Update and refactor CoC policy and processes (#1135)

- Clearly split all CoC related-documents into 4 buckets: 1. The **Code of Conduct** itself, which is also the source of truth for the makeup of the CoC Team, how to contact the CoC Team, and how to report an incident, escalate it, and appeal a decision. 2. The **Code of Conduct Policy**, which defines the higher level aspects of our code of conduct implementation (the _what_). 3. The **CoC Team Charter** which is the mean by which the CPC delegates responsibilities to the CoC Team. 4. Various related **processes** which describe _how_ the policy is implemented. - Replace the Code of Conduct Panel with a Code of Conduct Team instead. - Standardize on the language used in the Contributor Covenant and in the CNCF and use it consistently throughout. - Clarify the escalation and appeal policies. - Be explicit about the projects's freedom to implement moderation policies - Create a placeholder for all of the processes related to the makeup and structure of the CoC Team. - Add an indication at the top of each related file pointing people who just want to report an incident to the right place. - Clean up a number of smaller issues. - Clarify the requirements for projects who opt-in to manage incident reports themselves. Make the policy generic so that it applies both to those projects and to the CoC. --------- Signed-off-by: Tobie Langel <tobie@unlockopen.com> Signed-off-by: Paula <8395352+PaulaPaul@users.noreply.github.com> Co-authored-by: Michael Dawson <mdawson@devrus.com> Co-authored-by: Jordan Harband <ljharb@gmail.com> Co-authored-by: Mohammed Keyvanzadeh <mohammadkeyvanzade94@gmail.com> Co-authored-by: Ben Hutton <relequestual@gmail.com> Co-authored-by: Paula <8395352+PaulaPaul@users.noreply.github.com> Co-authored-by: Eemeli Aro <eemeli@gmail.com>
openjs-foundation · Feb 24, 2024 · 0c30a26 · 0c30a26
1 parent aa2b0ea
commit 0c30a26
Show file tree

Hide file tree

Showing 10 changed files with 261 additions and 173 deletions.
diff --git a/CODE_OF_CONDUCT.md b/CODE_OF_CONDUCT.md
@@ -1,17 +1,8 @@
-# Code of Conduct
+# OpenJS Foundation Code of Conduct
 
-The OpenJS Foundation and its member projects use [Contributor Covenant v2.0](https://contributor-covenant.org/version/2/0/code_of_conduct) as their code of conduct. The full text is included below in English, and [translations](https://www.contributor-covenant.org/translations) are available on the Contributor Covenant website.
+## Report an incident
 
-## Commitment
-
-All recipients of reports commit to:
-
-- maintain the confidentiality with regard to the reporter and victim of an incident
-- participate in the path for escalation as outlined in the section on Escalation when required
-
-## Report an issue in a project
-
-1. To report an issue in one of the projects listed below, please use the method provided. The project itself is responsible for managing these reports.
+1.  To report an incident in one of the projects listed below, please use the method provided. The project itself is responsible for managing these reports.
     * **AMP Project:** <code-of-conduct@amp.dev>
     * **Appium:** email maintainers
     * **Electron:** <coc@electronjs.org>
@@ -23,23 +14,29 @@ All recipients of reports commit to:
     * **Node-RED:** <team@nodered.org>
     * **Webdriver.io:** [contact TSC reps](https://github.com/webdriverio/webdriverio/blob/HEAD/AUTHORS.md)
     * **Webhint:** <support@webhint.io>
-2. For every other OpenJS Foundation project, please email <report@lists.openjsf.org>. The Cross Project Council (CPC) is responsible for managing these reports.
+
+    In case of a conflict of interest, if the report is not handled appropriately (for example, if there are unacceptable delays, a lack of communication, confidentiality isn't respected, etc.), or in case of an emergency, you may [escalate the report][escalation] to the [Code of Conduct Team (CoC Team)][CoC Team] by emailing <coc@openjsf.org> or by contacting any of its members.
+2.  **To report any other incident** (for example: in an OpenJS Foundation project not listed above, in a Collab Space, in the Cross Project Council, or during an event), please email the [Code of Conduct Team (CoC Team)][CoC Team] at <coc@openjsf.org> or contact any of its members.
+
+### Appeal a decision
 
+Harmed individuals and accused individuals may [appeal][] the decision to the CoC Team up to thirty (30) days after a response was provided if they believe that the process was not followed properly. Appeals do not delay or block the execution of decisions communicated in the response.
 
-## Report an issue in a space managed by the foundation
+To [appeal][] a decision, please email the [Code of Conduct Team (CoC Team)][CoC Team] at <coc@openjsf.org>.
 
