These Procedures address the following topics related to resolution of potential violations of the CNCF Code of Conduct:
- How to submit a report
- What information to include in your report
- What happens after a report is submitted
- Acknowledgement of Receipt
- Confirmation of Jurisdiction
- Who will have access to reports
- Investigation
- Notification to the Accused Person
- Resolution
- Information Sharing
- Confidentiality Policy
- No Retaliation
- Conflicts of Interest
- Amendments
- Attribution and Licensing
If you believe someone is in immediate physical danger, please call your local emergency number.
You may report a potential violation of the CNCF Code of Conduct in writing or in a spoken conversation as indicated below.
To report a violation in writing, please email conduct@cncf.io, which goes to all primary (not alternate) members of the CNCF Code of Conduct Committee (CoC Committee). If you do not want your report to be received by all members of the CoC Committee, either because you want to submit a report anonymously or because one of the CoC Committee members has a conflict of interest, you may send your report directly to any individual member of the CoC Committee.
If you prefer to report the violation in a spoken conversation, you may request a telephone conversation or virtual meeting with a CoC Committee member. If the incident occurs at an event, you may report the incident in person either to a member of the Linux Foundation Events Team or a member of the CNCF CoC Committee.
If you desire to submit a report anonymously, please send a message directly to any individual member of our CoC Committee through the CNCF Slack and let them know you would like to submit a Code of Conduct report anonymously. If you submit your report anonymously, that member of the CoC Committee will share the contents of your report with the rest of the CoC Committee, but they will not disclose your identity as the reporter to the other members of the CoC Committee (unless such disclosure is necessary to comply with applicable laws or a court order, or to protect you or someone else from imminent danger).
When reporting a potential Code of Conduct violation, please include the following information in your report:
-
Names of the people involved (or if names are unknown, use descriptions and any identifying information such as appearance, role, username, or handle), including the person whom you believe violated the Code of Conduct and any witnesses.
-
Description of the incident, including the events that occured, the date and time, and location or community space where the incident occured.
-
The portion(s) of the CoC you believe to be violated.
-
If you have relevant documentary evidence, such as screenshots or photographs, please provide those with your report.
The Code of Conduct Committee will acknowledge receipt of your report in a timely manner, usually within a few business days.
After a report is submitted, the CNCF CoC Committee will confirm who has jurisdiction over the incident under the Jurisdiction and Escalation Policy. If the CoC Committee does not have jurisdiction, it will transfer the incident to the applicable project or escalate the incident to the Linux Foundation. Reporters will be notified if this occurs unless they reported anonymously and did not provide their contact information. If the CNCF CoC Committee does have jurisdiction and is not required to escalate it, the committee will proceed to investigate and resolve the incident.
Reports will only be shared with non-conflicted members of the CoC Committee, with very limited exceptions. See the “Confidentiality”, “Information Sharing”, “Communicating the Results”, and “Conflicts of Interest” sections below for more information.
The CoC Committee will investigate the report by reviewing available evidence and, if appropriate, interviewing witnesses, the accused person, and persons who were targeted or may have been harmed. In some cases, the CoC Committee may engage an external professional investigator or mediator to assist.
If a potential incident comes to the CoC Committee’s attention that may present a serious continuing risk to community safety, the CoC Committee may investigate or ask Project-level incident responders to investigate, even if no official report has been received.
If the CoC Committee determines that the Code of Conduct was violated, the CoC Committee will decide on what remediation steps should be taken. See “Resolution” below for more information.
During or after the investigation, the CoC Committee shall notify the accused person that an incident report has been received concerning their alleged behavior, unless the CoC Committee determines that the report is meritless or has been filed in bad faith. While the investigation is ongoing, the CoC Committee shall determine in its discretion whether, how, and when to notify the accused person, and how much information to share about the nature of the allegations, if any, taking into consideration risks of retaliation, evidence tampering or destruction, or witness tampering that might result from the notification. Additionally, notification to the accused person shall comply with the Confidentiality Policy. If the accused person was notified of the complaint before or during the investigation, after the incident is resolved, the CoC Committee shall notify the accused person of the outcome.
Although the CoC Committee will not take any permanent actions until the CoC Committee has gathered and reviewed all available evidence, the CoC Committee reserves the right to take immediate temporary action (e.g., temporarily suspending someone’s participation in a community space while the investigation is pending) at any time after learning of the incident if the CoC Committee determines this is necessary to protect the community or community members from the risk of harm.
If the accused person and the parties potentially harmed in an incident communicate to the CoC Committee that they would like to resolve the incident through restorative conversation (see “Restorative Justice" below), mediation, or mutual agreement, the CoC Committee will wait until the parties have attempted to do so before making any final decisions regarding resolution of the incident. If all involved parties consent, the CoC Committee, other community members, or an external professional mediator may help facilitate the discussion. If the involved parties agree on an outcome for resolving the incident, and the CoC Committee will review the outcome to (a) determine if it is adequate or if any further actions need to be taken to protect the health and safety of the community and (b) support the involved parties with implementation and accountability.
