Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Question regarding visibility of CoC reports #512

Closed
benjamingr opened this issue Jun 18, 2020 · 5 comments
Closed

Question regarding visibility of CoC reports #512

benjamingr opened this issue Jun 18, 2020 · 5 comments

Comments

@benjamingr
Copy link
Member

Hey,

Our moderation policy details what happens when a report is received at [email protected] :

When a request is sent by email to the [email protected] (or directly to a Moderation Team member) a new issue detailing the request must be created in the private nodejs/moderation repository. The identity of the individual submitting the request should be omitted from the issue unless permission to include the identity is provided by the reporter.

Collaborators must never discuss the specific details of a Moderation request in any public forum or any social media service outside of the Node.js GitHub Organization.

Requests for Moderation that do not appear to have been submitted in good faith with intent to address a legitimate Code of Conduct violation will be ignored.

I have a few questions and would like to clarify a few things:

  • I want our process to include specific permission to discuss the specific details of a moderation request between project members outside the GitHub org. Namely the moderation team has a slack workspace where we usually discuss these requests.
  • When a report is made by a non-member (or by a member) - what should the report posted to the moderation repo contain? (The full report? Names omitted?)
  • We have a clause that lets us ignore requests not posted in good faith but we have been using that clause to ignore requests that are probably in good faith but are themselves violations of the CoC. For example: extremely racist but genuine (🤮) emails regarding the 1 week website change for blacklives matter. We did not post those and instead posted a single issue and promised to update governing bodies. I think it's useful to clarify that clause to also include reports that are in good faith but are themselves violating the CoC.

All these are mostly technicalities - but I believe we should clarify those and close these (small) gaps in our process.

What should we do? cc @nodejs/moderation
@Trott
Copy link
Member

Trott commented Jun 19, 2020

/ping @nodejs/tsc @nodejs/community-committee

@gireeshpunathil
Copy link
Member

I am fine leaving it to the discretion of the moderation team , based on the perceived seriousness of the content and based on the discussion they have, they may decide to disclose the full content, or disclose the theme but omit the identities

@Trott
Copy link
Member

Trott commented Jun 19, 2020
edited
Loading

I think we should remove the requirement in the policy to open an issue. I think posting in the report to TSC/CommComm (which I currently post in the TSC meeting issues once a week) should be sufficient. I know the moderation repo is supposed to be a private repo for Node.js members and its contents are supposed to be confidential. In reality, we give access to hundreds of people around the globe with near-zero vetting for most of them. That's fine for some purposes, but for things like this, I think it's too leaky/risky to post private information there in many cases.

In that repo, in particular, I don't think the moderation team should ever disclose the identities of people involved in CoC reports due to liability concerns. If a reporter is subsequently doxed or harassed, could we be sued? If someone whose actions were reported were to experience a negative career event shortly after and believed it was due to allegations in a report we post, could we be sued? I don't know the answer to these questions definitively, but I suspect the answer is "yes" and that we should act cautiously here.

We have an obligation to act to make and keep Node.js a safe place for people to participate, and so we should certainly indicate when we are acting on CoC reports. And we have the right to restrict people from Node.js spaces if we believe they are failing to act in a way that is appropriate and beneficial for the project and its participants. But identities of parties involved in complaints about private communications and actions should (in my opinion, at least based on what I understand right now) never be revealed. I can imagine an exception in extraordinary circumstances, but as a rule, no, identities should not be disclosed by us. (In many cases, someone's actions are very public and people can easily figure out who it is. That's OK. We still don't have to name them semi-publicly ourselves.)

@benjamingr benjamingr mentioned this issue Jun 21, 2020
Merged
@mhdawson
Copy link
Member

I agree with @Trott with working to ensure we don't identify parties. I wonder if we should have a more private repo where an issue is opened instead, possibly with normally only the Moderation team having access?

@benjamingr
Copy link
Member Author

This has been merged/fixed :] If anyone feels this should stay open - feel free to reopen

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@Trott @benjamingr @gireeshpunathil @mhdawson