage Comrel you email comrel@ (which
> may not be how they're always engaged).  The question of how Council
> appeals work also came up recently as we haven't had many, and we
> would like to document this as well.
> 
> As far as things not falling through the cracks goes, an obvious
> solution is bugzilla.  As soon as any inquiry comes in, create a bug
> to track it.  By all means close it the next day if it needs to be
> dismissed, but this creates some kind of record of the engagement and
> makes it clear that the situation is considered resolved.  My sense is
> that we're not creating bugs until situations become fairly severe,
> which will of course make it easier for things to fall through the
> cracks.
> 
> However, as we've seen on numerous other projects, simply creating
> bugs doesn't make things actually happen.  I could easily see this
> turning the Comrel queue into something resembling the amd64 stable
> queue.  It would let people know where their complaints stand, but a
> lot of the minor stuff would probably still end up in limbo.  This is
> just my personal speculation based on what I'm hearing, Comrel could
> probably comment further.
> 
> I'm not sure if having people complaining that Comrel is too
> heavy-handed and also having people complain that Comrel isn't doing
> enough means that we're in the Goldilocks zone.  It really seems like
> one of those roles that is both vital and thankless, because people
> are going to want them to take their side, and will naturally be
> disappointed when they don't.  And, when people complain they really
> can't publicly defend themselves because they need to maintain
> privacy, avoid defamation, etc.  Hence I'm trying to frame this
> discussion at a high level in terms of what the policies ought to be.
> Whether Comrel is following policy is a different matter (which I'm
> sure will end up in a thread at some point, but in the end people are
> probably going to have to trust that somebody is doing their job
> right).  The idea of anonymous stats was a good one though.
> 

This brings up the subject of auditablility, which I think is a great
idea, but needs to be in another thread (this is about privacy).

-- 
-- Matthew Thode (prometheanfire)


[-- Attachment #2: OpenPGP digital signature --]
[-- Type: application/pgp-signature, Size: 801 bytes --]

Re: [gentoo-project] Comrel Improvements: Expectations of Privacy

[Roy Bamford]

[-- Attachment #1: Type: text/plain, Size: 9601 bytes --]

Replying here as Matthew said a great deal of what I wanted to say. 

My opinions here are my own, not that of any formal group I may 
belong to now or have belonged to in the past.

First some ground rules.  As Gentoo is not a state, comrel is not 
a court.  As Gentoo is not an employer, comrel is not its Human
Resources either. To liken comrel to anything in the outside world 
is difficult. Probably a tribunal.  

My understanding of that is a  tribunal operates according to its 
terms of reference and makes findings. The concepts of 
"justice" and "fair". do not apply as they would in a legal system.
That's important for setting expectations in comrel users. 

Gentoo can make the comrel terms of reference anything it likes,


On 2016.10.03 05:09, Matthew Thode wrote:
> I'll echo Rich's statement that my opinions are my own, not the
> Trustees, also, I am not a lawyer.
> 
> Rich, I'm glad you started these, I may send one or two as well,
> however, I think it'd be good to do one at a time in order to actually
> have action on them.

I have a few points to bring out too but I'm pleased to let Rich 
do the orgainising and set the pace.  Thank you Rich. 

> 
> On 09/30/2016 07:59 PM, Rich Freeman wrote:
> > General Background
> > This is the first in a series of threads I plan to start, each
> around
> > some aspect of our Comrel process.  If you have a concern that isn't
> > covered in this post please start a separate thread, and I do intend
> > to start others.  This isn't intended to suggest that this is the
> ONLY
> > issue that is worth discussion about Comrel.  I just expect there to
> > be potentially a large amount of interest in the topic and I think
> > we're better served if things are divided into somewhat-separable
> > topics.
> > 
> > In these emails I'm speaking purely on my own behalf, and not for
> the
> > Council/Foundation/etc.  I know these bodies have an interest in
> these
> > topics and may very well offer official input at some time.  I
> really
> > just want to foster open discussion so that we can air opinions
> before
> > we actually get to setting/changing policy.
> > 
> > 
> > The Issue
> > Recently there has been some questioning of whether we have the
> right
> > balance of privacy in Comrel disputes.  Some specific questions to
> be
> > addressed are:
> > 
> > 1.  When information is turned over to comrel who does it get shared
> > with, and under what circumstances?
> 
> Here I feel the current status quo is fine, info turned over to comrel
> resides within comrel unless an appeal is made to council, who would
> then have access.  Trustees would also have access if something legal
> came up.  The one change I'd like to see (and should likely go into
> it's
> own email) is that council (that which 'governs' comrel) should be
> able
> to spot audit them as well.

