[gentoo-project] Hiding problems, breach of Gentoo Social Contract

I feel like I should ask a pertinent question (the same sort that just
earned me a seat among the foundation's members).

Whose privacy, exactly, is at stake if comrel were to breach
confidentiality on this issue? I'd rather ask for a full list.

And as someone else mentioned regarding "noise", is there another mailing
list better suited for these sorts of discussions?

Post by William L. Thomson Jr.
I have read this a few times now. I cannot see it being taken any other way
than written. Nothing states the problems shall remain hidden indefinitely.
Specifically mentioning BOTH security and developer relations. Meaning neither
receives special treatment over the other. Neither should be private, unless
requested to not publicize before a deadline. Implying by default it is public
including developer relations information. Developer bugs remain visible, as
are bugs filed to comrel.
The fact that it mentions developer relations information implies that those
problems should be open and not hidden. That developer relations is also
handled via Bugzilla at least in part. That further links developer relations
problems to the social contract and not hiding problems there.
If requests to publicize problems are denied. That seems like a clear breach
of the Social Contract. I would expect the Foundation to fulfill its obligation
to protect the community and enforce total adherence to the Gentoo Social
Contract.
"We will not hide problems
We will keep our bug report database open for public view at all times;
reports that users file online will immediately become visible to others.
Exceptions are made when we receive security-related or developer relations
information with the request not to publicize before a certain deadline."
https://www.gentoo.org/get-started/philosophy/social-contract.html
--
William L. Thomson Jr.

Rich Freeman

2016-12-02 11:59:20 UTC

Whose privacy, exactly, is at stake if comrel were to breach confidentiality
on this issue? I'd rather ask for a full list.

I wouldn't advocate opening this up even if nobody's privacy were at
stake, as I believe the issue goes beyond privacy. (It tends to pit
people against each other, if accusations are false (or true) they can
become damaging to reputations, and so on. Almost no organization I'm
aware of publishes this kind of stuff, and counterexamples are
welcome.)

However, opening up comrel evidence affects the privacy of the person
who is the subject of a comrel action, and those who told that the
information would be kept private when they submitted their
complaints/etc.

And this is a big part of why the Council decided not to open up this
evidence. People had already been told that information would be kept
private. And that is in my email WAY back at the beginning when I
opened this up for discussion I phrased the question in terms of what
kinds of expectations of privacy should we allow. IMO we can't tell
people that information will be kept private, and then later change
our minds. Now, we could have a policy that all submitted information
is public, and when somebody says, "could I tell you something in
private" Comrel could respond with, "sorry, but any information that
you give me that concerns another member of the community will be
published and I cannot promise that information will be kept private."

I still tend to favor allowing information to be submitted in private
for reasons I've already stated back in those 100+ post threads.
However, it is a debate I don't mind having.

What I don't think we can do is publish information without the
permission of those who provided it, without obtaining that
permission, which I suspect is unlikely to be forthcoming anyway.

--
Rich

Craig Inches

2016-12-02 12:10:57 UTC

I think privacy from the wider community would be a good thing in the
first instance for two reasons.
a) it allows people to come forward in confidence that they wont be
targeted by the accused for what ever reason.
b) it allows the accused to deal with the issue quietly, and resolve
the issue without it becoming a bigger issue than it needs to (an
misunderstand blows out to much more, or false allegations tarnish
their reputation.

I agree with Rich, I haven't seen an organisation make all complaints
handling a completely transparent and open processes it has too much
risk of abuse.

What I think is important though is that both parties involved have
information about the events/complaints/examples. If you cant give
this, then how are they to discuss the issue, or defend themselves
against COMREL/Complainant.

I realize I am not a dev, but for awhile I was actively pursuing this
and the situation with Idella4 (who was my mentor) has made me have
second thoughts, from the information I have been able glean about
what occurred, and also the way his retirement was handled cause
confusion and disillusionment with the whole process for me at least
and I think a few non-devs from Proxy-Maint IRC channel feel the same.

Just me 2cents

Craig

Whose privacy, exactly, is at stake if comrel were to breach confidentiality
on this issue? I'd rather ask for a full list.

I wouldn't advocate opening this up even if nobody's privacy were at
stake, as I believe the issue goes beyond privacy. (It tends to pit
people against each other, if accusations are false (or true) they can
become damaging to reputations, and so on. Almost no organization I'm
aware of publishes this kind of stuff, and counterexamples are
welcome.)
However, opening up comrel evidence affects the privacy of the person
who is the subject of a comrel action, and those who told that the
information would be kept private when they submitted their
complaints/etc.
And this is a big part of why the Council decided not to open up this
evidence. People had already been told that information would be kept
private. And that is in my email WAY back at the beginning when I
opened this up for discussion I phrased the question in terms of what
kinds of expectations of privacy should we allow. IMO we can't tell
people that information will be kept private, and then later change
our minds. Now, we could have a policy that all submitted information
is public, and when somebody says, "could I tell you something in
private" Comrel could respond with, "sorry, but any information that
you give me that concerns another member of the community will be
published and I cannot promise that information will be kept private."
I still tend to favor allowing information to be submitted in private
for reasons I've already stated back in those 100+ post threads.
However, it is a debate I don't mind having.
What I don't think we can do is publish information without the
permission of those who provided it, without obtaining that
permission, which I suspect is unlikely to be forthcoming anyway.
--
Rich

Raymond Jennings

2016-12-02 12:19:15 UTC

That is another thing.

If things are kept secret, how will the "accused" know on what basis to
make their appeals?

If someone either truly wishes to "see the light and change their ways",
how will they know what to work on? Or if a mistake has indeed been made,
how is the errant exile supposed to prove it?

Post by Craig Inches
I think privacy from the wider community would be a good thing in the
first instance for two reasons.
a) it allows people to come forward in confidence that they wont be
targeted by the accused for what ever reason.
b) it allows the accused to deal with the issue quietly, and resolve
the issue without it becoming a bigger issue than it needs to (an
misunderstand blows out to much more, or false allegations tarnish
their reputation.
I agree with Rich, I haven't seen an organisation make all complaints
handling a completely transparent and open processes it has too much
risk of abuse.
What I think is important though is that both parties involved have
information about the events/complaints/examples. If you cant give
this, then how are they to discuss the issue, or defend themselves
against COMREL/Complainant.
I realize I am not a dev, but for awhile I was actively pursuing this
and the situation with Idella4 (who was my mentor) has made me have
second thoughts, from the information I have been able glean about
what occurred, and also the way his retirement was handled cause
confusion and disillusionment with the whole process for me at least
and I think a few non-devs from Proxy-Maint IRC channel feel the same.
Just me 2cents
Craig

Post by Raymond Jennings
Whose privacy, exactly, is at stake if comrel were to breach

confidentiality

Post by Raymond Jennings
on this issue? I'd rather ask for a full list.

