Adding guidelines for reporting violations of code of conduct #9340
There are no files selected for viewing
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -1,5 +1,30 @@ | ||
| Enforcement Team | ||
| ================ | ||
|
|
||
| Our Pledge | ||
| ---------- | ||
|
|
||
| In the interest of fostering an open and welcoming environment, the enforcement team | ||
| pledge to ensure that the spirit of the :doc:`Code of Conduct </contributing/code_of_conduct/index>` | ||
| is respected. Our main priority is to ensure the safety of our community members. | ||
| The second goal is to help educate the community as a whole to be aware of the CoC | ||
| and how to help implement its spirit throughout the community. In case these goals | ||
| conflict, we will prioritize safety of community members over all other goals. | ||
|
|
||
| If you think there is or has been a violation to the code of conduct please contact | ||
| enforcement team or if you prefer contact only individual members of the enforcement team. | ||
|
|
||
| Members | ||
| ------- | ||
|
|
||
| Here are all the members of the Code of Conduct enforcement team. You can contact | ||
| any of them directly using the contact details below or you can also contact all of | ||
| them at once by emailing **[email protected]**. | ||
|
|
||
| About the Enforcement Team | ||
| -------------------------- | ||
|
|
||
| The :doc:`Symfony project leader </contributing/code/core_team>` appoints enforcement | ||
| team with candidates they see fit. The enforcement team will consist of at least | ||
| 3 people. The team should be representing as many demographics as possible, | ||
| ideally from different employers. | ||
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -1,6 +1,98 @@ | ||
| Reporting Guidelines | ||
| ==================== | ||
|
|
||
| If you believe someone is violating the Code of Conduct we ask that you report | ||
| it to the :doc:`enforcement team </contributing/code_of_conduct/enforcement_team>` | ||
| by emailing, Twitter, in person or any way you see fit. | ||
|
|
||
| **All reports will be kept confidential.** The privacy of everyone included in | ||
| the report is of our highest concern. Second to privacy there is transparency. | ||
| After every report we will determine if a public statement should be made. If | ||
| that's the case, the identities of all victims, reporters, and the accused will | ||
| remain confidential unless those individuals instruct us otherwise. The details | ||
| of the incident may also be generalized. | ||
|
|
||
| If you believe anyone is in physical danger or doing something that is against | ||
| the law, please notify appropriate emergency services first by calling the relevant | ||
| local authorities. If you are unsure what service or agency is appropriate to | ||
| contact, include this in your report and we will attempt to notify them. | ||
|
|
||
| In your report please include: | ||
|
|
||
| * Your contact info for follow-up contact. | ||
| * Names (legal, nicknames, or pseudonyms) of any individuals involved. | ||
| * If there were other witnesses besides you, please try to include them as well. | ||
| * When and where the incident occurred. Please be as specific as possible. | ||
| * Your description of what occurred. | ||
| * If there is a publicly available record (e.g. a mailing list archive or a | ||
| public IRC or Slack log), please include a link and a screenshot. | ||
| * If you believe this incident is ongoing. | ||
| * Any other information you believe we should have. | ||
|
|
||
| What happens after you file a report? | ||
| ------------------------------------- | ||
|
|
||
| You will receive a reply from the :doc:`enforcement team </contributing/code_of_conduct/enforcement_team>` | ||
| acknowledging receipt as soon as possible, but within 24 hours. | ||
|
|
||
| The team member receiving the report will immediately contact all or some other | ||
| enforcement team members to review the incident and determine: | ||
|
|
||
| * What happened. | ||
| * Whether this event constitutes a Code of Conduct violation. | ||
| * What kind of response is appropriate. | ||
|
|
||
| If this is determined to be an ongoing incident or a threat to physical safety, | ||
| the team's immediate priority will be to protect everyone involved. This means | ||
| we may delay an "official" response until we believe that the situation has ended | ||
| and that everyone is physically safe. | ||
|
|
||
| Once the team has a complete account of the events, they will make a decision as | ||
| to how to respond. Responses may include: | ||
|
|
||
| * Nothing (if we determine no Code of Conduct violation occurred). | ||
| * A private reprimand from the Code of Conduct response team to the individual(s) | ||
| involved. | ||
| * An imposed vacation (i.e. asking someone to "take a week off" from a mailing | ||
| list or Slack). | ||
