Just catching up on emails after the event, but a huge +1 to this effort and I'd be happy to help/contribute in any way I can :)

Regards,

Divya

On Sat, 21 May, 2022, 7:35 pm Scott Rigby, <scott@...> wrote:

a few days late to the party...

Paris, 💯 to this

Dims, 👍 to designing in collaboration with the community

xo

On Thu, May 19, 2022 at 1:08 AM Davanum Srinivas <davanum@...> wrote:

Joanna,

Quick note on something I touched on when we chatted at dinner.

Here's the relevant section as pointed out by Paris below (pasting the same url here for your reference):
https://github.com/cncf/foundation/blob/main/charter.md#13-code-of-conduct

The text as it stands today says two things:

Point #1 -  "All participants agree to abide by The Linux Foundation Code of Conduct available at https://events.linuxfoundation.org/code-of-conduct."

Point #2 - "The TOC may vote to adopt its own code of conduct for the CNCF community."

Our Charter clearly puts "code of conduct for the CNCF community" in the hands of the TOC (says so right there!), just writing one is not enough and any Code of Conduct needs to be enforced for it to have any effect, So we will look at options to design this properly in collaboration with the community which this Code of Conduct will end up governing!

thanks,

Dims

On Tue, May 17, 2022 at 12:40 PM Paris Pittman <paris.pittman@...> wrote:

Hi TOC and community,

 I believe we are at a point where a CNCF code of conduct community of practice will serve us well. I sat on the first Kubernetes Code of Conduct committee and many of the below ideas stemmed from my experiences there. Whether this is a body, community of practice, incident management team, etc is all up for discussion.

Would it be possible to put this on the next TOC agenda? If folks are interested in this work and at KubeCon, give a shout; even if you’re virtual, I’m hanging on CNCF Slack. 

-paris 

To help get the ball rolling for discussion, here are some rough ideas:

https://github.com/cncf/foundation/blob/main/charter.md#13-code-of-conduct

Purpose

Create a community of practice around code of conduct matters at the CNCF Community level. This community of practice could be bootstrapped by an independant committee, a working group of TAG Contributor Strategy, or another organizational design that TOC thinks would position this group for success with the ultimate goal of an independent body. This doc is not intended to be implementation details but the establishment of such a community.

Goals

• community members creating policy and carrying out enforcement
• creating a safe space for reporters
• Focus on mediation rather than ligitation. goals of having a community member/body take reports vs CNCF staff and lawyers. 
• cncf community members, project contributors, toc, ambassadors, and cncf staff would have this as a resource
• build trust via community involvement and transparency reporting 

NonGoals

• require changes to projects that already have defined code of conduct systems in place that aren’t LF support; eg Kubernetes Code of Conduct Committee

Knowns

• Kubernetes has a code of conduct committee. It was created independently due to scale, our values, and desire for a community run program. https://github.com/kubernetes/community/blob/master/committee-code-of-conduct/bootstrapping-process.md
• OpenTelemetry’s GC acts as a CoCC.
• All other projects, which are governed by CNCF staff, go to Chris A or Priyanka as first step
• CNCF Staff consults with laywers to enforce their code of conduct; this is seen as a power differential in the community; “a business approach”
• Most CoC language on LF sites are geared towards events and not other situations or related conduct matters
• There have been issues in the past with community members confused on where to file issues, who enforces, and where/when at cloud native related events. Example: If its “kubecon” does that mean conduct@...?

Responsibilities and Composition

• Nominations from TOC and community; TOC shortlist for qualifications; community votes
• everyone gets training
• initial group bootstraps the function
• build out policies and procedures that fit with the ecosystem
• create roles and teams
• create a charter

Opportunities

• Allows CNCF staff to focus on project operations and membership vs mediating community challenges and incidents. Instead puts mediation and enforcement into the community. 
• focus on mediation vs litigation.
• incident management and transparecy reporting //build out an incident management team
• projects can plug into this with better incident reporting structures than contact someone an attorney at Linux Foundation
• projects can have liasion reps which can then feed into staffing for incident response groups

Next Steps

• Discuss at a TOC meeting
• Bring in current and emeritus Kubernetes CoCC to help formulate and bootstrap discussions
• Bring in project maintainers from CNCF projects; possiby create a special Maintainers Circle for this topic

Open Questions

• We would need this to be an independent body. Where would that sit?
• can an overarching committee have sufficient visibility into project-specific context to offer quality outcomes around restoration after an incident?
• Does a CoC action taken in one project affect a contributor’s ability to participate in other CNCF projects?
• Escalation path for events?
• Liability coverage for Committee decisions

--

Davanum Srinivas :: https://twitter.com/dims

a few days late to the party...

Paris, 💯 to this

Dims, 👍 to designing in collaboration with the community

xo

On Thu, May 19, 2022 at 1:08 AM Davanum Srinivas <davanum@...> wrote:

Joanna,

Quick note on something I touched on when we chatted at dinner.

Here's the relevant section as pointed out by Paris below (pasting the same url here for your reference):
https://github.com/cncf/foundation/blob/main/charter.md#13-code-of-conduct

The text as it stands today says two things:

Point #1 -  "All participants agree to abide by The Linux Foundation Code of Conduct available at https://events.linuxfoundation.org/code-of-conduct."

Point #2 - "The TOC may vote to adopt its own code of conduct for the CNCF community."