I go a little further than "should be able to do spot audits".  At the 
moment, nobody (even council) regularly looks inside comrel. 
Gentoo has no way to be sure that comrel is still active.
Council needs take its pulse at regular intervals and cause it 
to be fixed if there is a problem.

The regular publishing of anonymous stats as has already been
demonstrated could satisfy this and provide an idea of the workload. 
Say monthly at council meetings.

Comrel is up there with the Foundation and council as projects
that cannot be permitted to suffer from neglect. 
The Foundation and council operate publicly. They would be noticed.
No so comrel.

It is essential that if anything potentially illegal came up the Trustees 
were informed by comrel so that they could take any required 
action to protect Gentoo.

Terms like illegal, criminal, etc. invite discussion about jurisdiction.
Lets not go into that here.  Essentially, if in doubt ask. The Trustees
can take legal advice. 

> 
> > 2.  Do any members of the community have an obligation to report? 
> Can
> > members of comrel/trustees/officers/council/etc be told information
> in
> > private without it being shared back with comrel for the official
> > record?
> 
> Here I feel we differ slightly, in general I agree that we should
> heavily encourage devs/staff/foundation-members to report I'm not sure
> how we could enforce it.  I do however think that council and even
> more
> so trustees have a duty to report, but this is not codified anywhere.
> 
> As far as being told info in private goes, I think we can be told such
> info, but if something breaches a certain level it should go to comrel
> (or the appropriate party).  I don't know exactly what that level is,
> but it's probably just the rules we already have in place.

Being told info in private limits its usefulness.  Its difficult to use
such information for mediation as that implicates the reporter.
Mediation always needs to be the first step in a dispute/complaint
resolution.

I have little sympathy for a complainant that will not support 
mediation. Its rare that things are so black and white.

I've seen things escalate face to face between native speakers
of the same language that were subsequently resolved as 
misunderstandings once tempers cooled. International written 
only communications are so much more difficult, where cultural 
norms and expectations differ too.

Gentoo does not have any employees, so employment legislation 
will not apply to devs. The concept of mandatory reporting goes
hand in hand with that.  That does not prevent Gentoo from 
implementing mandatory reporting.  I'm not convinced that the
benefits would be worth the extra work, there being no point in
having the reports and doing nothing.
 
> 
> > 3. Specifically, what information gets shared with people named in a
> > dispute of some kind?
> 
> I think this depends on how it's reported.  If it's reported from a
> third party wishing to be anonymous then I don't think they
> necessarily
> need to know.  However, if it's first party then unless there is an
> amazing reason, I don't think identities need to be hidden.
> 
> As for the information, I think each party should be able to see the
> evidence, if it needs to be anonymized then that can happen as well.

I support this view but realise its very difficult to anonymise some 
material without giving away the identity of the author to someone.
Its also a lot of work.

I think it depends on the level of dispute and how its resolved.
If mediation works, great.  Nothing else to do except file the record.
Mediation won't get very far until the groups are known to one 
another.   

If it becomes a matter of retirement. It would be good to think that
the accused had the opportunity to ensure the material being used
to reach the tribunals findings was complete. 

This touches on the appeal process too.  Do council review the
material provided by comrel or can they ask questions of whoever
they like? 
 
> > 4. Under what circumstances will information be shared with a
> > government authority/etc?
> 
> When it's needed?  I don't think we need to do anything more here.

With the Foundations legal team, when its needed.
With a (USA) government authority, when the Foundation is 
properly asked.

Its also possible that individual project members could be asked by 
government authorities in their own homelands.  The Foundation 
would need to know about that. Legal action brought outside the 
USA need not be directed at the Foundation.  
This brings up a discussion on liability which is off topic in this 
thread.

> 
> > 5. Do subjects of comrel action generally have a "right to face
> their
> > accuser?"
> 
> No.  The reason I say this is because Gentoo is not a 'court' and we
> are
> free to do what we want here.  I generally think it's good and perhaps
> even beneficial for some sort of confrontation to happen between the
> accuser and the accused, but only in so much as to solve whatever
> issue
> is at hand.  If the accuser wants to stay out of it, that's fine.

I don't see the value in a confrontation except possibly as the final step
in mediation where the parties share a VoIP or IRC session with the 
mediator.  The final 'shake hands and agree to differ' session if you like.

