From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from lists.gentoo.org (pigeon.gentoo.org [208.92.234.80]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by finch.gentoo.org (Postfix) with ESMTPS id 8EE59139085 for ; Mon, 16 Jan 2017 00:25:37 +0000 (UTC) Received: from pigeon.gentoo.org (localhost [127.0.0.1]) by pigeon.gentoo.org (Postfix) with SMTP id BB089234010; Mon, 16 Jan 2017 00:25:35 +0000 (UTC) Received: from smtp.gentoo.org (smtp.gentoo.org [140.211.166.183]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by pigeon.gentoo.org (Postfix) with ESMTPS id 7607823400D for ; Mon, 16 Jan 2017 00:25:35 +0000 (UTC) Received: by smtp.gentoo.org (Postfix, from userid 2127) id 5E95733D3CE; Mon, 16 Jan 2017 00:25:34 +0000 (UTC) Received: from localhost (localhost [127.0.0.1]) by smtp.gentoo.org (Postfix) with ESMTP id 3CE8433BEFC for ; Mon, 16 Jan 2017 00:25:34 +0000 (UTC) Date: Mon, 16 Jan 2017 00:25:34 +0000 (UTC) From: "Jorge Manuel B. S. Vicetto" To: gentoo-project@lists.gentoo.org Subject: Re: [gentoo-project] ComRel / disciplinary action reform proposal In-Reply-To: <20170115195209.70d3a748.mgorny@gentoo.org> Message-ID: References: <20170115195209.70d3a748.mgorny@gentoo.org> User-Agent: Alpine 2.00 (LNX 1167 2008-08-23) Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Id: Gentoo Project discussion list X-BeenThere: gentoo-project@lists.gentoo.org Reply-To: gentoo-project@lists.gentoo.org MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=UTF-8; format=flowed Content-Transfer-Encoding: 8BIT X-Archives-Salt: 6ce2852e-5a91-482b-9596-1b00be8fa543 X-Archives-Hash: 08e3d7fcc1e947b7c0e8fe85ae9ce8d9 On Sun, 15 Jan 2017, Michał Górny wrote: > Hello, everyone. > > Since the things around ComRel seem to have cooled down a bit, I think > we can now start a serious discussion on how disciplinary action > handling could be improved. While the recent complaints were focused on > ComRel, I would like to take a more generic approach since ComRel is > not the only body in Gentoo capable of disciplinary action. > > Therefore, I'd like my proposal to concern all cases of disciplinary > action, involving but not limited to: ComRel, QA, Forum moderators, IRC > moderators, Wiki admins and any other entity capable of enforcing > a disciplinary action against developers and users. > > Note: throughout the mail 'users' include all people involved on > the Gentoo communication channels, developers, users, bystanders > and bots alike. Thanks Michał for this email. Let me start with a few general observations. I'll reply to some of your points later. * We already have some policies about appeals - I'll admit many might / are unaware of some of them. * Council isn't and shouldn't be the direct appeal body for all decisions * Following above, if it were, it'd be swamped with appeals (I believe some don't have an idea of how many bans are set on all mediums - the vast majority never being subject of an appeal and or never crossing to other mediums) * You don't mention some social network sites and I'm sure some want to address those as well. IIRC, most of those, where we had an official presence, were tied to PR. > Problems > -------- > 1. Lack of transparency (this seems to be improving but I don't think > we have a proper rules for that), that causes two issues: > > a. Users indirectly involved in disciplinary action are unaware of it > which causes unnecessary confusion. Example: user is unaware that > a person is banned from Bugzilla, and incorrectly assumes that > the developer or user does not wish to reply to him. > > b. Users presume disciplinary bodies attempt to hide their actions > which unnecessary builds tension and accusations. This becomes worse > when the subjects of those actions are the only sides speaking upon > the matter, and spreading false information. > > 2. Unclear appeal procedure (outside ComRel). For example, users that > get banned on IRC don't have a clear suggestion on where to appeal to > a particular decision, or whether there is any appeal possible at all. The general rule is that you appeal an irc ban to the team responsible for the irc channel (#gentoo-ops for #gentoo, ComRel for #gentoo-dev and individual project teams for #gentoo-* channels). If an appeal of the team decision is needed, it should be either directed to the Gentoo Freenode Group Contacts (#gentoo-groupcontacts) the people that interact with Freenode and can in last resort close a channel or take ownershipt of it or ComRel if there was an abuse of power by a Developer. All actions by ComRel can be appelead for the Council. ComRel is involved here as this was done by UserRel before. > 3. Lack of supervision. Likewise, most of teams capable of some degree > of disciplinary action are not supervised by any other body in Gentoo, > some not even indirectly. > > 4. Lack of cooperation. Most of disciplinary teams in Gentoo operate > in complete isolation. Users affected by disciplinary actions > sometimes simply switch to another channel and continue their bad > behavior under another disciplinary team. > > > In this proposal, I'd like to discuss introducing a few simple rules > that would be binding to all teams capable of enforcing a disciplinary > actions, and that aim to improve the current situation. My proposed > rules are: > > > 