+1 and happy to help in anyway I can!

On Tue, May 17, 2022 at 2:39 PM Brandon Lum <lumjjb@...> wrote:

+1!!!! For TAG security, we had added additional practice guidelines, as a start. So, it would definitely help if we had a forum or committee for this discussion!

On Tue, May 17, 2022 at 2:20 PM Chris Short via lists.cncf.io <cbshort=amazon.com@...> wrote:

HUGE +1 to this.

Chris Short

He/Him/His

Sr. Developer Advocate, AWS Kubernetes (GitOps)

TZ=America/Detroit

On May 17, 2022, at 13:19, Stephen Augustus (augustus) via lists.cncf.io <augustus=cisco.com@...> wrote:



CAUTION: This email originated from outside of the organization. Do not click links or open attachments unless you can confirm the sender and know the content is safe.

This is wonderful idea, Paris. +1!

---

Stephen Augustus (he/him)

Head of Open Source

augustus@...

My working hours may not be your working hours.

Please do not feel obligated to reply outside of your normal work schedule.

---

From: cncf-toc@... <cncf-toc@...> on behalf of Paris Pittman <paris.pittman@...>
Sent: Tuesday, May 17, 2022, 06:41
To: CNCF TOC <cncf-toc@...>
Subject: [cncf-toc] CNCF Code of Conduct Community of Practice?

Hi TOC and community,

 I believe we are at a point where a CNCF code of conduct community of practice will serve us well. I sat on the first Kubernetes Code of Conduct committee and many of the below ideas stemmed from my experiences there. Whether this is a body, community of practice, incident management team, etc is all up for discussion.

Would it be possible to put this on the next TOC agenda? If folks are interested in this work and at KubeCon, give a shout; even if you’re virtual, I’m hanging on CNCF Slack. 

-paris 

To help get the ball rolling for discussion, here are some rough ideas:

https://github.com/cncf/foundation/blob/main/charter.md#13-code-of-conduct

Purpose

Create a community of practice around code of conduct matters at the CNCF Community level. This community of practice could be bootstrapped by an independant committee, a working group of TAG Contributor Strategy, or another organizational design that TOC thinks would position this group for success with the ultimate goal of an independent body. This doc is not intended to be implementation details but the establishment of such a community.

Goals

• community members creating policy and carrying out enforcement
• creating a safe space for reporters
• Focus on mediation rather than ligitation. goals of having a community member/body take reports vs CNCF staff and lawyers. 
• cncf community members, project contributors, toc, ambassadors, and cncf staff would have this as a resource
• build trust via community involvement and transparency reporting 

NonGoals

• require changes to projects that already have defined code of conduct systems in place that aren’t LF support; eg Kubernetes Code of Conduct Committee

Knowns

• Kubernetes has a code of conduct committee. It was created independently due to scale, our values, and desire for a community run program. https://github.com/kubernetes/community/blob/master/committee-code-of-conduct/bootstrapping-process.md
• OpenTelemetry’s GC acts as a CoCC.
• All other projects, which are governed by CNCF staff, go to Chris A or Priyanka as first step
• CNCF Staff consults with laywers to enforce their code of conduct; this is seen as a power differential in the community; “a business approach”
• Most CoC language on LF sites are geared towards events and not other situations or related conduct matters
• There have been issues in the past with community members confused on where to file issues, who enforces, and where/when at cloud native related events. Example: If its “kubecon” does that mean conduct@...?

Responsibilities and Composition

• Nominations from TOC and community; TOC shortlist for qualifications; community votes
• everyone gets training
• initial group bootstraps the function
  • build out policies and procedures that fit with the ecosystem
  • create roles and teams
  • create a charter

Opportunities

• Allows CNCF staff to focus on project operations and membership vs mediating community challenges and incidents. Instead puts mediation and enforcement into the community. 
• focus on mediation vs litigation.
• incident management and transparecy reporting //build out an incident management team
• projects can plug into this with better incident reporting structures than contact someone an attorney at Linux Foundation
• projects can have liasion reps which can then feed into staffing for incident response groups

Next Steps

• Discuss at a TOC meeting
• Bring in current and emeritus Kubernetes CoCC to help formulate and bootstrap discussions
• Bring in project maintainers from CNCF projects; possiby create a special Maintainers Circle for this topic

Open Questions

• We would need this to be an independent body. Where would that sit?
• can an overarching committee have sufficient visibility into project-specific context to offer quality outcomes around restoration after an incident?
• Does a CoC action taken in one project affect a contributor’s ability to participate in other CNCF projects?
• Escalation path for events?
• Liability coverage for Committee decisions

--

Diane Mueller

(mobile) 604.765.3635
(twitter) pythondj
(skype) xbrlspy
(email) dmueller2001@...



This email is intended only for the person or entity to which it is addressed and may contain confidential information and/or privileged information. Any use of this information by persons or entities other than the intended recipient is prohibited. If you received this in error, please contact the sender and delete the email and all copies (electronic or otherwise) immediately. Thank you.