The goal of Code of Conduct incident resolution is to support and safeguard the health, safety, and wellbeing of the community and individuals who participate in the community, and to reinforce community standards for acceptable behavior; the purpose is not to punish. Whenever appropriate, the CoC Committee shall seek to resolve incidents using restorative justice and transformative justice approaches, as summarized below.
Restorative justice is a framework that seeks to repair the harm that was caused by an incident, and focuses primarily on the parties directly involved in an incident. The goals of restorative justice are to:
-
Support the individuals harmed in their healing and recovery.
-
Provide the accused person with an opportunity to understand the impact of their actions, learn from their mistakes, and improve their behavior (e.g., through coaching, mentoring, or education).
-
Provide the accused person with opportunities to make amends and take actions that help repair or reduce the harm that was caused (e.g., through an apology or community service).
Restorative justice typically involves a mediated conversation between the accused person and the person harmed for the purposes of creating shared understanding, healing, relationship repair, and closure. However, the CoC Committee will never require individuals involved in an incident to interact or communicate with each other; mediated conversations will only take place if all parties consent.
Transformative justice is a framework that seeks to address systemic issues that may have contributed to or encouraged the harmful behavior (e.g., systems or policies that reward bad behavior, or failure to educate newcomers about standards of conduct). If the CoC Committee determines there are any such systemic issues, the CoC Committee will recommend to the appropriate CNCF governing body or committee that such issues be addressed and, if appropriate, the CoC Committee may offer advice or other support.
If the CoC Committee determines that a violation has occurred, the CoC Committee will consider the following factors when determining what remediation steps to take:
-
Is the harmful behavior an isolated incident or pattern of repeated behavior?
-
How severe is the harmful behavior?
-
How does the harmful behavior impact the community and its participants?
-
What remedies would best repair or reduce the harm that was caused by the incident?
-
What remedies would best protect the community and involved individuals from further harm?
-
Is the accused person willing to acknowledge why their behavior was harmful and improve their behavior? If so, what remedies would best support them in improving their behavior? (e.g., education or mentoring)
-
Are there systemic issues that encouraged and contributed to the harmful behavior? If so, how can the community address these systemic issues to prevent similar incidents from occurring in the future?
The following are examples of remedies the CoC Committee may consider. The following list is non-exhaustive:
-
Issuing a warning
-
Removing harmful content from community or project spaces
-
A public or private apology
-
Temporary suspension or permanent ban from community or project
-
Temporary or permanent removal from leadership role
-
Education, mentoring, or coaching to help the accused improve their behavior
-
Addressing systemic issues that contributed to or encouraged the harmful behavior (e.g., through policy changes) to prevent similar incidents from occurring in the future
If any party does not fulfill their obligations related to resolution of the incident (e.g., if the remediation requires the accused person to complete a non-violent communication course and they fail to do so), the CoC Committee may take further action to resolve the incident.
An incident is considered “resolved” when the CoC Committee has completed its investigation and either (a) determined what remediation actions are needed to resolve an incident (including determining that the involved parties’ agreed-upon resolution is adequate) (b) or determined that the CoC was not violated and no remediation is needed. When the incident is resolved, a member of the CoC Committee will inform the person who submitted the report. The CoC Committee will determine how much information to share with the reporter regarding the committee’s findings and what remediation steps were taken, if any, taking into consideration the privacy, confidentiality, and potential impact to the individuals involved in the incident. Notification to the accused person shall follow Notification to the Accused Person. The CoC Committee will also determine what information, if any, is necessary to share publicly or with community and project leaders. Any communication regarding the results of the investigation shall comply with the Confidentiality Policy. Also see Information Sharing below.
Project-level Code of Conduct responders, the CNCF CoC Committee, and The Linux Foundation or CNCF staff may share information with each other on an as-needed basis about reported incidents and their resolution for the limited purposes of:
-
Ensuring that the incident is resolved by the appropriate body with jurisdiction as described in the Jurisdiction and Escalation Policy,
-
Investigating and resolving the reported incident,
-
Maintaining a central repository of records and confirming whether an accused person has prior violations that were resolved by a different incident response team, as described in the Jurisdiction and Escalation Policy,
-
Implementing protective measures and protecting community members from harm,
-
Issuing public transparency reports regarding CNCF Code of Conduct incidents (similar to transparency reports issued by the Linux Foundation). Such transparency reports will not disclose the identities of reporters, persons harmed, or witnesses. Depending on the resolution of an incident, the accused person might or might not be named in a transparency report or other communication to the community.