Our Charter clearly puts "code of conduct for the CNCF community" in the hands of the TOC (says so right there!), just writing one is not enough and any Code of Conduct needs to be enforced for it to have any effect, So we will look at options to design this properly in collaboration with the community which this Code of Conduct will end up governing!

thanks,

Dims

On Tue, May 17, 2022 at 12:40 PM Paris Pittman <paris.pittman@...> wrote:

Hi TOC and community,

 I believe we are at a point where a CNCF code of conduct community of practice will serve us well. I sat on the first Kubernetes Code of Conduct committee and many of the below ideas stemmed from my experiences there. Whether this is a body, community of practice, incident management team, etc is all up for discussion.

Would it be possible to put this on the next TOC agenda? If folks are interested in this work and at KubeCon, give a shout; even if you’re virtual, I’m hanging on CNCF Slack. 

-paris 

To help get the ball rolling for discussion, here are some rough ideas:

https://github.com/cncf/foundation/blob/main/charter.md#13-code-of-conduct

Purpose

Create a community of practice around code of conduct matters at the CNCF Community level. This community of practice could be bootstrapped by an independant committee, a working group of TAG Contributor Strategy, or another organizational design that TOC thinks would position this group for success with the ultimate goal of an independent body. This doc is not intended to be implementation details but the establishment of such a community.

Goals

• community members creating policy and carrying out enforcement
• creating a safe space for reporters
• Focus on mediation rather than ligitation. goals of having a community member/body take reports vs CNCF staff and lawyers. 
• cncf community members, project contributors, toc, ambassadors, and cncf staff would have this as a resource
• build trust via community involvement and transparency reporting 

NonGoals

• require changes to projects that already have defined code of conduct systems in place that aren’t LF support; eg Kubernetes Code of Conduct Committee

Knowns

• Kubernetes has a code of conduct committee. It was created independently due to scale, our values, and desire for a community run program. https://github.com/kubernetes/community/blob/master/committee-code-of-conduct/bootstrapping-process.md
• OpenTelemetry’s GC acts as a CoCC.
• All other projects, which are governed by CNCF staff, go to Chris A or Priyanka as first step
• CNCF Staff consults with laywers to enforce their code of conduct; this is seen as a power differential in the community; “a business approach”
• Most CoC language on LF sites are geared towards events and not other situations or related conduct matters
• There have been issues in the past with community members confused on where to file issues, who enforces, and where/when at cloud native related events. Example: If its “kubecon” does that mean conduct@...?

Responsibilities and Composition

• Nominations from TOC and community; TOC shortlist for qualifications; community votes
• everyone gets training
• initial group bootstraps the function
• build out policies and procedures that fit with the ecosystem
• create roles and teams
• create a charter

Opportunities

• Allows CNCF staff to focus on project operations and membership vs mediating community challenges and incidents. Instead puts mediation and enforcement into the community. 
• focus on mediation vs litigation.
• incident management and transparecy reporting //build out an incident management team
• projects can plug into this with better incident reporting structures than contact someone an attorney at Linux Foundation
• projects can have liasion reps which can then feed into staffing for incident response groups

Next Steps

• Discuss at a TOC meeting
• Bring in current and emeritus Kubernetes CoCC to help formulate and bootstrap discussions
• Bring in project maintainers from CNCF projects; possiby create a special Maintainers Circle for this topic

Open Questions

• We would need this to be an independent body. Where would that sit?
• can an overarching committee have sufficient visibility into project-specific context to offer quality outcomes around restoration after an incident?
• Does a CoC action taken in one project affect a contributor’s ability to participate in other CNCF projects?
• Escalation path for events?
• Liability coverage for Committee decisions

--

Davanum Srinivas :: https://twitter.com/dims

Joanna,

Quick note on something I touched on when we chatted at dinner.

Here's the relevant section as pointed out by Paris below (pasting the same url here for your reference):
https://github.com/cncf/foundation/blob/main/charter.md#13-code-of-conduct

The text as it stands today says two things:

Point #1 -  "All participants agree to abide by The Linux Foundation Code of Conduct available at https://events.linuxfoundation.org/code-of-conduct."

Point #2 - "The TOC may vote to adopt its own code of conduct for the CNCF community."

Our Charter clearly puts "code of conduct for the CNCF community" in the hands of the TOC (says so right there!), just writing one is not enough and any Code of Conduct needs to be enforced for it to have any effect, So we will look at options to design this properly in collaboration with the community which this Code of Conduct will end up governing!

thanks,

Dims

On Tue, May 17, 2022 at 12:40 PM Paris Pittman <paris.pittman@...> wrote:

Hi TOC and community,

 I believe we are at a point where a CNCF code of conduct community of practice will serve us well. I sat on the first Kubernetes Code of Conduct committee and many of the below ideas stemmed from my experiences there. Whether this is a body, community of practice, incident management team, etc is all up for discussion.

Would it be possible to put this on the next TOC agenda? If folks are interested in this work and at KubeCon, give a shout; even if you’re virtual, I’m hanging on CNCF Slack. 

-paris 

To help get the ball rolling for discussion, here are some rough ideas:

https://github.com/cncf/foundation/blob/main/charter.md#13-code-of-conduct

Purpose

Create a community of practice around code of conduct matters at the CNCF Community level. This community of practice could be bootstrapped by an independant committee, a working group of TAG Contributor Strategy, or another organizational design that TOC thinks would position this group for success with the ultimate goal of an independent body. This doc is not intended to be implementation details but the establishment of such a community.