-For reporting issues in spaces managed by the OpenJS Foundation, for example, repositories within the OpenJS organization or an live event such as a conferences, email <report@lists.openjsf.org>. The Cross Project Council (CPC) is responsible for managing these reports.
+## Code of Conduct Team (CoC Team)
 
-## Escalate an issue
+The Code of Conduct Team (CoC Team) is a foundation-wide team established to manage code of conduct incident reports across the whole foundation (except for [projects who have opted-in][opted-in] to manage reports directly), escalation of reports managed by projects, and appeals to decisions made in response to incidents. The CoC Team is currently composed of:
 
-The OpenJS Foundation maintains a [Code of Conduct Panel (CoCP)](https://github.com/openjs-foundation/cross-project-council/blob/HEAD/conduct/FOUNDATION_CODE_OF_CONDUCT_REQUIREMENTS.md#code-of-conduct-panel). This is a foundation-wide team established to manage escalation when a reporter believes that a report to a member project or the CPC has not been properly handled.
+- Robin Ginn (OpenJSF Executive Director) <rginn@linuxfoundation.org>
+- Kylie Wagar-Dirks (OpenJSF Communications Manager) <kwagar@linuxfoundation.org>
+- Joe Sepi (Cross Project Council Chair) <sepi@joesepi.com> 
 
-In order to escalate to the CoCP, email <coc-escalation@lists.openjsf.org>.
+You may contact the CoC Team at <coc@openjsf.org> or contact any of its members.
 
 ## More Info
 
-For more information, refer to the full
-[Code of Conduct governance document](https://github.com/openjs-foundation/cross-project-council/blob/HEAD/conduct/FOUNDATION_CODE_OF_CONDUCT_REQUIREMENTS.md).
+For more information, refer to the [Code of Conduct Policy](https://github.com/openjs-foundation/cross-project-council/blob/HEAD/conduct/COC_POLICY.md).
 
 ---
 
@@ -105,13 +102,11 @@ representative at an online or offline event.
 
 Instances of abusive, harassing, or otherwise unacceptable behavior may be
 reported to the community leaders responsible for enforcement at
-the email addresses listed above in the
-[Reporting](#report-an-issue-in-a-project) and
-[Escalation](#escalate-an-issue) sections.
+the email addresses listed above in the [Reporting](#report-an-incident) section.
 All complaints will be reviewed and investigated promptly and fairly.
 
 All community leaders are obligated to respect the privacy and security of the
-reporter of any incident.
+harmed individuals and the reporter(s) of any incident.
 
 ## Enforcement Guidelines
 
@@ -177,3 +172,8 @@ For answers to common questions about this code of conduct, see the FAQ at
 [Mozilla CoC]: https://github.com/mozilla/diversity
 [FAQ]: https://www.contributor-covenant.org/faq
 [translations]: https://www.contributor-covenant.org/translations
+[escalation]: https://github.com/openjs-foundation/cross-project-council/blob/main/conduct/COC_POLICY.md#escalation
+[appeal]: https://github.com/openjs-foundation/cross-project-council/blob/main/conduct/COC_POLICY.md#appeals
+[CoC Team]: https://github.com/openjs-foundation/cross-project-council/blob/main/conduct/COC_POLICY.md#code-of-conduct-team-coc-team
+[opted-in]: https://github.com/openjs-foundation/cross-project-council/blob/main/conduct/COC_POLICY.md#delegation-to-projects
+
diff --git a/README.md b/README.md
@@ -218,8 +218,8 @@ If an Observer fails to meet these expectations they can be excluded from future
 
 #### Code of Conduct
 * [Code of Conduct](CODE_OF_CONDUCT.md) - This is the canonical version of the code of conduct adopted by the Foundation and all of its projects.
-* [Foundation Code of Conduct Requirements](./conduct/FOUNDATION_CODE_OF_CONDUCT_REQUIREMENTS.md) - This describes what projects need to do to properly implement the Foundations's code of conduct.
-* [Handling Code of Conduct Reports and Escalation](./conduct/HANDLING_CODE_OF_CONDUCT_REPORTS.md) - This explains how projects need to handle code of conduct violations and how, when, and to whom they need to be escalated.
+* [Code of Conduct Policy](./conduct/COC_POLICY.md) - This describes the Foundation's policy for code of conducts.
+* [Incident Management Processes](./conduct/COC_PROCESS_FOR_INCIDENT_MANAGEMENT.md) - This explains how the CoC Team and projects handle code of conduct violations and how, when, and to whom they need to be escalated.
 * [Member Expectations](./conduct/MEMBER_EXPECTATIONS.md) - Additional behavior expectations of CPC members and project leaders.
 
