1 |
On 15/01/17 19:23, Michał Górny wrote: |
2 |
> Hello, everyone. |
3 |
> |
4 |
> Since the things around ComRel seem to have cooled down a bit, I think |
5 |
> we can now start a serious discussion on how disciplinary action |
6 |
> handling could be improved. While the recent complaints were focused on |
7 |
> ComRel, I would like to take a more generic approach since ComRel is |
8 |
> not the only body in Gentoo capable of disciplinary action. |
9 |
> |
10 |
> Therefore, I'd like my proposal to concern all cases of disciplinary |
11 |
> action, involving but not limited to: ComRel, QA, Forum moderators, IRC |
12 |
> moderators, Wiki admins and any other entity capable of enforcing |
13 |
> a disciplinary action against developers and users. |
14 |
> |
15 |
> Note: throughout the mail 'users' include all people involved on |
16 |
> the Gentoo communication channels, developers, users, bystanders |
17 |
> and bots alike. |
18 |
> |
19 |
> |
20 |
> Problems |
21 |
> -------- |
22 |
> 1. Lack of transparency (this seems to be improving but I don't think |
23 |
> we have a proper rules for that), that causes two issues: |
24 |
> |
25 |
> a. Users indirectly involved in disciplinary action are unaware of it |
26 |
> which causes unnecessary confusion. Example: user is unaware that |
27 |
> a person is banned from Bugzilla, and incorrectly assumes that |
28 |
> the developer or user does not wish to reply to him. |
29 |
> |
30 |
> b. Users presume disciplinary bodies attempt to hide their actions |
31 |
> which unnecessary builds tension and accusations. This becomes worse |
32 |
> when the subjects of those actions are the only sides speaking upon |
33 |
> the matter, and spreading false information. |
34 |
> |
35 |
> 2. Unclear appeal procedure (outside ComRel). For example, users that |
36 |
> get banned on IRC don't have a clear suggestion on where to appeal to |
37 |
> a particular decision, or whether there is any appeal possible at all. |
38 |
> |
39 |
> 3. Lack of supervision. Likewise, most of teams capable of some degree |
40 |
> of disciplinary action are not supervised by any other body in Gentoo, |
41 |
> some not even indirectly. |
42 |
> |
43 |
> 4. Lack of cooperation. Most of disciplinary teams in Gentoo operate |
44 |
> in complete isolation. Users affected by disciplinary actions |
45 |
> sometimes simply switch to another channel and continue their bad |
46 |
> behavior under another disciplinary team. |
47 |
> |
48 |
> |
49 |
> In this proposal, I'd like to discuss introducing a few simple rules |
50 |
> that would be binding to all teams capable of enforcing a disciplinary |
51 |
> actions, and that aim to improve the current situation. My proposed |
52 |
> rules are: |
53 |
> |
54 |
> |
55 |
> 1. Secrecy |
56 |
> ---------- |
57 |
> Due to the nature of disciplinary affairs, the teams involved |
58 |
> in performing them are obliged to retain secrecy of the information |
59 |
> gathered. This includes both collected material (logs, messages, etc.) |
60 |
> and names of the individuals providing them. |
61 |
> |
62 |
> All the sensitive information involving disciplinary affairs can be |
63 |
> *securely* passed only to other members of the disciplinary team |
64 |
> involved in the affair and the current Council members, upon legitimate |
65 |
> request. The obtained information should also be stored securely. |
66 |
> |
67 |
> It is only necessary for a single member of the disciplinary team to |
68 |
> store the information (or to use a single collective store). |
69 |
> The Council members should remove all obtained information after |
70 |
> the appeal/audit. |
71 |
> |
72 |
> It should be noted that an unauthorized disclosure of sensitive |
73 |
> information by any party involved would be a base for a strong |
74 |
> disciplinary action. |
75 |
> |
76 |
> Rationale: |
77 |
> |
78 |
> a. The collected material sometimes contains various bits of private |
79 |
> information whose disclosure is completely unnecessary and would only |
80 |
> unnecessarily violate individual's privacy. Gentoo ought to respect |
81 |