Goals

• community members creating policy and carrying out enforcement
• creating a safe space for reporters
• Focus on mediation rather than ligitation. goals of having a community member/body take reports vs CNCF staff and lawyers. 
• cncf community members, project contributors, toc, ambassadors, and cncf staff would have this as a resource
• build trust via community involvement and transparency reporting 

NonGoals

• require changes to projects that already have defined code of conduct systems in place that aren’t LF support; eg Kubernetes Code of Conduct Committee

Knowns

• Kubernetes has a code of conduct committee. It was created independently due to scale, our values, and desire for a community run program. https://github.com/kubernetes/community/blob/master/committee-code-of-conduct/bootstrapping-process.md
• OpenTelemetry’s GC acts as a CoCC.
• All other projects, which are governed by CNCF staff, go to Chris A or Priyanka as first step
• CNCF Staff consults with laywers to enforce their code of conduct; this is seen as a power differential in the community; “a business approach”
• Most CoC language on LF sites are geared towards events and not other situations or related conduct matters
• There have been issues in the past with community members confused on where to file issues, who enforces, and where/when at cloud native related events. Example: If its “kubecon” does that mean conduct@...?

Responsibilities and Composition

• Nominations from TOC and community; TOC shortlist for qualifications; community votes
• everyone gets training
• initial group bootstraps the function
• build out policies and procedures that fit with the ecosystem
• create roles and teams
• create a charter

Opportunities

• Allows CNCF staff to focus on project operations and membership vs mediating community challenges and incidents. Instead puts mediation and enforcement into the community. 
• focus on mediation vs litigation.
• incident management and transparecy reporting //build out an incident management team
• projects can plug into this with better incident reporting structures than contact someone an attorney at Linux Foundation
• projects can have liasion reps which can then feed into staffing for incident response groups

Next Steps

• Discuss at a TOC meeting
• Bring in current and emeritus Kubernetes CoCC to help formulate and bootstrap discussions
• Bring in project maintainers from CNCF projects; possiby create a special Maintainers Circle for this topic

Open Questions

• We would need this to be an independent body. Where would that sit?
• can an overarching committee have sufficient visibility into project-specific context to offer quality outcomes around restoration after an incident?
• Does a CoC action taken in one project affect a contributor’s ability to participate in other CNCF projects?
• Escalation path for events?
• Liability coverage for Committee decisions

--

Davanum Srinivas :: https://twitter.com/dims

Hi TOC and community,

 I believe we are at a point where a CNCF code of conduct community of practice will serve us well. I sat on the first Kubernetes Code of Conduct committee and many of the below ideas stemmed from my experiences there. Whether this is a body, community of practice, incident management team, etc is all up for discussion.

Would it be possible to put this on the next TOC agenda? If folks are interested in this work and at KubeCon, give a shout; even if you’re virtual, I’m hanging on CNCF Slack. 

-paris 

To help get the ball rolling for discussion, here are some rough ideas:

https://github.com/cncf/foundation/blob/main/charter.md#13-code-of-conduct

Purpose

Create a community of practice around code of conduct matters at the CNCF Community level. This community of practice could be bootstrapped by an independant committee, a working group of TAG Contributor Strategy, or another organizational design that TOC thinks would position this group for success with the ultimate goal of an independent body. This doc is not intended to be implementation details but the establishment of such a community.

Goals

• community members creating policy and carrying out enforcement
• creating a safe space for reporters
• Focus on mediation rather than ligitation. goals of having a community member/body take reports vs CNCF staff and lawyers. 
• cncf community members, project contributors, toc, ambassadors, and cncf staff would have this as a resource
• build trust via community involvement and transparency reporting 

NonGoals

• require changes to projects that already have defined code of conduct systems in place that aren’t LF support; eg Kubernetes Code of Conduct Committee

Knowns

• Kubernetes has a code of conduct committee. It was created independently due to scale, our values, and desire for a community run program. https://github.com/kubernetes/community/blob/master/committee-code-of-conduct/bootstrapping-process.md
• OpenTelemetry’s GC acts as a CoCC.
• All other projects, which are governed by CNCF staff, go to Chris A or Priyanka as first step
• CNCF Staff consults with laywers to enforce their code of conduct; this is seen as a power differential in the community; “a business approach”
• Most CoC language on LF sites are geared towards events and not other situations or related conduct matters
• There have been issues in the past with community members confused on where to file issues, who enforces, and where/when at cloud native related events. Example: If its “kubecon” does that mean conduct@...?

Responsibilities and Composition

• Nominations from TOC and community; TOC shortlist for qualifications; community votes
• everyone gets training
• initial group bootstraps the function
• build out policies and procedures that fit with the ecosystem
• create roles and teams
• create a charter

Opportunities

• Allows CNCF staff to focus on project operations and membership vs mediating community challenges and incidents. Instead puts mediation and enforcement into the community. 
• focus on mediation vs litigation.
• incident management and transparecy reporting //build out an incident management team
• projects can plug into this with better incident reporting structures than contact someone an attorney at Linux Foundation
• projects can have liasion reps which can then feed into staffing for incident response groups

Next Steps

• Discuss at a TOC meeting
• Bring in current and emeritus Kubernetes CoCC to help formulate and bootstrap discussions
• Bring in project maintainers from CNCF projects; possiby create a special Maintainers Circle for this topic

Open Questions

• We would need this to be an independent body. Where would that sit?
• can an overarching committee have sufficient visibility into project-specific context to offer quality outcomes around restoration after an incident?
• Does a CoC action taken in one project affect a contributor’s ability to participate in other CNCF projects?
• Escalation path for events?
• Liability coverage for Committee decisions

Paris,

thanks for the note to the TOC and the community. 