I wouldn't advocate opening this up even if nobody's privacy were at
stake, as I believe the issue goes beyond privacy. (It tends to pit
people against each other, if accusations are false (or true) they can
become damaging to reputations, and so on. Almost no organization I'm
aware of publishes this kind of stuff, and counterexamples are
welcome.)
However, opening up comrel evidence affects the privacy of the person
who is the subject of a comrel action, and those who told that the
information would be kept private when they submitted their
complaints/etc.
And this is a big part of why the Council decided not to open up this
evidence. People had already been told that information would be kept
private. And that is in my email WAY back at the beginning when I
opened this up for discussion I phrased the question in terms of what
kinds of expectations of privacy should we allow. IMO we can't tell
people that information will be kept private, and then later change
our minds. Now, we could have a policy that all submitted information
is public, and when somebody says, "could I tell you something in
private" Comrel could respond with, "sorry, but any information that
you give me that concerns another member of the community will be
published and I cannot promise that information will be kept private."
I still tend to favor allowing information to be submitted in private
for reasons I've already stated back in those 100+ post threads.
However, it is a debate I don't mind having.
What I don't think we can do is publish information without the
permission of those who provided it, without obtaining that
permission, which I suspect is unlikely to be forthcoming anyway.
--
Rich

Chí-Thanh Christopher Nguyễn

2016-12-02 15:12:51 UTC

Post by Raymond Jennings
That is another thing.
If things are kept secret, how will the "accused" know on what basis
to make their appeals?

I wrote this in a previous post already, but I'll state it again. The
process does not work like in a court.

There is only prosecution (ComRel) and in case of appeal, a jury
(Council). There is no defense. The accused will not see the evidence,
and thus not be able to review or challenge it. For example, whether any
communication presented was complete or taken out of context. There is
also no way to find out for the accused whether misconduct was involved
by any party. Ian hinted so in his response to the other thread.

The consequence of this is that the whole process is heavily stacked
against the accused, and intentionally so. This can be a good or a bad
thing depending on your perspective, but this is how the rules currently
are.

Best regards,
Chí-Thanh Christopher Nguyễn

Rich Freeman

2016-12-02 12:33:33 UTC

Post by Craig Inches
What I think is important though is that both parties involved have
information about the events/complaints/examples. If you cant give
this, then how are they to discuss the issue, or defend themselves
against COMREL/Complainant.

While all the details of every specific event or person who has come
forward may not be shared with somebody who is accused, I can say that
in the appeals I've seen the specific concerns are shared.

While the accused might not believe that what they did was that bad,
or that it was somehow justified in some cases, I'm not convinced that
anybody has been dismissed without understanding why.

I've also yet to see anybody who has lost an appeal actually share the
specific details that WERE given to them by Comrel/Council/etc with
the public. Perhaps the narrative of "I have no idea why I was kicked
out" has more PR value than "I was told I'm being kicked out for doing
these bad things, and I wasn't told who specifically actually told on
me, and apparently it has happened too many times to be obvious from
the details given."

Now, I realize that ultimately people are stuck taking me at my word
on this, and that isn't great. I just don't see an alternative.
Between Comrel, Council, and Infra there are probably well over a
dozen people who could blow the whistle if they were convinced that
something terrible was going on.

I think that those who want to debate whether this stuff should be
public vs private have a completely legitimate point of view that we
can discuss. I just don't think that there have been any grave
miscarriages of justice under my watch at least.

--
Rich

Aaron Bauman

2016-12-02 12:48:02 UTC

Rich, I am curious, how does council and comrel process the evidence of
such events? Is there some form of official log keeping for public
channels? You obviously cannot trust individuals logs, and considering
the medium of interaction doctoring such things is easy. Private
message/query logs? Where does non-repudiation and attribution come in
to play here?

Every case is unique, so I would imagine that most decisions rely on
trends set by the developer.

Post by Rich Freeman
Now, I realize that ultimately people are stuck taking me at my word
on this, and that isn't great. I just don't see an alternative.
Between Comrel, Council, and Infra there are probably well over a
dozen people who could blow the whistle if they were convinced that
something terrible was going on.
I think that those who want to debate whether this stuff should be
public vs private have a completely legitimate point of view that we
can discuss. I just don't think that there have been any grave
miscarriages of justice under my watch at least.

Rich Freeman

2016-12-02 13:39:14 UTC

Post by Aaron Bauman
Rich, I am curious, how does council and comrel process the evidence of
such events? Is there some form of official log keeping for public
channels? You obviously cannot trust individuals logs, and considering
the medium of interaction doctoring such things is easy. Private
message/query logs? Where does non-repudiation and attribution come in
to play here?

Well, I can't speak for Comrel in general, but when I look at things
like logs I'm looking for trends corroborated from multiple sources.

If all I had to go on was a single private IRC query log provided by
the person making the complaint I'd consider that way too prone to
potential abuse. Now, when multiple people start raising the same
sorts of concerns, or there are public channel logs, and some of them
involve a channel I have my own logs for, then there is a trend.

Often the dispute is less over whether something happened and more
about whether the Comrel action is warranted by what happened. But, I
wouldn't personally vote against an appeal if I wasn't fairly sure the
cause for action actually happened. When the question is over whether
the activity violated the CoC or whether it should be enforced, well,
people are going to have their opinions, as with any issue that comes
up, but the reason we have a Council is to make final decisions.

--
Rich

William L. Thomson Jr.

2016-12-02 13:37:19 UTC

Post by Rich Freeman
I've also yet to see anybody who has lost an appeal actually share the
specific details that WERE given to them by Comrel/Council/etc with
the public. Perhaps the narrative of "I have no idea why I was kicked
out" has more PR value than "I was told I'm being kicked out for doing
these bad things, and I wasn't told who specifically actually told on
me, and apparently it has happened too many times to be obvious from
the details given."