 #### The CPC itself

diff --git a/conduct/COC_POLICY.md b/conduct/COC_POLICY.md
@@ -0,0 +1,128 @@
+This document defines the OpenJS Foundation's code of conduct policy.
+
+If you want to report an incident, go to [code-of-conduct.openjsf.org][CoC].
+
+***
+
+# Code of Conduct Policy
+
+The OpenJS Foundation (OpenJSF) delegates to the Cross Project Council (CPC), via its [charter][], the responsibility of choosing, maintaining, and enforcing a Code of Conduct (CoC) for all of its projects, collab spaces, and for any related activities.
+
+## Code of Conduct
+
+The OpenJSF's code of conduct is located at [code-of-conduct.openjsf.org][CoC]. It is based on the [Contributor Covenant](https://www.contributor-covenant.org/).
+
+A common code of conduct allows a common escalation and appeal process and allows better support of projects in their efforts to apply the code of conduct.
+
+All OpenJSF projects, collab spaces, and any activities related to the OpenJSF are operating under this code of conduct unless otherwise stated. (For example, events organized in partnership with other organizations might be operating under a different code of conduct.)
+
+Projects joining the foundation that already have a code of conduct will need to adopt the OpenJSF's CoC within three (3) months. Projects that don't already have a code of conduct operate under the OpenJSF's CoC as soon as they enter incubation.
+
+## Reporting incidents
+
+Reporting incidents should be as simple and flexible as possible.
+
+All information necessary to report an incident must be publicly documented directly alongside the code of conduct itself. This information must contain at least the following:
+
+1. A general email address at which incidents can be reported.
+2. The name and email address of each recipient of the general email address.
+
+Reporters may choose to report an incident by using the general email address provided or by contacting any of its recipients individually, either by using their provided email, reaching out in person, or by any other reasonable means.
+
+An acknowledgment of receipt should be promptly issued to incident reporters.
+
+The name and contact details of the people responsible for managing the incident report should be provided to reporters as soon as possible (to uncover conflicts of interest upfront and allow for escalation).
+
+## Incidents requiring immediate action
+
+Individuals responsible for managing incident reports are empowered to take immediate action in order to prevent further harm, for example by blocking someone from accessing virtual spaces managed by a project or the Foundation or by removing someone from an event.
+
+These actions must be documented at the earliest convenient occasion for review by the Code of Conduct Team or the other people responsible for managing incident reports for the related project.
+
+## Incident Response
+
+All incident reports will be reviewed and investigated and will result in a response that is deemed necessary and appropriate to the circumstances.
+
+## Responsiveness
+
+Every incident report, escalation request, or appeal will be promptly acknowledged upon receipt and a response provided in a timely manner. All parties involved should be kept informed and updated in a timely and efficient manner.
+
+## Transparency
+
+The number and relevant details of the reported incidents, escalation requests, and appeals, along with the responses made and actions taken should be made available, at least on a yearly basis, in a redacted form, to the Cross Project Council for further dissemination.
+
+## Record keeping
+
+A record of all communications related to an incident report, escalation request, or appeal must be kept.
+
+## Confidentiality
+
+The identity of the harmed individual(s) and the reporter(s) of an incident report must be kept confidential.
+
+The identity of the accused individual should be kept confidential. However, incidents requiring immediate action (e.g. to prevent further harm) and implementing the decision resulting from the incident management process might require sharing the identity of the accused individual beyond the people involved in the incident management process itself. Additionally, the obligation of confidentiality towards the accused individual ends if the accused individual chooses to disclose the information publicly. In all cases, however, care should be taken to limit information sharing to what is strictly necessary to address the issue at hand and avoid making that sharing retaliatory.
+
+## Conflict of Interest
+
+Any person involved with the management of an incident report must immediately notify the CoC Team in writing and recuse themselves from the process if they have been involved in the incident itself or have any other conflict of interest with any of the involved parties (e.g. same employer).
+
+## Enforcement
+
+### Incident management processes
+
+The Cross Project Council (CPC) defines, documents, and maintains all processes necessary for the management of incident reports and the enforcement of the code of conduct and this policy through the [CoC Process for Incident Management](COC_PROCESS_FOR_INCIDENT_MANAGEMENT.md).
+
+The CPC works with the OpenJS Foundation staff to develop the infrastructure and processes necessary to comply with the requirements of this policy, notably when it comes to record-keeping, confidentiality, and transparency.