+1 to the principles behind it for sure. Let's figure out how to work together and get ideas/consensus from multiple folks and ensure that this works for all of us.

We will happily set aside time on the TOC agenda for sure to get the ball rolling when we get back from kubecon.

Thanks

-- Dims

(wearing TOC chair hat)

On Tue, May 17, 2022 at 12:40 PM Paris Pittman <paris.pittman@...> wrote:

Hi TOC and community,

 I believe we are at a point where a CNCF code of conduct community of practice will serve us well. I sat on the first Kubernetes Code of Conduct committee and many of the below ideas stemmed from my experiences there. Whether this is a body, community of practice, incident management team, etc is all up for discussion.

Would it be possible to put this on the next TOC agenda? If folks are interested in this work and at KubeCon, give a shout; even if you’re virtual, I’m hanging on CNCF Slack. 

-paris 

To help get the ball rolling for discussion, here are some rough ideas:

https://github.com/cncf/foundation/blob/main/charter.md#13-code-of-conduct

Purpose

Create a community of practice around code of conduct matters at the CNCF Community level. This community of practice could be bootstrapped by an independant committee, a working group of TAG Contributor Strategy, or another organizational design that TOC thinks would position this group for success with the ultimate goal of an independent body. This doc is not intended to be implementation details but the establishment of such a community.

Goals

• community members creating policy and carrying out enforcement
• creating a safe space for reporters
• Focus on mediation rather than ligitation. goals of having a community member/body take reports vs CNCF staff and lawyers. 
• cncf community members, project contributors, toc, ambassadors, and cncf staff would have this as a resource
• build trust via community involvement and transparency reporting 

NonGoals

• require changes to projects that already have defined code of conduct systems in place that aren’t LF support; eg Kubernetes Code of Conduct Committee

Knowns

• Kubernetes has a code of conduct committee. It was created independently due to scale, our values, and desire for a community run program. https://github.com/kubernetes/community/blob/master/committee-code-of-conduct/bootstrapping-process.md
• OpenTelemetry’s GC acts as a CoCC.
• All other projects, which are governed by CNCF staff, go to Chris A or Priyanka as first step
• CNCF Staff consults with laywers to enforce their code of conduct; this is seen as a power differential in the community; “a business approach”
• Most CoC language on LF sites are geared towards events and not other situations or related conduct matters
• There have been issues in the past with community members confused on where to file issues, who enforces, and where/when at cloud native related events. Example: If its “kubecon” does that mean conduct@...?

Responsibilities and Composition

• Nominations from TOC and community; TOC shortlist for qualifications; community votes
• everyone gets training
• initial group bootstraps the function
• build out policies and procedures that fit with the ecosystem
• create roles and teams
• create a charter

Opportunities

• Allows CNCF staff to focus on project operations and membership vs mediating community challenges and incidents. Instead puts mediation and enforcement into the community. 
• focus on mediation vs litigation.
• incident management and transparecy reporting //build out an incident management team
• projects can plug into this with better incident reporting structures than contact someone an attorney at Linux Foundation
• projects can have liasion reps which can then feed into staffing for incident response groups

Next Steps

• Discuss at a TOC meeting
• Bring in current and emeritus Kubernetes CoCC to help formulate and bootstrap discussions
• Bring in project maintainers from CNCF projects; possiby create a special Maintainers Circle for this topic

Open Questions

• We would need this to be an independent body. Where would that sit?
• can an overarching committee have sufficient visibility into project-specific context to offer quality outcomes around restoration after an incident?
• Does a CoC action taken in one project affect a contributor’s ability to participate in other CNCF projects?
• Escalation path for events?
• Liability coverage for Committee decisions

--

Davanum Srinivas :: https://twitter.com/dims

Hi TOC and community,

 I believe we are at a point where a CNCF code of conduct community of practice will serve us well. I sat on the first Kubernetes Code of Conduct committee and many of the below ideas stemmed from my experiences there. Whether this is a body, community of practice, incident management team, etc is all up for discussion.

Would it be possible to put this on the next TOC agenda? If folks are interested in this work and at KubeCon, give a shout; even if you’re virtual, I’m hanging on CNCF Slack. 

-paris 

To help get the ball rolling for discussion, here are some rough ideas:

https://github.com/cncf/foundation/blob/main/charter.md#13-code-of-conduct

Purpose

Create a community of practice around code of conduct matters at the CNCF Community level. This community of practice could be bootstrapped by an independant committee, a working group of TAG Contributor Strategy, or another organizational design that TOC thinks would position this group for success with the ultimate goal of an independent body. This doc is not intended to be implementation details but the establishment of such a community.

Goals

• community members creating policy and carrying out enforcement
• creating a safe space for reporters
• Focus on mediation rather than ligitation. goals of having a community member/body take reports vs CNCF staff and lawyers. 
• cncf community members, project contributors, toc, ambassadors, and cncf staff would have this as a resource
• build trust via community involvement and transparency reporting 

NonGoals

• require changes to projects that already have defined code of conduct systems in place that aren’t LF support; eg Kubernetes Code of Conduct Committee

Knowns

• Kubernetes has a code of conduct committee. It was created independently due to scale, our values, and desire for a community run program. https://github.com/kubernetes/community/blob/master/committee-code-of-conduct/bootstrapping-process.md
• OpenTelemetry’s GC acts as a CoCC.
• All other projects, which are governed by CNCF staff, go to Chris A or Priyanka as first step
• CNCF Staff consults with laywers to enforce their code of conduct; this is seen as a power differential in the community; “a business approach”
• Most CoC language on LF sites are geared towards events and not other situations or related conduct matters
• There have been issues in the past with community members confused on where to file issues, who enforces, and where/when at cloud native related events. Example: If its “kubecon” does that mean conduct@...?