That's not the same as saying that the accuser can or should always be 
anonymous.

> If there is someone trying to game the system I do think that needs to
> be punished harshly, as it is poison.
Agreed.

> 
> > 6. What should be communicated about comrel actions, both
> proactively
> > and when people inquire about them?
> 
> If something is already public then a short note is appropriate,
> otherwise a short note in private upon questioning is good.  Like you
> said below, a note to the project/herd/team/whatever lead is probably
> useful as well.

Very much a need to know basis.  Everyone directly affected needs to 
know. That helps head off questions and cut down on speculation.
Gentoo won't be the same for them going forward. As to what they 
need to know, that will vary with the origin, resolution of the dispute 
and individual involvement.
> 
> > 
> > I think there are a number of pros and cons to any approach we take,
> > and it is possible for reasonable people to hold a different opinion
> > on this topic.
> > 
> > 
[snip good stuff from Rich]
> > 
> > --
> > Rich
> > 
> > 
> 
> 
> -- 
> -- Matthew Thode (prometheanfire)
> 



-- 
Regards,

Roy Bamford
(Neddyseagoon)





[-- Attachment #2: Type: application/pgp-signature, Size: 801 bytes --]

Re: [gentoo-project] Comrel Improvements: Expectations of Privacy

[Nick Vinson]

[-- Attachment #1.1: Type: text/plain, Size: 11493 bytes --]

On 10/04/2016 09:49 AM, Roy Bamford wrote:
> Replying here as Matthew said a great deal of what I wanted to say. 
> 
> My opinions here are my own, not that of any formal group I may 
> belong to now or have belonged to in the past.
> 
> First some ground rules.  As Gentoo is not a state, comrel is not 
> a court.  As Gentoo is not an employer, comrel is not its Human
> Resources either. To liken comrel to anything in the outside world 
> is difficult. Probably a tribunal.  
> 
> My understanding of that is a  tribunal operates according to its 
> terms of reference and makes findings. The concepts of 
> "justice" and "fair". do not apply as they would in a legal system.
> That's important for setting expectations in comrel users. 
>

I think this is the biggest problem especially if Comrel doesn't attempt
to hear from all sides of an issue first.  Now this is going a bit off
topic, but personally I'd like to see Comrel stripped of the force
retirement power.  I personally think that Comrel needs to be much more
transparent before it be allowed to punish developers that way.  One
idea I've mulled around is to restrict the retirement punishment to the
council only that way should Comrel feel such an action needs to be
taken, it must notify the Council before that action is taken.  In my
opinion, it would go a long way to respecting such unfortunate decisions
when they have to be made.


> Gentoo can make the comrel terms of reference anything it likes,
> 
> 
> On 2016.10.03 05:09, Matthew Thode wrote:
>> I'll echo Rich's statement that my opinions are my own, not the
>> Trustees, also, I am not a lawyer.
>>
>> Rich, I'm glad you started these, I may send one or two as well,
>> however, I think it'd be good to do one at a time in order to actually
>> have action on them.
> 
> I have a few points to bring out too but I'm pleased to let Rich 
> do the orgainising and set the pace.  Thank you Rich. 
> 
>>
>> On 09/30/2016 07:59 PM, Rich Freeman wrote:
>>> General Background
>>> This is the first in a series of threads I plan to start, each
>> around
>>> some aspect of our Comrel process.  If you have a concern that isn't
>>> covered in this post please start a separate thread, and I do intend
>>> to start others.  This isn't intended to suggest that this is the
>> ONLY
>>> issue that is worth discussion about Comrel.  I just expect there to
>>> be potentially a large amount of interest in the topic and I think
>>> we're better served if things are divided into somewhat-separable
>>> topics.
>>>
>>> In these emails I'm speaking purely on my own behalf, and not for
>> the
>>> Council/Foundation/etc.  I know these bodies have an interest in
>> these
>>> topics and may very well offer official input at some time.  I
>> really
>>> just want to foster open discussion so that we can air opinions
>> before
>>> we actually get to setting/changing policy.
>>>
>>>
>>> The Issue
>>> Recently there has been some questioning of whether we have the
>> right
>>> balance of privacy in Comrel disputes.  Some specific questions to
>> be
>>> addressed are:
>>>
>>> 1.  When information is turned over to comrel who does it get shared
>>> with, and under what circumstances?
>>
>> Here I feel the current status quo is fine, info turned over to comrel
>> resides within comrel unless an appeal is made to council, who would
>> then have access.  Trustees would also have access if something legal
>> came up.  The one change I'd like to see (and should likely go into
>> it's
>> own email) is that council (that which 'governs' comrel) should be
>> able
>> to spot audit them as well.
> 
> I go a little further than "should be able to do spot audits".  At the 
> moment, nobody (even council) regularly looks inside comrel. 
> Gentoo has no way to be sure that comrel is still active.
> Council needs take its pulse at regular intervals and cause it 
> to be fixed if there is a problem.
> 
> The regular publishing of anonymous stats as has already been
> demonstrated could satisfy this and provide an idea of the workload. 
> Say monthly at council meetings.
> 
> Comrel is up there with the Foundation and council as projects
> that cannot be permitted to suffer from neglect. 
> The Foundation and council operate publicly. They would be noticed.
> No so comrel.
> 
> It is essential that if anything potentially illegal came up the Trustees 
> were informed by comrel so that they could take any required 
> action to protect Gentoo.
> 
> Terms like illegal, criminal, etc. invite discussion about jurisdiction.
> Lets not go into that here.  Essentially, if in doubt ask. The Trustees
> can take legal advice. 
> 

