doc: move COC proposal to stage 3

[mhdawson]

No description provided.

[mcollina]

LGTM

[tobie]

@nainar is the facilitator of the Code of Conduct WG over at AMP. She's currently updating AMP's CoC and related processes as part of the onboarding checklist (see ampproject/wg-codeofconduct#6). She had a few suggestions to make regarding some of the processes here. Is this pull request the right venue for that?

[jorydotcom]

@tobie @nainar that would be great - by all means suggest away! Whatever we aren't able to work into this PR, perhaps is fodder for iteration in a new issue.

[mhdawson]

@tobie please feel free to make the suggestions.

[nainar]

Thank you for the warm welcome folks! The AMP Project code of conduct WG started reading the Open JS code of conduct policies and we will hopefully comment here soon with clarifications/concerns.

[nainar]

Hi folks,

Since Github comments aren't possible on files not changed in this issue I am just pasting the questions inline. I apologize for the length. Let me know if there is a better forum or way of raising these issues inline:

Proposed Open JS code of conduct:
https://github.com/openjs-foundation/cross-project-council/blob/master/CODE_OF_CONDUCT.md links to here: https://www.contributor-covenant.org/version/1/4/code-of-conduct

• The code of conduct is hosted by another organization - is this correct?
  • This version was published in 2014, almost 6 years ago. Is it open to changes? Why was this code of conduct chosen over creating our own?
  • How are the adopters of this Code of conduct informed if it changes?
  • Would it be better to host a local copy and manually pull in changes periodically?
• The Open JS Code of Conduct doesn't have discrimination and racism in it's code of conduct at all. This should be addressed.
  • There is a catch all: "Other conduct which could reasonably be considered inappropriate in a professional setting" However it would be best for discrimination and racism to be called out specifically as the AMP code of conduct does.
  • “Public or private harassment” - why are public and private are differentiated here?
• The code of conduct enforcement section calls out: "The project team is obligated to maintain confidentiality with regard to the reporter of an incident".
  • The reporter doesn't need to be the victim. They should both be protected.
  • Who is the project team? Is it OpenJS? Is it AMP (or any other individual project)?
  • What about the perpetrator? Do they deserve confidentiality in external transparency reports?

Handling reports:
https://github.com/openjs-foundation/cross-project-council/blob/master/proposals/stage-2/CODE_OF_CONDUCT/HANDLING-REPORTS.md

• It is using the word "reportee" incorrectly. The "reportee" is the one who is being reported.
  • Also conflation with reporter and victim again?
• The resolution offered section:
  • This section relies on the reportee (reporter or victim?) accepting the CoC committee's resolution.
  • Is this necessary? This requires sharing all the insights of the process with the reportee. This deanonymizes the perpetrator's details. I can see them needing to accept "We will have to share your name" but not needing to accept "We will still allow the perpetrator into the space."
  • This section basically says that the reporter or victim can influence the outcome.
  • Do 2 CoC violations of the same nature constitute different outcomes because 1 victim has stronger concerns than the other?
• What is the benefit of listing out these steps? To think of the user’s POV, all I want to know is
  • Who should I report to?
  • Will this be confidential?
  • When do I expect a resolution?
  • How do I know the outcome will be fair?
• What is the difference between reporting and escalating? How do I know which one to choose if I want to report an incident? What is the benefit of having 2 separate processes?
• The information gathering section offers no beneficial insight to the reader. “Time is allocated to make sure everyone has access to info” - so what?
• Typos (ex: “/CODE_OF_CONDUCT_PANEL_MEMERS.md” with no hyperlink)

General

• What is their policy on sharing information with non CoC members?
• E.g. In some cases the CoC group may need security support to stop someone from entering a premise.
• Sometimes CoC violations require quick action, i.e. offensive GitHub comments. Do these instances get reported to report@openjsf.org or to the AMP’s CoC? If the former, does a member of CPC need repo rights to delete comments / ban users? How can the CPC ensure that they will perform the 6 steps of the reporting process in a timely manner?
• The Handling Reports doc does not reference the CoC anywhere. Given it is referencing the CoC to see if a violation occurred the document itself should refer to the CoC.

[mhdawson]

Some quick, incomplete answers on some of the key questions. Answers are to provide context of past discussions, not to mean changes are not appropriate.

Why was this code of conduct chosen over creating our own?

• Early on in the discussion, it was agreed it was better to choose a well established CoC that was widely used as opposed to creating our own. @MylesBorins can probably comment further.

What is the benefit of listing out these steps? To think of the user’s POV, all I want to know i

• FOUNDATION_CODE_OF_CONDUCT_REQUIREMENTS.md documents the external view of the process. Of the 2 this is the one which covers (or should) what you indicated is important.
• HANDLING_CODE_OF_CONDUCT_REPORTS.md documents the internal process. This is for those within the OpenJS so that they can understand/follow the appropriate steps when handling reports.

What is the difference between reporting and escalating?

• The expectation is that incidents are reported to projects (or the CPC for Foundation spaces) and each project can have it's own process for handling them.
• Escalation is intended to handle the case where those involved believe that the report was not handled appropriately. In that case they can escalate to the CoCP through the escalation process.

Do these instances get reported to report@openjsf.org or to the AMP’s CoC?

• Each project is expected to have it's own process and reporting methods,the OpenJSF only gets involved if the report is escalated so in most cases the OpenJSF should not be involved at all.

[nainar]

Created a pull request on Contributor Convenant here: EthicalSource/contributor_covenant#733

[nainar]

Also I don't have edit access on this project so I can't edit this PR. Is it ok if I create a new one and block this PR on that?

[mhdawson]

@nainar sure.

[nainar]

Blocking on: #407

[mhdawson]

#407 landed and this has been rebased on it.

We should probably now wait for discussion on #413 to conclude

[mhdawson]

#413 is complete.

There is agreement as captured in #432 (comment). That this can land.

I believe this falls under the existing CPC Charter as per Supporting projects in their enforcement of Code of Conduct violations and escalation. and therefore does not need board approval.

Therefore it can be considered a change to the CPC governance and can be landed as we've met the criteria for landing in https://github.com/openjs-foundation/cross-project-council/blob/master/GOVERNANCE.md#merging-prs-into-this-repository:

• There are no outstanding objections
• There are two approvals by CPC members
• The PR has been open for at least 72 hours
• The PR has been open for at least 14 days