Responsibilities and Composition

• Nominations from TOC and community; TOC shortlist for qualifications; community votes
• everyone gets training
• initial group bootstraps the function
• build out policies and procedures that fit with the ecosystem
• create roles and teams
• create a charter

Opportunities

• Allows CNCF staff to focus on project operations and membership vs mediating community challenges and incidents. Instead puts mediation and enforcement into the community. 
• focus on mediation vs litigation.
• incident management and transparecy reporting //build out an incident management team
• projects can plug into this with better incident reporting structures than contact someone an attorney at Linux Foundation
• projects can have liasion reps which can then feed into staffing for incident response groups

Next Steps

• Discuss at a TOC meeting
• Bring in current and emeritus Kubernetes CoCC to help formulate and bootstrap discussions
• Bring in project maintainers from CNCF projects; possiby create a special Maintainers Circle for this topic

Open Questions

• We would need this to be an independent body. Where would that sit?
• can an overarching committee have sufficient visibility into project-specific context to offer quality outcomes around restoration after an incident?
• Does a CoC action taken in one project affect a contributor’s ability to participate in other CNCF projects?
• Escalation path for events?
• Liability coverage for Committee decisions

Hi TOC and community,

 I believe we are at a point where a CNCF code of conduct community of practice will serve us well. I sat on the first Kubernetes Code of Conduct committee and many of the below ideas stemmed from my experiences there. Whether this is a body, community of practice, incident management team, etc is all up for discussion.

Would it be possible to put this on the next TOC agenda? If folks are interested in this work and at KubeCon, give a shout; even if you’re virtual, I’m hanging on CNCF Slack. 

-paris 

To help get the ball rolling for discussion, here are some rough ideas:

https://github.com/cncf/foundation/blob/main/charter.md#13-code-of-conduct

Purpose

Create a community of practice around code of conduct matters at the CNCF Community level. This community of practice could be bootstrapped by an independant committee, a working group of TAG Contributor Strategy, or another organizational design that TOC thinks would position this group for success with the ultimate goal of an independent body. This doc is not intended to be implementation details but the establishment of such a community.

Goals

• community members creating policy and carrying out enforcement
• creating a safe space for reporters
• Focus on mediation rather than ligitation. goals of having a community member/body take reports vs CNCF staff and lawyers. 
• cncf community members, project contributors, toc, ambassadors, and cncf staff would have this as a resource
• build trust via community involvement and transparency reporting 

NonGoals

• require changes to projects that already have defined code of conduct systems in place that aren’t LF support; eg Kubernetes Code of Conduct Committee

Knowns

• Kubernetes has a code of conduct committee. It was created independently due to scale, our values, and desire for a community run program. https://github.com/kubernetes/community/blob/master/committee-code-of-conduct/bootstrapping-process.md
• OpenTelemetry’s GC acts as a CoCC.
• All other projects, which are governed by CNCF staff, go to Chris A or Priyanka as first step
• CNCF Staff consults with laywers to enforce their code of conduct; this is seen as a power differential in the community; “a business approach”
• Most CoC language on LF sites are geared towards events and not other situations or related conduct matters
• There have been issues in the past with community members confused on where to file issues, who enforces, and where/when at cloud native related events. Example: If its “kubecon” does that mean conduct@...?

Responsibilities and Composition

• Nominations from TOC and community; TOC shortlist for qualifications; community votes
• everyone gets training
• initial group bootstraps the function
• build out policies and procedures that fit with the ecosystem
• create roles and teams
• create a charter

Opportunities

• Allows CNCF staff to focus on project operations and membership vs mediating community challenges and incidents. Instead puts mediation and enforcement into the community. 
• focus on mediation vs litigation.
• incident management and transparecy reporting //build out an incident management team
• projects can plug into this with better incident reporting structures than contact someone an attorney at Linux Foundation
• projects can have liasion reps which can then feed into staffing for incident response groups

Next Steps

• Discuss at a TOC meeting
• Bring in current and emeritus Kubernetes CoCC to help formulate and bootstrap discussions
• Bring in project maintainers from CNCF projects; possiby create a special Maintainers Circle for this topic

Open Questions

• We would need this to be an independent body. Where would that sit?
• can an overarching committee have sufficient visibility into project-specific context to offer quality outcomes around restoration after an incident?
• Does a CoC action taken in one project affect a contributor’s ability to participate in other CNCF projects?
• Escalation path for events?
• Liability coverage for Committee decisions

Hi TOC and community,

 I believe we are at a point where a CNCF code of conduct community of practice will serve us well. I sat on the first Kubernetes Code of Conduct committee and many of the below ideas stemmed from my experiences there. Whether this is a body, community of practice, incident management team, etc is all up for discussion.

Would it be possible to put this on the next TOC agenda? If folks are interested in this work and at KubeCon, give a shout; even if you’re virtual, I’m hanging on CNCF Slack. 