I agree with this.  I also like the idea that should such concerns come
up, whether it be and email thread, an IRC chat, or during comrel or
council debate, that the trustees be notified.  If such concerns have
any merit, I would think the trustees would have the resources to
acquire answers for those concerns.

>>
>>> 2.  Do any members of the community have an obligation to report? 
>> Can
>>> members of comrel/trustees/officers/council/etc be told information
>> in
>>> private without it being shared back with comrel for the official
>>> record?
>>
>> Here I feel we differ slightly, in general I agree that we should
>> heavily encourage devs/staff/foundation-members to report I'm not sure
>> how we could enforce it.  I do however think that council and even
>> more
>> so trustees have a duty to report, but this is not codified anywhere.
>>
>> As far as being told info in private goes, I think we can be told such
>> info, but if something breaches a certain level it should go to comrel
>> (or the appropriate party).  I don't know exactly what that level is,
>> but it's probably just the rules we already have in place.
> 
> Being told info in private limits its usefulness.  Its difficult to use
> such information for mediation as that implicates the reporter.
> Mediation always needs to be the first step in a dispute/complaint
> resolution.
> 
> I have little sympathy for a complainant that will not support 
> mediation. Its rare that things are so black and white.
> 
> I've seen things escalate face to face between native speakers
> of the same language that were subsequently resolved as 
> misunderstandings once tempers cooled. International written 
> only communications are so much more difficult, where cultural 
> norms and expectations differ too.

On that note, I wonder if a time limit on Comrel complaints would make
sense.  If you and I ended up in an heated discussion, and I file a
complaint against you, should Comrel still act on it if say six months
have gone by since I filed it and we have patched things up between
ourselves already?

> 
> Gentoo does not have any employees, so employment legislation 
> will not apply to devs. The concept of mandatory reporting goes
> hand in hand with that.  That does not prevent Gentoo from 
> implementing mandatory reporting.  I'm not convinced that the
> benefits would be worth the extra work, there being no point in
> having the reports and doing nothing.
>  
>>
>>> 3. Specifically, what information gets shared with people named in a
>>> dispute of some kind?
>>
>> I think this depends on how it's reported.  If it's reported from a
>> third party wishing to be anonymous then I don't think they
>> necessarily
>> need to know.  However, if it's first party then unless there is an
>> amazing reason, I don't think identities need to be hidden.
>>
>> As for the information, I think each party should be able to see the
>> evidence, if it needs to be anonymized then that can happen as well.
> 
> I support this view but realise its very difficult to anonymise some 
> material without giving away the identity of the author to someone.
> Its also a lot of work.
> 
> I think it depends on the level of dispute and how its resolved.
> If mediation works, great.  Nothing else to do except file the record.
> Mediation won't get very far until the groups are known to one 
> another.   
> 
> If it becomes a matter of retirement. It would be good to think that
> the accused had the opportunity to ensure the material being used
> to reach the tribunals findings was complete. 
> 
> This touches on the appeal process too.  Do council review the
> material provided by comrel or can they ask questions of whoever
> they like? 
>  

I'd argue the latter.  It's never a bad idea to try to get a complete
picture of what happened before forming a judgement about it.