When the CNCF CoC Committee handles incident response, only members of the CNCF CoC Committee without hard conflicts of interest (see our Conflicts of Interest policy below) will have access to confidential information pertaining to the incident, including the identities of the reporters. The CNCF CoC Committee will not disclose the identities or confidential information provided by reporters or persons who were targeted or potentially harmed without their permission, except to a limited number of people on an as-needed basis for investigating and resolving the incident and protecting community members from harm. For example, the CNCF CoC Committee might need to disclose certain information about the incident to LF Events Staff in order to arrange for onsite support for a target of harassment, or to an external professional mediator or investigator who is engaged to assist with resolution of the incident. Confidential information about incidents will only be shared with individuals who are obligated to similarly maintain the confidentiality of such information.
In some cases, in order to perform a fair and thorough investigation of a reported incident, it may be necessary to question the accused person about the incident. Although the CNCF CoC Committee will not disclose to the accused person who reported the incident or what witnesses have provided information, if only one person or a very small number of people were involved in or witnessed the incident, the accused person may be able to guess their identities.
In rare situations, the CNCF CoC Committee may be required to disclose confidential information pertaining to an investigation in order to comply with applicable laws, a subpoena, or court order, or to defend against litigation.
The CoCC may, in its discretion, disclose the identity of the accused person to CNCF staff, CNCF community leaders, or CNCF community members if the CoCC determines that such disclosure is necessary to protect the community or its members from harm.
The CNCF community will not tolerate retaliation against community members who report concerns under the CoC in good faith, or who assist in an investigation as witnesses or by providing relevant information. Acts of retaliation are themselves violations of the CNCF Code of Conduct. If you believe you have been retaliated against, please report it using the reporting process described above.
Hard Conflicts: A CoC Committee member has a hard conflict of interest if any of the following are true:
-
They are the accused person, or a person alleged to be directly harmed or targeted by the alleged wrongdoing;
-
They have a close personal relationship (e.g., close friend, spouse, or family member) with the accused person or with a person alleged to be directly targeted or harmed by alleged wrongdoing;
-
They have a close professional relationship (e.g., direct supervisory relationship at same employer) with the accused person or with a person alleged to be directly harmed or targeted by the alleged wrongdoing;
-
They have another personal interest in the outcome of the incident that is likely to undermine their impartiality.
-
Multiple soft conflicts exist.
Soft Conflicts: A CoC Committee member has a soft conflict of interest if any of the following are true:
-
They work at the same company as the accused person, but do not have a close personal or professional relationship (e.g., they work for separate business units or divisions and do not interact on a regular basis);
-
Other circumstances exist which are likely to give the appearance of a conflict of interest, even if such circumstances are not actually likely to undermine their impartiality, such as participating in public discussion about a potential violation or concern regarding the accused person’s behavior in their personal capacity rather than in their official capacity as representative of the CoC Committee.
Merely witnessing a potential Code of Conduct violation does not constitute a conflict of interest.
When a CoC Committee member has a potential soft or hard conflict of interest with respect to a reported incident, they have an obligation to promptly disclose the nature of their potential conflict of interest to the rest of the CoC Committee (unless such potential conflict of interest is already known to the other members of the CoC Committee).
Statements of conflict and confirmation of stated conflicts must be done prior to the initiation of an investigation and recorded in the notes of the first meeting convened to discuss the incident.
A committee member may verbally disclose a conflict statement to the committee first, and then follow up in writing with the statement of conflict. They may also directly provide the statement of conflict in writing.
Statements of conflict must include the kind of conflict (hard or soft) and the specific area of conflict. The committee is then required to confirm the conflict by majority, for the existence of a soft conflict, the confirmation must also outline what that member can and can not do as part of the investigation.
A CoC Committee member with a hard conflict of interest will not be allowed to attend meetings or otherwise participate in discussions or decision-making of the CoC Committee related to the incident; their participation shall be limited to allowing the remaining CoC Committee members to interview them as a witness and providing information requested by the CoC Committee. Additionally, a CoC Committee Member with a hard conflict of interest will not be provided with any confidential information pertaining to the incident (e.g., identities of reporters or contents of confidential reports).
A CoC Committee member with a soft conflict of interest will not have the right to vote, but may be allowed to participate in discussion regarding the incident. The remaining CoC Committee members will decide what information to provide such conflicted member and the extent to which such conflicted member may be present at meetings, participate in discussions, and otherwise assist in resolution of the incident. Any such decisions regarding participation or recusal of a CoC Committee member with a soft conflict of interest will be recorded in the committee’s meeting minutes or other records.
Any amendments to these Incident Resolution Procedures must be approved by the Code of Conduct Committee.
This document includes content based on the Mozilla “How to Report Violations of the Community Participation Guidelines” document , which is based in part on the PyCon Code of Conduct Revision 2f4d980 . Both of these resources are licensed under the Creative Commons Attribution 3.0 Unported License .
This document is licensed under the Creative Commons Attribution 4.0 International License.