-paris 

To help get the ball rolling for discussion, here are some rough ideas:

https://github.com/cncf/foundation/blob/main/charter.md#13-code-of-conduct

Purpose

Create a community of practice around code of conduct matters at the CNCF Community level. This community of practice could be bootstrapped by an independant committee, a working group of TAG Contributor Strategy, or another organizational design that TOC thinks would position this group for success with the ultimate goal of an independent body. This doc is not intended to be implementation details but the establishment of such a community.

Goals

• community members creating policy and carrying out enforcement
• creating a safe space for reporters
• Focus on mediation rather than ligitation. goals of having a community member/body take reports vs CNCF staff and lawyers. 
• cncf community members, project contributors, toc, ambassadors, and cncf staff would have this as a resource
• build trust via community involvement and transparency reporting 

NonGoals

• require changes to projects that already have defined code of conduct systems in place that aren’t LF support; eg Kubernetes Code of Conduct Committee

Knowns

• Kubernetes has a code of conduct committee. It was created independently due to scale, our values, and desire for a community run program. https://github.com/kubernetes/community/blob/master/committee-code-of-conduct/bootstrapping-process.md
• OpenTelemetry’s GC acts as a CoCC.
• All other projects, which are governed by CNCF staff, go to Chris A or Priyanka as first step
• CNCF Staff consults with laywers to enforce their code of conduct; this is seen as a power differential in the community; “a business approach”
• Most CoC language on LF sites are geared towards events and not other situations or related conduct matters
• There have been issues in the past with community members confused on where to file issues, who enforces, and where/when at cloud native related events. Example: If its “kubecon” does that mean conduct@...?

Responsibilities and Composition

• Nominations from TOC and community; TOC shortlist for qualifications; community votes
• everyone gets training
• initial group bootstraps the function
• build out policies and procedures that fit with the ecosystem
• create roles and teams
• create a charter

Opportunities

• Allows CNCF staff to focus on project operations and membership vs mediating community challenges and incidents. Instead puts mediation and enforcement into the community. 
• focus on mediation vs litigation.
• incident management and transparecy reporting //build out an incident management team
• projects can plug into this with better incident reporting structures than contact someone an attorney at Linux Foundation
• projects can have liasion reps which can then feed into staffing for incident response groups

Next Steps

• Discuss at a TOC meeting
• Bring in current and emeritus Kubernetes CoCC to help formulate and bootstrap discussions
• Bring in project maintainers from CNCF projects; possiby create a special Maintainers Circle for this topic

Open Questions

• We would need this to be an independent body. Where would that sit?
• can an overarching committee have sufficient visibility into project-specific context to offer quality outcomes around restoration after an incident?
• Does a CoC action taken in one project affect a contributor’s ability to participate in other CNCF projects?
• Escalation path for events?
• Liability coverage for Committee decisions

+1 and happy to help in anyway I can!

On Tue, May 17, 2022 at 2:39 PM Brandon Lum <lumjjb@...> wrote:

+1!!!! For TAG security, we had added additional practice guidelines, as a start. So, it would definitely help if we had a forum or committee for this discussion!

On Tue, May 17, 2022 at 2:20 PM Chris Short via lists.cncf.io <cbshort=amazon.com@...> wrote:

HUGE +1 to this.

Chris Short

He/Him/His

Sr. Developer Advocate, AWS Kubernetes (GitOps)

TZ=America/Detroit

On May 17, 2022, at 13:19, Stephen Augustus (augustus) via lists.cncf.io <augustus=cisco.com@...> wrote:



CAUTION: This email originated from outside of the organization. Do not click links or open attachments unless you can confirm the sender and know the content is safe.

This is wonderful idea, Paris. +1!

---

Stephen Augustus (he/him)

Head of Open Source

augustus@...

My working hours may not be your working hours.

Please do not feel obligated to reply outside of your normal work schedule.

---

From: cncf-toc@... <cncf-toc@...> on behalf of Paris Pittman <paris.pittman@...>
Sent: Tuesday, May 17, 2022, 06:41
To: CNCF TOC <cncf-toc@...>
Subject: [cncf-toc] CNCF Code of Conduct Community of Practice?

Hi TOC and community,

 I believe we are at a point where a CNCF code of conduct community of practice will serve us well. I sat on the first Kubernetes Code of Conduct committee and many of the below ideas stemmed from my experiences there. Whether this is a body, community of practice, incident management team, etc is all up for discussion.

Would it be possible to put this on the next TOC agenda? If folks are interested in this work and at KubeCon, give a shout; even if you’re virtual, I’m hanging on CNCF Slack. 

-paris 

To help get the ball rolling for discussion, here are some rough ideas:

https://github.com/cncf/foundation/blob/main/charter.md#13-code-of-conduct

Purpose

Create a community of practice around code of conduct matters at the CNCF Community level. This community of practice could be bootstrapped by an independant committee, a working group of TAG Contributor Strategy, or another organizational design that TOC thinks would position this group for success with the ultimate goal of an independent body. This doc is not intended to be implementation details but the establishment of such a community.