The entire process is flawed. It needs a public post mortem with a high level
overview of the problem, the process, and outcome. Think in terms of a hack,
etc. You turn around and disclose to the community what transpired.

If Gentoo puts out a statement, with all information being public. Anyone
would likely reach the same conclusion. Situations like this would not occur.

Post by Rich Freeman
I think that those who want to debate whether this stuff should be
public vs private have a completely legitimate point of view that we
can discuss. I just don't think that there have been any grave
miscarriages of justice under my watch at least.

Do you feel you are of a neutral unbiased mindset to be able to identify such
if it occurred?

It seems you are so close to the process, agreeing with, and preserving status
quo. I am not sure if you could see the trees through the forest. You seem
very biased, and not open minded to others. Yes you hear others, but you have
strong opinions that seem not to change no matter what facts are produced.

That is concerning.... The best leaders should stand their ground. Unless its
based on a false premises. A true leader knows when to change course.

--
William L. Thomson Jr.

Rich Freeman

2016-12-02 14:05:17 UTC

On Fri, Dec 2, 2016 at 8:37 AM, William L. Thomson Jr.

The entire process is flawed. It needs a public post mortem with a high level
overview of the problem, the process, and outcome. Think in terms of a hack,
etc. You turn around and disclose to the community what transpired.
If Gentoo puts out a statement, with all information being public. Anyone
would likely reach the same conclusion. Situations like this would not occur.

Well, there is an open call for Council agenda items.

If somebody who was the subject of a Council appeal of a Comrel action
feels strongly that he wants the concerns with him to be made public,
he could ask Council to open the Comrel bug or publish the concerns
that were raised (the ones already communicated to the accused). I
can't promise the Council would agree, but they could ask, and perhaps
the fact that the person who would be most impacted by a false
accusation wants the accusations published might mitigate some of the
concerns with this.

Do you feel you are of a neutral unbiased mindset to be able to identify such
if it occurred?

Yes. I was not in any way a party to the original Comrel decisions,
or any of the actions that led to them. In fact, I shared many of the
same concerns many others seem to have when I first heard about the
case.

Post by William L. Thomson Jr.
It seems you are so close to the process, agreeing with, and preserving status
quo. I am not sure if you could see the trees through the forest. You seem
very biased, and not open minded to others. Yes you hear others, but you have
strong opinions that seem not to change no matter what facts are produced.
That is concerning.... The best leaders should stand their ground. Unless its
based on a false premises. A true leader knows when to change course.

My opinions on how Comrel ought to run have been published in my
manifesto and aired on lists in the past.

Ultimately my main concern is whether somebody is likely to follow the
CoC in the future, and in the case of a disciplinary action whether
they have in fact violated it in the past. If I thought that somebody
was unlikely to cause problems in the future I would not accept their
being removed.

We can argue about how the process ought to be run, and I think there
is plenty of room for improvement in the process, oversight, etc. I'm
always interested in how other communities operate and if you can find
one that is working well with a more public process I'm all ears.

Ultimately though I'm not really the sort of person who puts much
stock in volume of emails, etc. If a few people write 1000 emails in
favor of a particular position, well, that's nice, but it isn't really
going to do much to sway my position. Arguing the same point with 100
variations in wording is just a waste of time. New arguments are
always interesting, and new real-world examples of a proposed model
working are moreso. And of course ultimately Gentoo is governed by a
democratic process. I'll make the case for what I believe is right as
best I can but in the end the developers are welcome to put their
trust in somebody else's judgement.

And in any case I'm just one person. For a Comrel action to take
place a majority of Comrel has to approve it, the Comrel lead de-facto
has to approve it (they'd have the ability to quash action at any
number of points in practice unless it were incredibly egregious), and
if there is an appeal the majority of the Council has to approve it.
Presumably the grounds for taking action can't be so obviously wrong
that Infra would balk at enforcing it as well. This isn't the NSA, we
can't force planes to land and be searched if we think they might
contain whistleblowers fleeing for asylum. Just about anybody in any
of those groups could blow the whistle if they saw something horrible
happening. Sure, there are going to be differences of opinion and
decisions aren't going to be unanimous, but if I thought that a
horrible injustice were happening I probably wouldn't be content to
merely vote against it.

--
Rich

William L. Thomson Jr.

2016-12-02 14:24:44 UTC

Post by Rich Freeman
Ultimately my main concern is whether somebody is likely to follow the
CoC in the future, and in the case of a disciplinary action whether
they have in fact violated it in the past. If I thought that somebody
was unlikely to cause problems in the future I would not accept their
being removed.

What about Comrel?

If Comrel failed to follow their own procedures and policies. What is the
recourse? Is Comrel likely to follow their own procedures and policies going
forward? Are members of comrel not following their own policies or procedures
removed, or prevented from doing it again? Do they have to promise?

Most all the concern seem to fall on the Developer and not Gentoo or entities
within. I do not see anything addressing that aspect. It is one thing to
expect the developer to not do it again. But what about others involved in the
matter.

Seems Comrel actions withstand no matter the process, policies and procedures
followed or not. That does not seem right.

--
William L. Thomson Jr.

Rich Freeman

2016-12-02 14:30:22 UTC

On Fri, Dec 2, 2016 at 9:24 AM, William L. Thomson Jr.

What about Comrel?
If Comrel failed to follow their own procedures and policies. What is the
recourse?

As I've stated, I'm fine with having the Comrel lead confirmed by the
Council, and appointed by Council when the position is vacant, as with
QA.

I'm all for better documenting Comrel procedures. However, as has
been pointed out elsewhere I don't think more bureaucracy is the
solution. Ultimately the purpose of Comrel procedures is to deal with
CoC violations. Whether a CoC violation has actually taken place has
nothing to do with what the procedures are.

--
Rich

Chí-Thanh Christopher Nguyễn

2016-12-02 15:41:25 UTC

Post by William L. Thomson Jr.
What about Comrel?
If Comrel failed to follow their own procedures and policies. What is the
recourse?

As I've stated, I'm fine with having the Comrel lead confirmed by the
Council, and appointed by Council when the position is vacant, as with
QA.
I'm all for better documenting Comrel procedures. However, as has
been pointed out elsewhere I don't think more bureaucracy is the
solution. Ultimately the purpose of Comrel procedures is to deal with
CoC violations. Whether a CoC violation has actually taken place has
nothing to do with what the procedures are.