1. Secrecy > ---------- > Due to the nature of disciplinary affairs, the teams involved > in performing them are obliged to retain secrecy of the information > gathered. This includes both collected material (logs, messages, etc.) > and names of the individuals providing them. > > All the sensitive information involving disciplinary affairs can be > *securely* passed only to other members of the disciplinary team > involved in the affair and the current Council members, upon legitimate > request. The obtained information should also be stored securely. > > It is only necessary for a single member of the disciplinary team to > store the information (or to use a single collective store). > The Council members should remove all obtained information after > the appeal/audit. > > It should be noted that an unauthorized disclosure of sensitive > information by any party involved would be a base for a strong > disciplinary action. > > Rationale: > > a. The collected material sometimes contains various bits of private > information whose disclosure is completely unnecessary and would only > unnecessarily violate individual's privacy. Gentoo ought to respect > privacy of users, and do not invade it without necessity. > > b. Publishing names of individuals involved in a disciplinary action > could encourage the subjects to seek revenge. While keeping them secret > often does not prevent it (or even worse, causes the individuals to > seek revenge on larger group of people), we ought not to encourage > it. As was discussed before, some argue whether we should keep the secrecy or not. I, for one, believe that keeping things private is best for everyone. I also support that any damaging data should be kept out of public eyes so as not to "tarnish" users reputation - it seems not everyone agree with me on this one. > 2. Transparency > --------------- > Any disciplinary action should be announced by the team in a manner > specific to the appropriate media where the measure applies. > The announcement should be visible to all users of that media, > and contains: > > - the name of the user to whom the measure applies, > > - the description and length of the measure applied. > > For example, a ban on a mailing list could be announced to the mailing > list in question. A ban on Bugzilla could involve adding appropriate > note to the user's name, so that all other users see that he can't > respond at the time. A ban on IRC could be stored e.g. on wiki page, > or noted on a bug. Back from the Proctors days, there's an argument that announcing publicly a ban may inflame dispustes further. Also, this is very tied to the medium. For example, Forums Moderators have a policy to deal with bans and a procedure in place that frequently involves splitting spam / abusive posts from a topic and moving it to dustbin. Keeping the spam / abusive post in the topic and adding a comment that a user was banned, doesn't fit or serve well the forums, imho. > Furthermore, any disciplinary action must be reported to the Council. > The reporting is done through a bug that is opened at the first > disciplinary measure inflicted on a user, and reused at any following > measures. It should contain the information listed above, and have > the Council in CC. No private information should be ever included > in the bug. I don't think you have an idea of the scope of the bans. If this were to be done, Council would be swamped. Just think of how many bans ops in #gentoo and Forums Moderators have to do to keep spammers away. Also, your proposal sees Council as the first appeal to a ban. I disagree with that idea. I see Council as the last appeal body and that anyone wanting to appeal to Council needs to contact and present the case. > Rationale: > > a. As noted above, the disciplinary measure often affect more users > than the subject of the action. It is therefore most advisable to > notice them of the action (i.e. that they can't expect the particular > user to reply) and their length, while protecting as much privacy as > possible. > > b. It is also beneficial for the subject of the action to have > a publicly visible note of the measure applied, and clear statement of > its length. We add a note to clear spammers on bugzilla such as "go away". You'd want us to start spending a lot of time on every case for every ban? To avoid any confusion, all bans on bugzilla done by ComRel include a note on how to appeal for that ban (when not clear spammers). One thing you mention that might be worth, is having a way to make clear that a bugzilla account is "disabled". I don't think we should be explicit about an account being banned. > c. Opening bugs for all disciplinary actions helps teams keep track of > them and their durations, note repeated offenders and finally report > all actions to the Council for auditing purposes. Again I don't think / agree that Council needs to "audit" all teams. I don't see any reason Council needs to know how many users the KDE team choose to ban from #gentoo-kde for misbehaving. The day #gentoo-kde becomes a "war zone" that disrespects all users and after #gentoo-groupcontacts and or ComRel are approached and that isn't fixed, then I find it reasonable to appeal to Council about that, but *only* then. > 3. Appeal > --------- > All disciplinary decisions (both actions and refusals to perform > action) can be appealed to the Council. In this case, the disciplinary > team is obliged to securely pass all material collected to the Council. > The Council can either support, modify or dismiss the decision > entirely. There is no further appeal. > > It should be noted that the disciplinary actions must not prevent > the appeal from being filed. > > Rationale: > > a. Having a single body to handle all appeals makes the procedures > simpler to our users and more consistent. This also guarantees that > all measures can be appealed exactly once, and no channels are > privileged. Appeal bodies are tied to the communication medium. Also, issues involving user / developer conflicts, like perceived abuses by moderation teams, fall within ComRel (formerly UserRel) purview. > b. The Council is currently the highest body elected by Gentoo > developers with the trust of being able to handle appeals from ComRel > decisions. It seems reasonable to extend that to all disciplinary > decisions in Gentoo. You don't got to the Supreme Court before going though the appeals court. > 4. Supervision > -------------- > At the same time, Council is assumed to supervise all disciplinary > affairs in Gentoo. As noted in 2., all decisions made are reported to > the Council for auditing. Those reports combined with appeals should > allow the Council to notice any suspicious behavior from particular > disciplinary teams. > > For the necessity of audit, the disciplinary teams should retain all > material supporting their disciplinary audit in a secure manner, > throughout the time of the disciplinary action and at least half a year > past it. The Council can request all this information to audit > the behavior of a particular team and/or its member. > > Rationale: > > a. Having a proper auditing procedure in place is necessary to improve > the trust our users put in our disciplinary teams. It should discourage > any members of our disciplinary teams from attempting to abuse their > privileges, and help discover that quickly if it actually happens. > > b. The necessity of storing information supporting disciplinary > decisions is helpful both for the purpose of auditing as well as for > (potentially late) appeals. Keeping old information is necessary to > support stronger decisions made for repeat offenders. > > > 5. Cooperation > -------------- > While it is not strictly necessary for different disciplinary teams to > cooperate, in some cases it could be useful to handle troublemakers > more efficiently across different channels. > > Since all disciplinary actions are published, a team may notice that > another team has enforced a disciplinary action on their user. This > could be used as a suggestion that the user is a potential troublemaker > but the team must collect the evidence of wrongdoing in their own > channel before enforcing any action. It should be noted that > disciplinary teams are not allowed to exchange private information. > > When multiple teams inflict disciplinary actions on the same user, they > can request the Council to consider issuing a cross-channel Gentoo > disciplinary action. In this case, the Council requests material from > all involved teams (alike when auditing) and may request a consistent > disciplinary action from all disciplinary teams in Gentoo. > > Rationale: > > a. Under normal circumstances, a bad behavior on one communication > channel should not prevent the user from contributing on another. > However, we should have a more efficient procedure to handle the case > when user is a repeating troublemaker and moves from one channel to > another. > > b. Preventing information exchange serves the purpose of protecting > users' privacy. The access to sensitive information should be > restricted as narrowly as possible. Disciplinary teams should perform > decisions autonomously to prevent corruption of one team resulting > in unnecessary actions from another. > > > Migration > --------- > It would seem unreasonable to request all disciplinary teams to either > report all their past decisions right now, or to lift them immediately. > However, if this policy is accepted, all teams would be obliged to > follow it for any further decisions. > > It would also be recommended for teams to appropriate update at least > recent decisions or those that are brought up again (e.g. via appeal or > repeat offense). > > > What do you think? To conclude, I'd summarize the process of appeals for group mediums / areas as: * ComRel / QA As already known, Council * IRC start by appealing to the moderation teams (#gentoo-ops for #gentoo, ComRel for #gentoo-dev, individual teams for #gentoo-* channels) if that fails #gentoo-groupcontacts / ComRel groupcontacts deal with Freenode and can seize a channel or disband it / ComRel deals with user / developers issues and can deal with abusive behaviour * Bugzilla / MLs ComRel if set by a ComRel member or seen as an abuse | the moderators of an ml (if it's moderated) * Forums start by appealing to the Forums Moderators if that fails ComRel * Social network sites (with official Gentoo presence) PR? Some of these teams deal with appeals through email. For example #gentoo-ops and Forums Moderators have emails that can be used to contact them. Regards, Jorge