Goals

• community members creating policy and carrying out enforcement
• creating a safe space for reporters
• Focus on mediation rather than ligitation. goals of having a community member/body take reports vs CNCF staff and lawyers. 
• cncf community members, project contributors, toc, ambassadors, and cncf staff would have this as a resource
• build trust via community involvement and transparency reporting 

NonGoals

• require changes to projects that already have defined code of conduct systems in place that aren’t LF support; eg Kubernetes Code of Conduct Committee

Knowns

• Kubernetes has a code of conduct committee. It was created independently due to scale, our values, and desire for a community run program. https://github.com/kubernetes/community/blob/master/committee-code-of-conduct/bootstrapping-process.md
• OpenTelemetry’s GC acts as a CoCC.
• All other projects, which are governed by CNCF staff, go to Chris A or Priyanka as first step
• CNCF Staff consults with laywers to enforce their code of conduct; this is seen as a power differential in the community; “a business approach”
• Most CoC language on LF sites are geared towards events and not other situations or related conduct matters
• There have been issues in the past with community members confused on where to file issues, who enforces, and where/when at cloud native related events. Example: If its “kubecon” does that mean conduct@...?

Responsibilities and Composition

• Nominations from TOC and community; TOC shortlist for qualifications; community votes
• everyone gets training
• initial group bootstraps the function
  • build out policies and procedures that fit with the ecosystem
  • create roles and teams
  • create a charter

Opportunities

• Allows CNCF staff to focus on project operations and membership vs mediating community challenges and incidents. Instead puts mediation and enforcement into the community. 
• focus on mediation vs litigation.
• incident management and transparecy reporting //build out an incident management team
• projects can plug into this with better incident reporting structures than contact someone an attorney at Linux Foundation
• projects can have liasion reps which can then feed into staffing for incident response groups

Next Steps

• Discuss at a TOC meeting
• Bring in current and emeritus Kubernetes CoCC to help formulate and bootstrap discussions
• Bring in project maintainers from CNCF projects; possiby create a special Maintainers Circle for this topic

Open Questions

• We would need this to be an independent body. Where would that sit?
• can an overarching committee have sufficient visibility into project-specific context to offer quality outcomes around restoration after an incident?
• Does a CoC action taken in one project affect a contributor’s ability to participate in other CNCF projects?
• Escalation path for events?
• Liability coverage for Committee decisions

--

Diane Mueller

(mobile) 604.765.3635
(twitter) pythondj
(skype) xbrlspy
(email) dmueller2001@...



This email is intended only for the person or entity to which it is addressed and may contain confidential information and/or privileged information. Any use of this information by persons or entities other than the intended recipient is prohibited. If you received this in error, please contact the sender and delete the email and all copies (electronic or otherwise) immediately. Thank you.

+1!!!! For TAG security, we had added additional practice guidelines, as a start. So, it would definitely help if we had a forum or committee for this discussion!

On Tue, May 17, 2022 at 2:20 PM Chris Short via lists.cncf.io <cbshort=amazon.com@...> wrote:

HUGE +1 to this.

Chris Short

He/Him/His

Sr. Developer Advocate, AWS Kubernetes (GitOps)

TZ=America/Detroit

On May 17, 2022, at 13:19, Stephen Augustus (augustus) via lists.cncf.io <augustus=cisco.com@...> wrote:



CAUTION: This email originated from outside of the organization. Do not click links or open attachments unless you can confirm the sender and know the content is safe.

This is wonderful idea, Paris. +1!

---

Stephen Augustus (he/him)

Head of Open Source

augustus@...

My working hours may not be your working hours.

Please do not feel obligated to reply outside of your normal work schedule.

---

From: cncf-toc@... <cncf-toc@...> on behalf of Paris Pittman <paris.pittman@...>
Sent: Tuesday, May 17, 2022, 06:41
To: CNCF TOC <cncf-toc@...>
Subject: [cncf-toc] CNCF Code of Conduct Community of Practice?

Hi TOC and community,

 I believe we are at a point where a CNCF code of conduct community of practice will serve us well. I sat on the first Kubernetes Code of Conduct committee and many of the below ideas stemmed from my experiences there. Whether this is a body, community of practice, incident management team, etc is all up for discussion.

Would it be possible to put this on the next TOC agenda? If folks are interested in this work and at KubeCon, give a shout; even if you’re virtual, I’m hanging on CNCF Slack. 

-paris 

To help get the ball rolling for discussion, here are some rough ideas:

https://github.com/cncf/foundation/blob/main/charter.md#13-code-of-conduct

Purpose

Create a community of practice around code of conduct matters at the CNCF Community level. This community of practice could be bootstrapped by an independant committee, a working group of TAG Contributor Strategy, or another organizational design that TOC thinks would position this group for success with the ultimate goal of an independent body. This doc is not intended to be implementation details but the establishment of such a community.

Goals

• community members creating policy and carrying out enforcement
• creating a safe space for reporters
• Focus on mediation rather than ligitation. goals of having a community member/body take reports vs CNCF staff and lawyers. 
• cncf community members, project contributors, toc, ambassadors, and cncf staff would have this as a resource
• build trust via community involvement and transparency reporting 

NonGoals

• require changes to projects that already have defined code of conduct systems in place that aren’t LF support; eg Kubernetes Code of Conduct Committee

Knowns

• Kubernetes has a code of conduct committee. It was created independently due to scale, our values, and desire for a community run program. https://github.com/kubernetes/community/blob/master/committee-code-of-conduct/bootstrapping-process.md
• OpenTelemetry’s GC acts as a CoCC.
• All other projects, which are governed by CNCF staff, go to Chris A or Priyanka as first step
• CNCF Staff consults with laywers to enforce their code of conduct; this is seen as a power differential in the community; “a business approach”
• Most CoC language on LF sites are geared towards events and not other situations or related conduct matters
• There have been issues in the past with community members confused on where to file issues, who enforces, and where/when at cloud native related events. Example: If its “kubecon” does that mean conduct@...?