I think you misunderstood. The question was, if ComRel does not follow
the already documented procedures and policies, how to get recourse
against this.

Best regards,
Chí-Thanh Christopher Nguyễn

Rich Freeman

2016-12-02 16:01:34 UTC

On Fri, Dec 2, 2016 at 10:41 AM, Chí-Thanh Christopher Nguyễn

Post by William L. Thomson Jr.
What about Comrel?
If Comrel failed to follow their own procedures and policies. What is the
recourse?

As I've stated, I'm fine with having the Comrel lead confirmed by the
Council, and appointed by Council when the position is vacant, as with
QA.
I'm all for better documenting Comrel procedures. However, as has
been pointed out elsewhere I don't think more bureaucracy is the
solution. Ultimately the purpose of Comrel procedures is to deal with
CoC violations. Whether a CoC violation has actually taken place has
nothing to do with what the procedures are.

I think you misunderstood. The question was, if ComRel does not follow the
already documented procedures and policies, how to get recourse against
this.

Escalation to the Council.

--
Rich

Ian Delaney

2016-12-02 15:48:26 UTC

On Fri, 2 Dec 2016 09:05:17 -0500

Post by Rich Freeman
On Fri, Dec 2, 2016 at 8:37 AM, William L. Thomson Jr.
[...]

Post by William L. Thomson Jr.
The entire process is flawed. It needs a public post mortem with a
high level overview of the problem, the process, and outcome. Think
in terms of a hack, etc. You turn around and disclose to the
community what transpired.
If Gentoo puts out a statement, with all information being public.
Anyone would likely reach the same conclusion. Situations like this
would not occur.

Well, there is an open call for Council agenda items.
If somebody who was the subject of a Council appeal of a Comrel action
feels strongly that he wants the concerns with him to be made public,
he could ask Council to open the Comrel bug or publish the concerns
that were raised (the ones already communicated to the accused). I
can't promise the Council would agree, but they could ask, and perhaps
the fact that the person who would be most impacted by a false
accusation wants the accusations published might mitigate some of the
concerns with this.
[...]

Post by William L. Thomson Jr.
Do you feel you are of a neutral unbiased mindset to be able to
identify such if it occurred?

WHAT? What concerns and what case. And be careful. You all but admitted
a prejudice towards my place and g-p-m before any appeal. And let me
remind you again, on your joining the g-p-m channel as a lingerer, I
waited day after day after day to chat with you one on one over
anything related to the concerns of the time with the then Reviewer's
project headed my the infamous duo, and you NEVER did. Instead
lingering and observing, like the comrel member, doing and saying
nothing, but content to sit back with arms folded and await a scene of
a blow up at which point you point fingers and condemn whoever it was
put to comrel under a case. Is THAT how you conduct yourself? Is that a
stance and a style you wish to boast and defend? Mediation is neither
needed nor practised, let's just establish peace by establishing a
culprit, amounting to nothing less than scapegoating. Again you
highlight the partitioning, the presumption of non communication and
its absence of need between projects as the norm. Let them all be
autonomous, at their peril, and intervene only in cases which have
festered to boiling point because we let them, & declare
professionalism as the standard to which they did not reach. bleh There
will be another statement touching on this and expanding on it.

There is a term for that style of management. Laissez faire, and any
management text will inform of the three major styles of management, it
rates the lowest in effectiveness against the others.

I could go on but I do not wish to compete with either
you or william for over zealous proliferation.

Post by William L. Thomson Jr.
It seems you are so close to the process, agreeing with, and
preserving status quo. I am not sure if you could see the trees
through the forest. You seem very biased, and not open minded to
others. Yes you hear others, but you have strong opinions that seem
not to change no matter what facts are produced.
That is concerning.... The best leaders should stand their ground.
Unless its based on a false premises. A true leader knows when to
change course.

And you got that wrong anyway.

Post by Rich Freeman
We can argue about how the process ought to be run, and I think there
is plenty of room for improvement in the process, oversight, etc. I'm
always interested in how other communities operate and if you can find
one that is working well with a more public process I'm all ears.
Ultimately though I'm not really the sort of person who puts much
stock in volume of emails, etc. If a few people write 1000 emails in
favor of a particular position, well, that's nice, but it isn't really
going to do much to sway my position. Arguing the same point with 100
variations in wording is just a waste of time. New arguments are
always interesting, and new real-world examples of a proposed model
working are moreso. And of course ultimately Gentoo is governed by a
democratic process. I'll make the case for what I believe is right as
best I can but in the end the developers are welcome to put their
trust in somebody else's judgement.
And in any case I'm just one person. For a Comrel action to take
place a majority of Comrel has to approve it, the Comrel lead de-facto
has to approve it (they'd have the ability to quash action at any
number of points in practice unless it were incredibly egregious), and
if there is an appeal the majority of the Council has to approve it.
Presumably the grounds for taking action can't be so obviously wrong
that Infra would balk at enforcing it as well. This isn't the NSA, we
can't force planes to land and be searched if we think they might
contain whistleblowers fleeing for asylum. Just about anybody in any
of those groups could blow the whistle if they saw something horrible
happening. Sure, there are going to be differences of opinion and
decisions aren't going to be unanimous, but if I thought that a
horrible injustice were happening I probably wouldn't be content to
merely vote against it.

I could add but it will likely be skipped over therefore moot.

--
kind regards

Ian Delaney

Aaron Bauman

2016-12-02 12:36:38 UTC

Please do not let this dissuade you from becoming a Gentoo developer.
Despite the current situation and the giant books being written about
comrel, council, and others, this is not the norm. Many developers
contribute everyday with no interference or thoughts of either. Hell, I
did not even know they existed aside from the quizzes. No one focuses
on the good things they have done... that is for sure.

Post by Craig Inches
Just me 2cents
Craig

Whose privacy, exactly, is at stake if comrel were to breach confidentiality
on this issue? I'd rather ask for a full list.