> privacy of users, and do not invade it without necessity. |
82 |
> |
83 |
> b. Publishing names of individuals involved in a disciplinary action |
84 |
> could encourage the subjects to seek revenge. While keeping them secret |
85 |
> often does not prevent it (or even worse, causes the individuals to |
86 |
> seek revenge on larger group of people), we ought not to encourage |
87 |
> it. |
88 |
> |
89 |
> |
90 |
> 2. Transparency |
91 |
> --------------- |
92 |
> Any disciplinary action should be announced by the team in a manner |
93 |
> specific to the appropriate media where the measure applies. |
94 |
> The announcement should be visible to all users of that media, |
95 |
> and contains: |
96 |
> |
97 |
> - the name of the user to whom the measure applies, |
98 |
> |
99 |
> - the description and length of the measure applied. |
100 |
> |
101 |
> For example, a ban on a mailing list could be announced to the mailing |
102 |
> list in question. A ban on Bugzilla could involve adding appropriate |
103 |
> note to the user's name, so that all other users see that he can't |
104 |
> respond at the time. A ban on IRC could be stored e.g. on wiki page, |
105 |
> or noted on a bug. |
106 |
> |
107 |
> Furthermore, any disciplinary action must be reported to the Council. |
108 |
> The reporting is done through a bug that is opened at the first |
109 |
> disciplinary measure inflicted on a user, and reused at any following |
110 |
> measures. It should contain the information listed above, and have |
111 |
> the Council in CC. No private information should be ever included |
112 |
> in the bug. |
113 |
> |
114 |
> Rationale: |
115 |
> |
116 |
> a. As noted above, the disciplinary measure often affect more users |
117 |
> than the subject of the action. It is therefore most advisable to |
118 |
> notice them of the action (i.e. that they can't expect the particular |
119 |
> user to reply) and their length, while protecting as much privacy as |
120 |
> possible. |
121 |
> |
122 |
> b. It is also beneficial for the subject of the action to have |
123 |
> a publicly visible note of the measure applied, and clear statement of |
124 |
> its length. |
125 |
> |
126 |
> c. Opening bugs for all disciplinary actions helps teams keep track of |
127 |
> them and their durations, note repeated offenders and finally report |
128 |
> all actions to the Council for auditing purposes. |
129 |
> |
130 |
> |
131 |
> 3. Appeal |
132 |
> --------- |
133 |
> All disciplinary decisions (both actions and refusals to perform |
134 |
> action) can be appealed to the Council. In this case, the disciplinary |
135 |
> team is obliged to securely pass all material collected to the Council. |
136 |
> The Council can either support, modify or dismiss the decision |
137 |
> entirely. There is no further appeal. |
138 |
> |
139 |
> It should be noted that the disciplinary actions must not prevent |
140 |
> the appeal from being filed. |
141 |
> |
142 |
> Rationale: |
143 |
> |
144 |
> a. Having a single body to handle all appeals makes the procedures |
145 |
> simpler to our users and more consistent. This also guarantees that |
146 |
> all measures can be appealed exactly once, and no channels are |
147 |
> privileged. |
148 |
> |
149 |
> b. The Council is currently the highest body elected by Gentoo |
150 |
> developers with the trust of being able to handle appeals from ComRel |
151 |
> decisions. It seems reasonable to extend that to all disciplinary |
152 |
> decisions in Gentoo. |
153 |
> |
154 |
> |
155 |
> 4. Supervision |
156 |
> -------------- |
157 |
> At the same time, Council is assumed to supervise all disciplinary |
158 |
> affairs in Gentoo. As noted in 2., all decisions made are reported to |
159 |
> the Council for auditing. Those reports combined with appeals should |
160 |
> allow the Council to notice any suspicious behavior from particular |
161 |
> disciplinary teams. |
162 |
> |
163 |
> For the necessity of audit, the disciplinary teams should retain all |
164 |
> material supporting their disciplinary audit in a secure manner, |
165 |
> throughout the time of the disciplinary action and at least half a year |