Responsibilities and Composition

• Nominations from TOC and community; TOC shortlist for qualifications; community votes
• everyone gets training
• initial group bootstraps the function
  • build out policies and procedures that fit with the ecosystem
  • create roles and teams
  • create a charter

Opportunities

• Allows CNCF staff to focus on project operations and membership vs mediating community challenges and incidents. Instead puts mediation and enforcement into the community. 
• focus on mediation vs litigation.
• incident management and transparecy reporting //build out an incident management team
• projects can plug into this with better incident reporting structures than contact someone an attorney at Linux Foundation
• projects can have liasion reps which can then feed into staffing for incident response groups

Next Steps

• Discuss at a TOC meeting
• Bring in current and emeritus Kubernetes CoCC to help formulate and bootstrap discussions
• Bring in project maintainers from CNCF projects; possiby create a special Maintainers Circle for this topic

Open Questions

• We would need this to be an independent body. Where would that sit?
• can an overarching committee have sufficient visibility into project-specific context to offer quality outcomes around restoration after an incident?
• Does a CoC action taken in one project affect a contributor’s ability to participate in other CNCF projects?
• Escalation path for events?
• Liability coverage for Committee decisions

HUGE +1 to this.

Chris Short

He/Him/His

Sr. Developer Advocate, AWS Kubernetes (GitOps)

TZ=America/Detroit

On May 17, 2022, at 13:19, Stephen Augustus (augustus) via lists.cncf.io <augustus=cisco.com@...> wrote:



CAUTION: This email originated from outside of the organization. Do not click links or open attachments unless you can confirm the sender and know the content is safe.

This is wonderful idea, Paris. +1!

---

Stephen Augustus (he/him)

Head of Open Source

augustus@...

My working hours may not be your working hours.

Please do not feel obligated to reply outside of your normal work schedule.

---

From: cncf-toc@... <cncf-toc@...> on behalf of Paris Pittman <paris.pittman@...>
Sent: Tuesday, May 17, 2022, 06:41
To: CNCF TOC <cncf-toc@...>
Subject: [cncf-toc] CNCF Code of Conduct Community of Practice?

Hi TOC and community,

 I believe we are at a point where a CNCF code of conduct community of practice will serve us well. I sat on the first Kubernetes Code of Conduct committee and many of the below ideas stemmed from my experiences there. Whether this is a body, community of practice, incident management team, etc is all up for discussion.

Would it be possible to put this on the next TOC agenda? If folks are interested in this work and at KubeCon, give a shout; even if you’re virtual, I’m hanging on CNCF Slack. 

-paris 

To help get the ball rolling for discussion, here are some rough ideas:

https://github.com/cncf/foundation/blob/main/charter.md#13-code-of-conduct

Purpose

Create a community of practice around code of conduct matters at the CNCF Community level. This community of practice could be bootstrapped by an independant committee, a working group of TAG Contributor Strategy, or another organizational design that TOC thinks would position this group for success with the ultimate goal of an independent body. This doc is not intended to be implementation details but the establishment of such a community.

Goals

• community members creating policy and carrying out enforcement
• creating a safe space for reporters
• Focus on mediation rather than ligitation. goals of having a community member/body take reports vs CNCF staff and lawyers. 
• cncf community members, project contributors, toc, ambassadors, and cncf staff would have this as a resource
• build trust via community involvement and transparency reporting 

NonGoals

• require changes to projects that already have defined code of conduct systems in place that aren’t LF support; eg Kubernetes Code of Conduct Committee

Knowns

• Kubernetes has a code of conduct committee. It was created independently due to scale, our values, and desire for a community run program. https://github.com/kubernetes/community/blob/master/committee-code-of-conduct/bootstrapping-process.md
• OpenTelemetry’s GC acts as a CoCC.
• All other projects, which are governed by CNCF staff, go to Chris A or Priyanka as first step
• CNCF Staff consults with laywers to enforce their code of conduct; this is seen as a power differential in the community; “a business approach”
• Most CoC language on LF sites are geared towards events and not other situations or related conduct matters
• There have been issues in the past with community members confused on where to file issues, who enforces, and where/when at cloud native related events. Example: If its “kubecon” does that mean conduct@...?

Responsibilities and Composition

• Nominations from TOC and community; TOC shortlist for qualifications; community votes
• everyone gets training
• initial group bootstraps the function
  • build out policies and procedures that fit with the ecosystem
  • create roles and teams
  • create a charter

Opportunities

• Allows CNCF staff to focus on project operations and membership vs mediating community challenges and incidents. Instead puts mediation and enforcement into the community. 
• focus on mediation vs litigation.
• incident management and transparecy reporting //build out an incident management team
• projects can plug into this with better incident reporting structures than contact someone an attorney at Linux Foundation
• projects can have liasion reps which can then feed into staffing for incident response groups

Next Steps

• Discuss at a TOC meeting
• Bring in current and emeritus Kubernetes CoCC to help formulate and bootstrap discussions
• Bring in project maintainers from CNCF projects; possiby create a special Maintainers Circle for this topic

Open Questions

• We would need this to be an independent body. Where would that sit?
• can an overarching committee have sufficient visibility into project-specific context to offer quality outcomes around restoration after an incident?
• Does a CoC action taken in one project affect a contributor’s ability to participate in other CNCF projects?
• Escalation path for events?
• Liability coverage for Committee decisions