I wouldn't advocate opening this up even if nobody's privacy were at
stake, as I believe the issue goes beyond privacy. (It tends to pit
people against each other, if accusations are false (or true) they can
become damaging to reputations, and so on. Almost no organization I'm
aware of publishes this kind of stuff, and counterexamples are
welcome.)
However, opening up comrel evidence affects the privacy of the person
who is the subject of a comrel action, and those who told that the
information would be kept private when they submitted their
complaints/etc.
And this is a big part of why the Council decided not to open up this
evidence. People had already been told that information would be kept
private. And that is in my email WAY back at the beginning when I
opened this up for discussion I phrased the question in terms of what
kinds of expectations of privacy should we allow. IMO we can't tell
people that information will be kept private, and then later change
our minds. Now, we could have a policy that all submitted information
is public, and when somebody says, "could I tell you something in
private" Comrel could respond with, "sorry, but any information that
you give me that concerns another member of the community will be
published and I cannot promise that information will be kept private."
I still tend to favor allowing information to be submitted in private
for reasons I've already stated back in those 100+ post threads.
However, it is a debate I don't mind having.
What I don't think we can do is publish information without the
permission of those who provided it, without obtaining that
permission, which I suspect is unlikely to be forthcoming anyway.
--
Rich

M. J. Everitt

2016-12-02 21:52:57 UTC

Post by Craig Inches
I realize I am not a dev, but for awhile I was actively pursuing this
and the situation with Idella4 (who was my mentor) has made me have
second thoughts, from the information I have been able glean about
what occurred, and also the way his retirement was handled cause
confusion and disillusionment with the whole process for me at least
and I think a few non-devs from Proxy-Maint IRC channel feel the same.

It may come to some surprise to you (and others) that Craig is not the
only prospective dev who was somewhat perplexed with the attitude
towards select Gentoo Devs, who seemed, on the face of it, to be
actively contributing to the Gentoo project. There were at least six of
us (if not seven, possibly more) who were actively considering and
pursuing becoming a Gentoo developer, who all felt that we felt uneasy
about progression, not helped by the problems of a lack of active
recruiters and other issues within the Recruiters project, which have
hopefully now been resolved. There is a mild concern that the only
remaining recruiter, may have a bias against some of the prospective
recruits, as having been "tainted" by the former Gentoo Dev who was
ousted from the Proxy Maintenance project. As non-devs, we have no
recourse to council to ask for this to be investigated, and we don't
consider ourselves to have a 'voice' to express our opinions and
frustrations with the Gentoo 'system' as we observe it. It seems ironic
that we are unable to influence the procedures that would help us be
represented, and hence the only outlets we have are the mailing lists
and third-party platforms. If anyone can suggest the correct course of
action that any prospective non-dev contributor might have, I'm sure
there are a few ears who would be interested in the response.

Michał Górny

2016-12-02 22:13:46 UTC

On Fri, 2 Dec 2016 21:52:57 +0000

The first and most important person for a prospective developer is
his/her mentor. If you have a mentor, then by all means talk to him/her
first and he/she'll represent your case to the Council or any
appropriate community members.

If you don't have a mentor or feel like you need a new one, you can
find (another) one. Just talk to the developers you're interacted with
(we're not all wolves after all, even if we react bluntly to some toxic
people), they can become your mentors or talk to other developers.
There's also #gentoo-proxy-maint that's always open for new developers.
As a last resort, you can send a generic 'I need a mentor' message to
gentoo-dev.

But don't get unnecessarily involved in those flame wars that serve no
purpose to you. Most of the problems are better resolved peacefully.
And if your worries end up unfounded, it's better not to offend people
publicly, isn't it?

And please take into consideration that many of us are not native
English speakers. I find your e-mail extremely hard to understand,
and I'm not even sure I got it all right.

--
Best regards,
MichaÅ GÃ³rny
<http://dev.gentoo.org/~mgorny/>

Raymond Jennings

2016-12-02 23:42:24 UTC

Post by MichaÅ GÃ³rny
On Fri, 2 Dec 2016 21:52:57 +0000

Post by Aaron Bauman
did not even know they existed aside from the quizzes. No one focuses
on the good things they have done... that is for sure.

This actually does bring up a side point I've been curious about.

Do you need to be a current, or even potential/former developer to have a
mentor?

Can you have a mentor if you're a mere user?

Post by MichaÅ GÃ³rny
If you don't have a mentor or feel like you need a new one, you can
find (another) one. Just talk to the developers you're interacted with
(we're not all wolves after all, even if we react bluntly to some toxic
people), they can become your mentors or talk to other developers.
There's also #gentoo-proxy-maint that's always open for new developers.
As a last resort, you can send a generic 'I need a mentor' message to
gentoo-dev.
But don't get unnecessarily involved in those flame wars that serve no
purpose to you. Most of the problems are better resolved peacefully.
And if your worries end up unfounded, it's better not to offend people
publicly, isn't it?
And please take into consideration that many of us are not native
English speakers. I find your e-mail extremely hard to understand,
and I'm not even sure I got it all right.
--
Best regards,
MichaÅ GÃ³rny
<http://dev.gentoo.org/~mgorny/>

Michał Górny

2016-12-02 23:51:24 UTC

On Fri, 2 Dec 2016 15:42:24 -0800

Post by Raymond Jennings

Post by MichaÅ GÃ³rny
On Fri, 2 Dec 2016 21:52:57 +0000

Post by Aaron Bauman
did not even know they existed aside from the quizzes. No one focuses
on the good things they have done... that is for sure.

This actually does bring up a side point I've been curious about.
Do you need to be a current, or even potential/former developer to have a
mentor?
Can you have a mentor if you're a mere user?

Well, the mentor is pretty much the person who helps you get through
the recruiters and helps you start in Gentoo. I don't really see what
would be the purpose of having a mentor if you aren't interested in
joining.

If you are concerned about user-developer relations and stuff like
that, you can always contact comrel directly. It's not limited to
developers after all.

--
Best regards,
MichaÅ GÃ³rny
<http://dev.gentoo.org/~mgorny/>

Jorge Manuel B. S. Vicetto

2016-12-03 21:34:07 UTC

Post by Raymond Jennings

Post by MichaÅ GÃ³rny
On Fri, 2 Dec 2016 21:52:57 +0000

<snip>

Post by Raymond Jennings

Post by MichaÅ GÃ³rny

Post by M. J. Everitt
It may come to some surprise to you (and others) that Craig is not the
only prospective dev who was somewhat perplexed with the attitude
towards select Gentoo Devs, who seemed, on the face of it, to be
actively contributing to the Gentoo project. There were at least six of
us (if not seven, possibly more) who were actively considering and
pursuing becoming a Gentoo developer, who all felt that we felt uneasy
about progression, not helped by the problems of a lack of active
recruiters and other issues within the Recruiters project, which have
hopefully now been resolved. There is a mild concern that the only
remaining recruiter, may have a bias against some of the prospective
recruits, as having been "tainted" by the former Gentoo Dev who was
ousted from the Proxy Maintenance project. As non-devs, we have no
recourse to council to ask for this to be investigated, and we don't
consider ourselves to have a 'voice' to express our opinions and
frustrations with the Gentoo 'system' as we observe it. It seems ironic
that we are unable to influence the procedures that would help us be
represented, and hence the only outlets we have are the mailing lists
and third-party platforms. If anyone can suggest the correct course of
action that any prospective non-dev contributor might have, I'm sure
there are a few ears who would be interested in the response.