166 |
> past it. The Council can request all this information to audit |
167 |
> the behavior of a particular team and/or its member. |
168 |
> |
169 |
> Rationale: |
170 |
> |
171 |
> a. Having a proper auditing procedure in place is necessary to improve |
172 |
> the trust our users put in our disciplinary teams. It should discourage |
173 |
> any members of our disciplinary teams from attempting to abuse their |
174 |
> privileges, and help discover that quickly if it actually happens. |
175 |
> |
176 |
> b. The necessity of storing information supporting disciplinary |
177 |
> decisions is helpful both for the purpose of auditing as well as for |
178 |
> (potentially late) appeals. Keeping old information is necessary to |
179 |
> support stronger decisions made for repeat offenders. |
180 |
> |
181 |
> |
182 |
> 5. Cooperation |
183 |
> -------------- |
184 |
> While it is not strictly necessary for different disciplinary teams to |
185 |
> cooperate, in some cases it could be useful to handle troublemakers |
186 |
> more efficiently across different channels. |
187 |
> |
188 |
> Since all disciplinary actions are published, a team may notice that |
189 |
> another team has enforced a disciplinary action on their user. This |
190 |
> could be used as a suggestion that the user is a potential troublemaker |
191 |
> but the team must collect the evidence of wrongdoing in their own |
192 |
> channel before enforcing any action. It should be noted that |
193 |
> disciplinary teams are not allowed to exchange private information. |
194 |
> |
195 |
> When multiple teams inflict disciplinary actions on the same user, they |
196 |
> can request the Council to consider issuing a cross-channel Gentoo |
197 |
> disciplinary action. In this case, the Council requests material from |
198 |
> all involved teams (alike when auditing) and may request a consistent |
199 |
> disciplinary action from all disciplinary teams in Gentoo. |
200 |
> |
201 |
> Rationale: |
202 |
> |
203 |
> a. Under normal circumstances, a bad behavior on one communication |
204 |
> channel should not prevent the user from contributing on another. |
205 |
> However, we should have a more efficient procedure to handle the case |
206 |
> when user is a repeating troublemaker and moves from one channel to |
207 |
> another. |
208 |
> |
209 |
> b. Preventing information exchange serves the purpose of protecting |
210 |
> users' privacy. The access to sensitive information should be |
211 |
> restricted as narrowly as possible. Disciplinary teams should perform |
212 |
> decisions autonomously to prevent corruption of one team resulting |
213 |
> in unnecessary actions from another. |
214 |
> |
215 |
> |
216 |
> Migration |
217 |
> --------- |
218 |
> It would seem unreasonable to request all disciplinary teams to either |
219 |
> report all their past decisions right now, or to lift them immediately. |
220 |
> However, if this policy is accepted, all teams would be obliged to |
221 |
> follow it for any further decisions. |
222 |
> |
223 |
> It would also be recommended for teams to appropriate update at least |
224 |
> recent decisions or those that are brought up again (e.g. via appeal or |
225 |
> repeat offense). |
226 |
> |
227 |
> |
228 |
> What do you think? |
229 |
> |
230 |
I think this looks good Michal, and thank you for putting it together. A |
231 |
clear and concise policy makes it a lot easier for people to understand |
232 |
when they have done something wrong (possibly even unknowingly) and the |
233 |
consequences of it. Having such a policy helps all parties involved to |
234 |
know what is expected of them, and what should be expected at all points |
235 |
in the process. |
236 |
|
237 |
I commend the idea of having a more consistent policy across different |
238 |
mediums, and some means for teams to interact and co-ordinate better. It |
239 |
is perfectly reasonable to anticipate that actions on one medium may not |
240 |
necessarily manifest themselves on another, and as such, any action and |
241 |
its impact should be independently assessed. |