+
+### Code of Conduct Team (CoC Team)
+
+The Cross Project Council (CPC) delegates enforcement of the code of conduct to the Code of Conduct Team (CoC Team) through the [CoC Team Charter][].
+
+The structure of the CoC Team and how its members are elected are described in the [CoC Team Charter][].
+
+The current composition of the CoC Team is available in the [code of conduct][CoC] itself along with means to contact by email the whole CoC Team and each of its members individually.
+
+The CoC Team is responsible for applying the [incident management processes][].
+
+The CoC Team is empowered to involve external people to resolve an issue provided these commit to abide by the code of conduct, the [incident management processes][], and by this policy.
+
+### Delegation to projects
+
+Projects may opt-in to enforce the code of conduct themselves provided they meet the following requirements:
+
+1. Commit to uphold the code of conduct.
+2. Commit to uphold this policy.
+3. Provide a general email address where incidents can be reported and document it alongside the code of conduct.
+4. Define and publicly document a process by which the project selects people responsible for managing incident reports. For Impact and At Large projects, at least two people must be selected.
+5. List the people responsible for managing incident reports alongside the code of conduct as outlined in the [Reporting incidents section](#reporting-incidents).
+6. Publicly document their decision-making process for responding to incident reports.
+7. Document the foundation's escalation and appeal process alongside the code of conduct.
+8. Participate in good faith in the [escalation](#escalation) and [appeal](#appeals) processes.
+
+## Moderation
+
+Each project is free to implement moderation processes appropriate for the size and scope of the project provided these processes abide by the code of conduct and by this policy.
+
+## Escalation
+
+Reporters, harmed individuals, and accused individuals may [escalate](#escalation) an issue to the CoC Team at any point in the process in case of a conflict of interest, if the report is not being handled appropriately (for example, if there are unacceptable delays, a lack of communication, confidentiality isn't respected, etc.), or in case of an emergency.
+
+The CoC Team is empowered to manage escalation requests of incident reports managed by projects that have opted-in to enforce the code of conduct themselves.
+
+If the CoC Team finds that the escalation request has merit, the CoC Team may decide to take over the management of the incident report or refer the issue to the Cross Project Council which may request changes to the existing management process. 
+
+Projects are expected to participate in good faith in the escalation process and to share all the information related to the incident report with the CoC Team. The CoC Team is expected to consider project and community needs during the escalation process and may involve the Cross Project Council if necessary and project leadership if appropriate.
+
+## Appeals
+
+Harmed individuals and accused individuals have thirty (30) days after a response was provided to appeal to the CoC Team a decision made in response to an incident report. Decisions may only be appealed on the grounds that the documented process was not properly followed or that it did not meet the requirements of this policy. If the CoC Team finds that the appeal has merit, it may decide to override the decision that was previously made.
+
+If the initial report was already managed by the CoC Team, a different set of CoC Team members should be chosen to manage the appeal process. The CoC Team may choose to involve external people if needed.
+
+If the appeal follows an incident report managed by a project, the project is expected to participate in good faith in the appeal process and to share all the information related to the incident report with the CoC Team. The CoC Team is expected to consider project and community needs during the appeal and may involve the Cross Project Council if necessary and project leadership if appropriate.
+
+Appeals do not delay or block the execution of decisions communicated in the response.
+
+[CoC]: https://code-of-conduct.openjsf.org/
+[Charter]: https://github.com/openjs-foundation/cross-project-council/blob/main/CPC-CHARTER.md
+[CoC Team Charter]: https://github.com/openjs-foundation/cross-project-council/blob/main/conduct/COC_TEAM_CHARTER.md
+[incident management processes]:  https://github.com/openjs-foundation/cross-project-council/blob/main/conduct/COC_PROCESS_FOR_INCIDENT_MANAGEMENT.md
diff --git a/conduct/COC_PROCESS_FOR_INCIDENT_MANAGEMENT.md b/conduct/COC_PROCESS_FOR_INCIDENT_MANAGEMENT.md
@@ -0,0 +1,11 @@
+This document defines how the OpenJS Foundation implements its code of conduct.
+
+If you want to report an incident, go to [code-of-conduct.openjsf.org][CoC].
+
+***
+
+The CPC will be updating these processes shortly. Progress is tracked in [Issue #1256](https://github.com/openjs-foundation/cross-project-council/issues/1256).
+
+In the meantime, the previous code of conduct incident management processes can be found [here](https://github.com/openjs-foundation/cross-project-council/blob/cf85fee1411de2c06632d83a9e4876fa8eeb0787/conduct/HANDLING_CODE_OF_CONDUCT_REPORTS.md).
+
+[CoC]: https://code-of-conduct.openjsf.org/