This actually does bring up a side point I've been curious about.
Do you need to be a current, or even potential/former developer to have a
mentor?
Can you have a mentor if you're a mere user?

The "mentor" figure is meant as the developer(s) that help someone being
recruited. However, the role of "mentor" is something that we can have
anywhere. So if there's any developer you respect and you're able to
create a connection to, then by all means please establish / foster that
connection and "use it" to improve your knowlege and presence on Gentoo.

About the point raised by "M. J. Everitt" and Craig, if you were trying to
join Gentoo, we aren't going to reject you just because of who was your
mentor. We do evaluate everyone for their own, not for who was their
mentor. Part of that evaluation is related to "social skills".
Despite all the recent discussion here, we do need to take into
consideration "social skills". Even if we do technical work, we need to
do it as part of a community, so it's essential that people are able to
work with others and reach compromises. At times, it seems some forget
that it's easier to improve technical skills and to get more knowledge,
than it is to improve our interaction with others. Recent Gentoo history,
imho, only proves that some people are even resistant to that (learning
"social skills").

Regards,

Jorge Manuel B. S. Vicetto
Gentoo Developer

William L. Thomson Jr.

2016-12-03 22:20:56 UTC

Post by Jorge Manuel B. S. Vicetto
imho, only proves that some people are even resistant to that (learning
"social skills").

IMHO, This trying for force other to learn based on others perception is part
of the problem. People perceive others to lack social skills. Whom they have
not met, directly interacted with, nor worked with. Nor would many be working
with them moving forward. Not to mention culture and language differences.

Specific to me, while many question my social skills. One fact that remains is
I have represented Gentoo as its public face at very large conventions, Linux
World Expo. Which to my knowledge is the largest event that Gentoo has ever
been represented at. I helped man the Gentoo booth 2 years in a row. It would
have been a 3rd, the final year of LWE, but Gentoo failed to obtain a booth.
Any Gentoo Developer and other that has met me, I think would hold a different
perception of my social skills.

It is interesting how someone can represent Gentoo in an official capacity
publicly. Interacting with people in person face to face. Yet online others
will question such individual based on even say a few hundred posts over a
brief period of time. I probably talked to hundreds of people each day at LWE
about Gentoo...

I think there needs to be less judgment all around. I do not think others need
to be calling into question others "social skills". Now if that is your
profession, hold degrees in such a field, etc. Then it makes a bit more sense.
But with all the various cultures, language differences, etc. I think judging
someones social skills based on cyber indirect interaction is quite poor.

Any judgment goes against the CoC, and saying someone lacks social skills in a
form of judgment, not to mention an insult. I think a better way to phrase
such would be not right, or not fit for the culture. To make comments such as
person A lacks social skills I think is wrong. I would never say such!

--
William L. Thomson Jr.

Rich Freeman

2016-12-03 22:44:33 UTC

On Sat, Dec 3, 2016 at 5:20 PM, William L. Thomson Jr.

Post by Jorge Manuel B. S. Vicetto
imho, only proves that some people are even resistant to that (learning
"social skills").

Specific to me, while many question my social skills. One fact that remains is
I have represented Gentoo as its public face at very large conventions, Linux
World Expo. Which to my knowledge is the largest event that Gentoo has ever
been represented at. I helped man the Gentoo booth 2 years in a row. It would
have been a 3rd, the final year of LWE, but Gentoo failed to obtain a booth.
Any Gentoo Developer and other that has met me, I think would hold a different
perception of my social skills.

While you used an example of yourself I'm going to try to use it a bit
but the below isn't directed at you in particular...

Social skills are more than being able to speak without stammering.
It is also about how you treat others. Indeed, being able to speak
well in public isn't very important for a distro that does almost all
its communications online. On the other hand, being able to deal with
conflict in a mature way and while respecting the CoC/etc certainly is
important.

And this is precisely the sort of interaction people have on
lists/etc. If somebody throws out personal insults/etc in list
discussions then they're a potential liability even if they are great
in a crowd, because list discussions are how we tend to work.

And if somebody just doesn't like interacting with others much at all
but they're reasonably polite/etc when they need to, that is behavior
that would actually work just fine. We have plenty of developers who
rarely participate on lists, but they generally make positive
contributions and follow QA policies and such. If there is a conflict
they'd need to be able to follow the rules for dealing with it, but
their ability to write long emails/etc and win over large numbers
really isn't a concern. A lot of the contributions to Gentoo get made
without a lot of fanfare, and are really the backbone of our distro.

Post by William L. Thomson Jr.
saying someone lacks social skills in a form of judgment, not to mention an insult. I think a better way to phrase such would be not right, or not fit for the culture.

While I wouldn't quite go this far I do agree with the general
sentiment here. "Social skills" isn't some indivisible quality where
you can rate somebody against a scale. There are many forms of social
skills, and certain ones matter more than others. Fit for culture is
a good way to look at it. I'm pretty sure this was how Jorge's
comment was meant in any case.

--
Rich

William L. Thomson Jr.

2016-12-03 22:53:16 UTC

Post by Rich Freeman
We have plenty of developers who
rarely participate on lists, but they generally make positive
contributions and follow QA policies and such. If there is a conflict
they'd need to be able to follow the rules for dealing with it, but
their ability to write long emails/etc and win over large numbers
really isn't a concern. A lot of the contributions to Gentoo get made
without a lot of fanfare, and are really the backbone of our distro.

If I could commit, you would rarely hear from me!

Not to mention I would be working mostly in Java stuff, which no one is
working in for many years. I have expressed this to comrel anytime I have
interacted with them or members from 08-15.

I have been forced to be social because I cannot work. I stated in my first
post to -project the state of Java. Even proxying is not feasible when there
is no one to commit the work.