| * A permanent or temporary ban from some or all Symfony conference/community | ||
| spaces (events, meetings, mailing lists, IRC, Slack, etc.) | ||
| * A request to engage in mediation and/or an accountability plan. | ||
| * On a case by case basis, other actions may be possible but will usually be | ||
| coordinated with the core team and the Symfony company. | ||
|
|
||
| We'll respond within one week to the person who filed the report with either a | ||
| resolution or an explanation of why the situation is not yet resolved. | ||
|
|
||
| Once we've determined our final actions, we'll contact the original reporter to | ||
| let them know what action (if any) we'll be taking. We'll take into account feedback | ||
| from the reporter on the appropriateness of our response, but our response will be | ||
| determined by what will be best for community safety. | ||
|
|
||
| The enforcement team keeps a private record of all incidents. By default all reports | ||
|
There was a problem hiding this comment. Are there any GDPR considerations for this? If this private record contains personally identifiable information, any processing would require consent from the people involved. There was a problem hiding this comment. We should really ask to some big open source project based in Europe which already has all this set up. I mean, we're not doing anything special, new or different. This CoC thing must be a "solved problem" in lots of other places. So let's copy them and move on 😄 There was a problem hiding this comment. This is fine according to GDPR. I'll claim it is for a common interest where the community's interest is larger then the individual's. This information is not classed as "extra sensitive" so we are fine. I think Javier's suggestion is good, we will look what others have done and move on. There was a problem hiding this comment. Well, no, we're not doing anything new, but the GDPR is new, so it's not unlikely that other projects might not have updated their CoCs to reflect this. @Nyholm Are you sure about that? I presume you're referring to the grounds in 6.1f? From what I've read I'm not sure about that being applicable. There was a problem hiding this comment. On this topic, I hade a discussion with a co-worker of mine, who (while not a lawyer) is working with making their (large) business GDPR compliant. His best guess is that as long as everyone involved has actively accepted the Code of Conduct, that would be a legal basis for processing this data. That however would mean that we'd have to have some mechanism of enforcing that acceptance in order to participate in the project. There was a problem hiding this comment. Without more information, in my opinion that would be a big NO. Adding mandatory acceptance clauses in GitHub repos (as some companies do) creates a big friction and it feels very unwelcoming. This could be solved as follows: in the web form used to report incidents, you add a big checkbox that the reporter must accept explicitly and that reads like this: "We'll preserve your full anonimity ... blah blah ... but you let us store the details of this report ... blah blah ... we'll comply with the GDPR regulation ..." There was a problem hiding this comment. The issue isn't so much storing information about the reporter, but rather the storing of information about the alleged infractor. While the reporter is likely to consent to storing data (if asked), the alleged infractor is not. There was a problem hiding this comment. I see. This is more complex than it looks :( |
||
| are shared with the entire enforcement team unless the reporter specifically asks | ||
| to exclude specific enforcement team members, in which case these enforcement team | ||
| members will not be included in any communication on the incidents as well as records | ||
| created related to the incidents. | ||
|
|
||
| Enforcement team members are expected to inform the enforcement team and the reporters | ||
| in case of conflicts on interest and recuse themselves if this is deemed a problem. | ||
|
|
||
| Appealing the response | ||
| ---------------------- | ||
|
|
||
| Only permanent resolutions (such as bans) may be appealed. To appeal a decision | ||
| of the working group, contact the :doc:`enforcement team </contributing/code_of_conduct/enforcement_team>` | ||
| with your appeal and they will review the case. | ||
|
|
||
| Document origin | ||
| --------------- | ||
|
|
||
| Reporting Guidelines derived from those of the `Stumptown Syndicate`_ and the | ||
| `Django Software Foundation`_. | ||
|
|
||
| Adopted by `Symfony`_ organizers on 21 February 2018. | ||
|
|
||
| .. _`Stumptown Syndicate`: http://stumptownsyndicate.org/code-of-conduct/reporting-guidelines/ | ||
| .. _`Django Software Foundation`: https://www.djangoproject.com/conduct/reporting/ | ||
| .. _`Symfony`: https://symfony.com | ||
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I choose to use the singular "they" here.