>>> 4. Under what circumstances will information be shared with a
>>> government authority/etc?
>>
>> When it's needed?  I don't think we need to do anything more here.
> 
> With the Foundations legal team, when its needed.
> With a (USA) government authority, when the Foundation is 
> properly asked.
> 
> Its also possible that individual project members could be asked by 
> government authorities in their own homelands.  The Foundation 
> would need to know about that. Legal action brought outside the 
> USA need not be directed at the Foundation.  
> This brings up a discussion on liability which is off topic in this 
> thread.
> 
>>
>>> 5. Do subjects of comrel action generally have a "right to face
>> their
>>> accuser?"
>>
>> No.  The reason I say this is because Gentoo is not a 'court' and we
>> are
>> free to do what we want here.  I generally think it's good and perhaps
>> even beneficial for some sort of confrontation to happen between the
>> accuser and the accused, but only in so much as to solve whatever
>> issue
>> is at hand.  If the accuser wants to stay out of it, that's fine.
> 
> I don't see the value in a confrontation except possibly as the final step
> in mediation where the parties share a VoIP or IRC session with the 
> mediator.  The final 'shake hands and agree to differ' session if you like.
> 
> That's not the same as saying that the accuser can or should always be 
> anonymous.
> 
>> If there is someone trying to game the system I do think that needs to
>> be punished harshly, as it is poison.
> Agreed.
> 
>>
>>> 6. What should be communicated about comrel actions, both
>> proactively
>>> and when people inquire about them?
>>
>> If something is already public then a short note is appropriate,
>> otherwise a short note in private upon questioning is good.  Like you
>> said below, a note to the project/herd/team/whatever lead is probably
>> useful as well.
> 
> Very much a need to know basis.  Everyone directly affected needs to 
> know. That helps head off questions and cut down on speculation.

I agree with this.  As someone who was in this scenario, it's very
unsettling to find out a major event happened without any warning.

- Nick Vinson (username234)

> Gentoo won't be the same for them going forward. As to what they 
> need to know, that will vary with the origin, resolution of the dispute 
> and individual involvement.
>>
>>>
>>> I think there are a number of pros and cons to any approach we take,
>>> and it is possible for reasonable people to hold a different opinion
>>> on this topic.
>>>
>>>
> [snip good stuff from Rich]
>>>
>>> --
>>> Rich
>>>
>>>
>>
>>
>> -- 
>> -- Matthew Thode (prometheanfire)
>>
> 
> 
> 


[-- Attachment #2: OpenPGP digital signature --]
[-- Type: application/pgp-signature, Size: 801 bytes --]

Re: [gentoo-project] Comrel Improvements: Expectations of Privacy

[Daniel Campbell]

[-- Attachment #1.1: Type: text/plain, Size: 1985 bytes --]

On 10/03/2016 09:00 AM, William L. Thomson Jr. wrote:
> On Friday, September 30, 2016 8:59:15 PM EDT Rich Freeman wrote:
>>
>> The Issue
>> Recently there has been some questioning of whether we have the right
>> balance of privacy in Comrel disputes. 
> 
> Anonymous stats can be produced and released without releasing any private 
> information.
> 
> Such as but not limited to the following:
> 
> # of cases brought to comrel
> # of cases resolved amicably
> # of warnings issued
> # of cases resulting in policing action, suspension, ban, etc
> # of developers kicked/booted
> # of developers recruited
> 
> For each of the above, there would be another field, # of comrel members who 
> voted or took part in such action. That will show if it is just individuals 
> having their way, or if comrel is working as a team. May even go so far as to 
> record votes, x number for, x number against for each.
> 
> There could be more, but such information is very useful. All of such will 
> provide a measure of accountability. It does not reveal any sensitive 
> information. This would be like annually at minimum, monthly at maximum.
> 
> This could even be produced retroactively so we could see if this had an 
> impact on the project at any given point in time. I suspect that might be the 
> case in the past.
> 
I really like this idea. We already have a script that tells us the
latest additions and removals for ebuilds; why not something for
developers as well? It could give us concrete ideas of not only how
Comrel is 'performing', but also how proxy-maint or other recruiting
avenues are increasing our staffing to meet bug or package maintenance
demands.

Of course, I don't think writing that script would be quite as easy, so
one or two stats at a time would be a great start.