Not my PRs, I would have hundreds...

https://github.com/gentoo/gentoo/pull/1358
https://github.com/gentoo/gentoo/pull/1721

" I just wish there was some kind of sign from Gentoo as to if they'll ever
accept this PR."
https://github.com/gentoo/gentoo/pull/1721#issuecomment-247460012

The "bad behaviour" comes from people basically standing in the way of work
being done. Focusing on social skills, causing them to decline as things
stagnate and are not done. The ones standing in the way are not doing the
work. Nor finding someone to do the work.

--
William L. Thomson Jr.

Michał Górny

2016-12-03 23:02:43 UTC

On Sat, 03 Dec 2016 17:53:16 -0500

If I could commit, you would rarely hear from me!

And this pretty much summarizes it all. We give you what you want or
you keep harassing us.

--
Best regards,
MichaÅ GÃ³rny
<http://dev.gentoo.org/~mgorny/>

William L. Thomson Jr.

2016-12-03 23:15:31 UTC

Post by MichaÅ GÃ³rny
On Sat, 03 Dec 2016 17:53:16 -0500

Post by William L. Thomson Jr.
If I could commit, you would rarely hear from me!

And this pretty much summarizes it all. We give you what you want or
you keep harassing us.

I do not want it as much as Gentoo needs it and has for years. Hoping another
will come, may work, but hasn't thus far.

As for harassment, you can easily filter any emails I compose out with your
email client. I have also asked you MichaÅ GÃ³rny specifically to avoid replying
to my posts on non technical things. Or to avoid me in general if possible.
Therefore I cannot harass you.

I am not email you specifically, directly. I reply to list. Your replies I get
2 copies of, one directly in my inbox. I would think you are harassing me.
Maybe change your email client to reply to list rather than list and CC the
person.

This is also an optional list for Gentoo subscription, not mandatory for devs
like other lists.

--
William L. Thomson Jr.

Ian Delaney

2016-12-03 05:45:18 UTC

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

On Fri, 2 Dec 2016 21:36:38 +0900

Post by Craig Inches
I think privacy from the wider community would be a good thing in
the first instance for two reasons.
a) it allows people to come forward in confidence that they wont be
targeted by the accused for what ever reason.
b) it allows the accused to deal with the issue quietly, and resolve
the issue without it becoming a bigger issue than it needs to (an
misunderstand blows out to much more, or false allegations tarnish
their reputation.
I agree with Rich, I haven't seen an organisation make all
complaints handling a completely transparent and open processes it
has too much risk of abuse.
What I think is important though is that both parties involved have
information about the events/complaints/examples. If you cant give
this, then how are they to discuss the issue, or defend themselves
against COMREL/Complainant.
I realize I am not a dev, but for awhile I was actively pursuing
this and the situation with Idella4 (who was my mentor) has made me
have second thoughts, from the information I have been able glean
about what occurred, and also the way his retirement was handled
cause confusion and disillusionment with the whole process for me
at least and I think a few non-devs from Proxy-Maint IRC channel
feel the same. .

Please do not let this dissuade you from becoming a Gentoo developer.
Despite the current situation and the giant books being written about
comrel, council, and others, this is not the norm.

My own words repeated many times. No this is not the norm, but it is
the reality that he and 5-6 others ran into head on. For xayto, from my
observation, it is too late, far too late.

Post by Aaron Bauman
Many developers contribute everyday with no interference or thoughts
of either. Hell, I did not even know they existed aside from the
quizzes. No one focuses on the good things they have done... that is
for sure.

If nothing else, this email stands as hard evidence that he and others
'driven away', dissuaded, by those events and all who drove it. I
maintain still if reinstated, xayto would pick up whence he left off
for it would stand as a symbol of reflection and repair that would
re-establish the respect and goodwill to gentoo, now dashed.

Post by Craig Inches
Just me 2cents
Craig

[...]
[...]
[...]

This is one specially selected reply I decided to make an exception to
not 'adding to the bloat'

- --
kind regards

Ian Delaney
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.1

iQJ8BAEBCgBmBQJYQlvuXxSAAAAAAC4AKGlzc3Vlci1mcHJAbm90YXRpb25zLm9w
ZW5wZ3AuZmlmdGhob3JzZW1hbi5uZXRCRUI4RjAxNzRGRTVDMjI4RjcxNkRFNzIw
QzQzN0NCNDcxRTlEMzNBAAoJEAxDfLRx6dM6SkQQAJlN8QIGwqy6ZC+VqzfEWmrT
mY2C/q3b4b8GxEfgk9ZHXCVGFuJA3J+/U+eHQPy+tfUjkXsWnzsulMOeNXluB0O3
fCR0v8pxeqEbFvQjW1SjsDVlRc3HHOiM/oTO41wO7wim4XooH+7Ak1dlM3QwIKxW
0HJb73xU3KJ7O59sAuasTatt+wFyJR1HyaCgI27fNHtUl9OwHSJTLiKsSuBu4xt5
0/gUulvqeNt2VxJ7x9I8waCU2ZL4tlw5WpkQ3OD3y3qRiDMasMdOR0RZ0lMuq2+/
VESmIOvBfNKf6n/ouFlckN3EiFhlLPEtNzNvKTAUbys+BUHZ4/qK8AI9tFLCtTpF
2vTEmvgRCHRlGYzn8cSjkB32YlxcCrypwqpahH9OTlSVogHhngqH0oNmk8z1mOql
PnMJRwiD5NJDur+ZnaxoCYSmbliG45u2Pk2hpWf5D8eidz0EFP9vWO7TwBSRdAW5
ubbhM9Vps+/3SSF8D99DURpjySo78iS4Bb31LMgGfzZYWfv1hfArpKdK8fTqhGCg
OcLCCDi3MeDFmgxLdaBE1Bt/QtVwOlewdeFvMaZJJK+L5vRUwpm9rJPYFKmJaH17
S60HkLqEQcNFWZ9QVG2SiAjrBlo0vqxI36DIfZyo8S91lN/zMu2mJTH7trr8SWxI
AMStC0FhK0KIMoz2p5B2
=0uSX
-----

Michał Górny

2016-12-02 08:51:15 UTC

On Fri, 02 Dec 2016 00:59:27 -0500

Did it ever occur to you that most people around here didn't ever
bother reading it that carefully?

Post by William L. Thomson Jr.
The fact that it mentions developer relations information implies that those
problems should be open and not hidden. That developer relations is also
handled via Bugzilla at least in part. That further links developer relations
problems to the social contract and not hiding problems there.
If requests to publicize problems are denied. That seems like a clear breach
of the Social Contract. I would expect the Foundation to fulfill its obligation
to protect the community and enforce total adherence to the Gentoo Social
Contract.

It sounds like you have succeeded in finding a rule that proves your
point. Good job. Now, why do you presume that your application is
correct?

Sure, that might have been the original intent. But that's not how
comrel has been operating for a long time. It's bad if people haven't
conformed to the contract but it could entirely have been an oversight.

I see this as a kind of 'dead law'. And now you're trying to abuse it
to force your point of view, while entirely neglecting the other
possibility -- to update it to match the long standing status quo.

That said, I don't mind publicizing comrel bugs -- if you get all
the parties to agree on it. If you file a comrel bug, you do so with
presumption that it will be kept classified. It's not fair to
unclassify it without getting the consent of both the accusing party
and the accused.

--
Best regards,
MichaÅ GÃ³rny
<http://dev.gentoo.org/~mgorny/>

Raymond Jennings

2016-12-02 11:16:22 UTC

Post by MichaÅ GÃ³rny
On Fri, 02 Dec 2016 00:59:27 -0500

Post by William L. Thomson Jr.
I have read this a few times now. I cannot see it being taken any other

way

Post by William L. Thomson Jr.
than written. Nothing states the problems shall remain hidden

indefinitely.

Post by William L. Thomson Jr.
Specifically mentioning BOTH security and developer relations. Meaning

neither

Post by William L. Thomson Jr.
receives special treatment over the other. Neither should be private,

unless

Post by William L. Thomson Jr.
requested to not publicize before a deadline. Implying by default it is

public

Post by William L. Thomson Jr.
including developer relations information. Developer bugs remain

visible, as

Post by William L. Thomson Jr.
are bugs filed to comrel.

Did it ever occur to you that most people around here didn't ever
bother reading it that carefully?

Post by William L. Thomson Jr.
The fact that it mentions developer relations information implies that

those

Post by William L. Thomson Jr.
problems should be open and not hidden. That developer relations is also
handled via Bugzilla at least in part. That further links developer

relations

Post by William L. Thomson Jr.
problems to the social contract and not hiding problems there.
If requests to publicize problems are denied. That seems like a clear

breach

Post by William L. Thomson Jr.
of the Social Contract. I would expect the Foundation to fulfill its

obligation

Post by William L. Thomson Jr.
to protect the community and enforce total adherence to the Gentoo Social
Contract.

Are we sure that the status quo is in fact correct?

I find it rather dubious, in my humble opinion, to have the "status quo" as
the ultimate standard, in, well, any situation at all, not just gentoo.
Stagnation is bad for any project.

I would far rather compare the status quo to the ideal future, whatever
that may be. Any deviation between the two could be construed as a defect.

How this applies to this particular situation is left as an exercise for
the reader. But generally, I don't think "status quo" is a reasonable
standard in any situation. It only works well as a default in my opinion.

That said, I don't mind publicizing comrel bugs -- if you get all

Post by MichaÅ GÃ³rny
the parties to agree on it. If you file a comrel bug, you do so with
presumption that it will be kept classified. It's not fair to
unclassify it without getting the consent of both the accusing party
and the accused.

This is why I asked whose privacy in particular would be put in jeopardy by
such revelations in general.

--

Post by MichaÅ GÃ³rny
Best regards,
MichaÅ GÃ³rny
<http://dev.gentoo.org/~mgorny/>

William L. Thomson Jr.

2016-12-02 13:27:23 UTC

Post by MichaÅ GÃ³rny
Sure, that might have been the original intent. But that's not how
comrel has been operating for a long time. It's bad if people haven't
conformed to the contract but it could entirely have been an oversight.

That is because the Foundation has failed to fulfill their role and duty.
Though now that this fact has been made known. They could choose to fulfill
their duties and obligation to the community.

Post by MichaÅ GÃ³rny
I see this as a kind of 'dead law'. And now you're trying to abuse it
to force your point of view, while entirely neglecting the other
possibility -- to update it to match the long standing status quo.

The Gentoo Social Contract is dead and should not be upheld? Any inaction is a
fault on behalf of the Foundation and Trustees.

You realize the Social Contract is Gentoo's mandate and is the highest level
document. That people have been focusing on CoC ignoring the Social Contract
is their own issues.

Only Trustees can enforce Social Contract. Thus others focus on CoC and things
within their control to enforce. Not realizing the Trustees oversee Gentoo.
That is their role. If you read the social contract, it and the foundation
pages. They are to oversee development at the highest level.

"In other words, the Gentoo Foundation will:
....
oversee development so it adheres to the social contract"
https://www.gentoo.org/inside-gentoo/foundation/

Post by MichaÅ GÃ³rny
That said, I don't mind publicizing comrel bugs -- if you get all
the parties to agree on it. If you file a comrel bug, you do so with
presumption that it will be kept classified. It's not fair to
unclassify it without getting the consent of both the accusing party
and the accused.

Every bit of my interactions with Comrel are public. Anything that is not they
have chosen to hide. I have nothing to hide, and neither should they.
If individuals are requesting the information be made known, that should not
be denied.

--
William L. Thomson Jr.

M. J. Everitt

2016-12-02 17:07:05 UTC

Please do clarify the situation where the accused is not aware of the
accusation, as has been the case in many recent (during 2016) complaints
to comrel that I have observed ... due to comrel "security" and
"confidentiality" concerns.

Thank you.

Patrice Clement

2016-12-02 22:43:02 UTC

William

I would suggest you to get off the computer for a while and go out to gallivant
a bit with other human beings. I mean it seriously.

On a side note, I am considering unsubscribing from this mailing list because
the level of discussions taking place here is getting close to 0. You have
managed to take over this mailing list, which by now should be renamed
"gentoo-rants-and-complains". We are not reading about future projects of
Gentoo on this ML these days but rather people's feelings: Bob said something
to Alice and Alice started crying.

This is what this ML is about now.

--
Patrice Clement
Gentoo Linux developer
http://www.gentoo.org

Raymond Jennings

2016-12-03 08:17:37 UTC