-- 
Daniel Campbell - Gentoo Developer
OpenPGP Key: 0x1EA055D6 @ hkp://keys.gnupg.net
fpr: AE03 9064 AE00 053C 270C  1DE4 6F7A 9091 1EA0 55D6


[-- Attachment #2: OpenPGP digital signature --]
[-- Type: application/pgp-signature, Size: 801 bytes --]

Re: [gentoo-project] Comrel Improvements: Expectations of Privacy

[Seemant Kulleen]

[-- Attachment #1: Type: text/plain, Size: 2511 bytes --]

Happy Thursday/Friday Daniel & Rich,
(and hi to all thread participants)

I favour the idea of data-driven decision making.

For what it's worth, I would like to help on the aspect, if y'all decide to
go forward with automated data gathering/collection projects.

Cheers,
Seemant


*--*
*Oakland Finish Up Weekend*
Be Amazed.  Be Amazing.
Get Mentored | Get Inspired | *Finish* *Up*
http://oaklandfinishup.com


On Thu, Oct 6, 2016 at 5:43 PM, Daniel Campbell <zlg@gentoo.org> wrote:

> On 10/03/2016 09:00 AM, William L. Thomson Jr. wrote:
> > On Friday, September 30, 2016 8:59:15 PM EDT Rich Freeman wrote:
> >>
> >> The Issue
> >> Recently there has been some questioning of whether we have the right
> >> balance of privacy in Comrel disputes.
> >
> > Anonymous stats can be produced and released without releasing any
> private
> > information.
> >
> > Such as but not limited to the following:
> >
> > # of cases brought to comrel
> > # of cases resolved amicably
> > # of warnings issued
> > # of cases resulting in policing action, suspension, ban, etc
> > # of developers kicked/booted
> > # of developers recruited
> >
> > For each of the above, there would be another field, # of comrel members
> who
> > voted or took part in such action. That will show if it is just
> individuals
> > having their way, or if comrel is working as a team. May even go so far
> as to
> > record votes, x number for, x number against for each.
> >
> > There could be more, but such information is very useful. All of such
> will
> > provide a measure of accountability. It does not reveal any sensitive
> > information. This would be like annually at minimum, monthly at maximum.
> >
> > This could even be produced retroactively so we could see if this had an
> > impact on the project at any given point in time. I suspect that might
> be the
> > case in the past.
> >
> I really like this idea. We already have a script that tells us the
> latest additions and removals for ebuilds; why not something for
> developers as well? It could give us concrete ideas of not only how
> Comrel is 'performing', but also how proxy-maint or other recruiting
> avenues are increasing our staffing to meet bug or package maintenance
> demands.
>
> Of course, I don't think writing that script would be quite as easy, so
> one or two stats at a time would be a great start.
>
> --
> Daniel Campbell - Gentoo Developer
> OpenPGP Key: 0x1EA055D6 @ hkp://keys.gnupg.net
> fpr: AE03 9064 AE00 053C 270C  1DE4 6F7A 9091 1EA0 55D6
>
>

[-- Attachment #2: Type: text/html, Size: 3713 bytes --]

Re: [gentoo-project] Comrel Improvements: Expectations of Privacy

[Kristian Fiskerstrand]

[-- Attachment #1.1: Type: text/plain, Size: 1086 bytes --]

On 10/07/2016 02:43 AM, Daniel Campbell wrote:
> On 10/03/2016 09:00 AM, William L. Thomson Jr. wrote:
>> On Friday, September 30, 2016 8:59:15 PM EDT Rich Freeman wrote:
>>>

..

 at any given point in time. I suspect that might be the
>> case in the past.
>>
> I really like this idea. We already have a script that tells us the
> latest additions and removals for ebuilds; why not something for
> developers as well? It could give us concrete ideas of not only how

Because Gentoo Monthly Newsletter ran out of manpower.
Additions/removals and total num of devs, council decisions etc was
covered there. See [GMN]

> Of course, I don't think writing that script would be quite as easy, so
> one or two stats at a time would be a great start.

Would start by looking at the GMN scripts

References:
[GMN]
https://blogs.gentoo.org/news/2015/03/07/gentoo-monthly-newsletter-february-2015/#Gentoo_Developer_Moves

-- 
Kristian Fiskerstrand
OpenPGP keyblock reachable at hkp://pool.sks-keyservers.net
fpr:94CB AFDD 3034 5109 5618 35AA 0B7F 8B60 E3ED FAE3


[-- Attachment #2: OpenPGP digital signature --]
[-- Type: application/pgp-signature, Size: 455 bytes --]