[personal profile] mjg59
Free software communities don't exist in a vacuum. They're made up of people who are also members of other communities, people who have other interests and engage in other activities. Sometimes these people engage in behaviour outside the community that may be perceived as negatively impacting communities that they're a part of, but most communities have no guidelines for determining whether behaviour outside the community should have any consequences within the community. This post isn't an attempt to provide those guidelines, but aims to provide some things that community leaders should think about when the issue is raised.

Some things to consider

Did the behaviour violate the law?

This seems like an obvious bar, but it turns out to be a pretty bad one. For a start, many things that are common accepted behaviour in various communities may be illegal (eg, reverse engineering work may contravene a strict reading of US copyright law), and taking this to an extreme would result in expelling anyone who's ever broken a speed limit. On the flipside, refusing to act unless someone broke the law is also a bad threshold - much behaviour that communities consider unacceptable may be entirely legal.

There's also the problem of determining whether a law was actually broken. The criminal justice system is (correctly) biased to an extent in favour of the defendant - removing someone's rights in society should require meeting a high burden of proof. However, this is not the threshold that most communities hold themselves to in determining whether to continue permitting an individual to associate with them. An incident that does not result in a finding of criminal guilt (either through an explicit finding or a failure to prosecute the case in the first place) should not be ignored by communities for that reason.

Did the behaviour violate your community norms?

There's plenty of behaviour that may be acceptable within other segments of society but unacceptable within your community (eg, lobbying for the use of proprietary software is considered entirely reasonable in most places, but rather less so at an FSF event). If someone can be trusted to segregate their behaviour appropriately then this may not be a problem, but that's probably not sufficient in all cases. For instance, if someone acts entirely reasonably within your community but engages in lengthy anti-semitic screeds on 4chan, it's legitimate to question whether permitting them to continue being part of your community serves your community's best interests.

Did the behaviour violate the norms of the community in which it occurred?

Of course, the converse is also true - there's behaviour that may be acceptable within your community but unacceptable in another community. It's easy to write off someone acting in a way that contravenes the standards of another community but wouldn't violate your expected behavioural standards - after all, if it wouldn't breach your standards, what grounds do you have for taking action?

But you need to consider that if someone consciously contravenes the behavioural standards of a community they've chosen to participate in, they may be willing to do the same in your community. If pushing boundaries is a frequent trait then it may not be too long until you discover that they're also pushing your boundaries.

Why do you care?

A community's code of conduct can be looked at in two ways - as a list of behaviours that will be punished if they occur, or as a list of behaviours that are unlikely to occur within that community. The former is probably the primary consideration when a community adopts a CoC, but the latter is how many people considering joining a community will think about it.

If your community includes individuals that are known to have engaged in behaviour that would violate your community standards, potential members or contributors may not trust that your CoC will function as adequate protection. A community that contains people known to have engaged in sexual harassment in other settings is unlikely to be seen as hugely welcoming, even if they haven't (as far as you know!) done so within your community. The way your members behave outside your community is going to be seen as saying something about your community, and that needs to be taken into account.

A second (and perhaps less obvious) aspect is that membership of some higher profile communities may be seen as lending general legitimacy to someone, and they may play off that to legitimise behaviour or views that would be seen as abhorrent by the community as a whole. If someone's anti-semitic views (for example) are seen as having more relevance because of their membership of your community, it's reasonable to think about whether keeping them in your community serves the best interests of your community.


I've said things like "considered" or "taken into account" a bunch here, and that's for a good reason - I don't know what the thresholds should be for any of these things, and there doesn't seem to be even a rough consensus in the wider community. We've seen cases in which communities have acted based on behaviour outside their community (eg, Debian removing Jacob Appelbaum after it was revealed that he'd sexually assaulted multiple people), but there's been no real effort to build a meaningful decision making framework around that.

As a result, communities struggle to make consistent decisions. It's unreasonable to expect individual communities to solve these problems on their own, but that doesn't mean we can ignore them. It's time to start coming up with a real set of best practices.

Re: Interesting, but incomplete picture…

Date: 2017-12-22 11:25 am (UTC)
From: (Anonymous)
Well, I should have known that Matthews post was going to be about harassment. (Does he talk about anything else these days?)

My comment was more about technical communities using the CoC to insulate themselves from anyone and anything that might pierce the bubble or echo-chamber they are living in. I am not going to point out specific incidents, but it is not that hard to recognize the pattern when being involved in these communities. It usually involves people priding themselves being experts or good-doers feeling threatened when someone (usually an outsider) might point out inconsistencies between the story and the reality. Resulting in these community members engaging in behavior ten times worse than what they condemn in others, only now it is justified.

Re: Interesting, but incomplete picture…

Date: 2017-12-22 06:53 pm (UTC)
tim: Tim with short hair, smiling, wearing a black jacket over a white T-shirt (Default)
From: [personal profile] tim
Okay, so you're talking about a hypothetical situation rather than something that has actually happened. Got it.

Harassment is not a hypothetical situation -- it happens all the time -- so I think it's okay to take action to prevent it even if there are bad things that could hypothetically happen as a result.

Re: Interesting, but incomplete picture…

Date: 2017-12-22 08:27 pm (UTC)
From: (Anonymous)
Could you elaborate what you mean exactly, because my takeaway from your response is that something is not real unless you are willing to public name and shame it.

Re: Interesting, but incomplete picture…

Date: 2017-12-23 10:53 am (UTC)
From: [identity profile] m50d.wordpress.com
(I'm the anonymous reply to your other comment, failed to log in there, sorry)

> Harassment is not a hypothetical situation -- it happens all the time

You haven't given any specific situations where this has happened, which is what you demanded from the "other side".

> so I think it's okay to take action to prevent it even if there are bad things that could hypothetically happen as a result

Only to the extent that the things we're doing actually help though. It's very easy to fall into the "something must be done, this is something, therefore this must be done" fallacy.

Re: Interesting, but incomplete picture…

Date: 2017-12-24 12:32 am (UTC)
From: (Anonymous)
I hope you agree that a Code of Conduct covers more than sexist incidents and sexual harassment.


Matthew Garrett

About Matthew

Power management, mobile and firmware developer on Linux. Security developer at Google. Ex-biologist. @mjg59 on Twitter. Content here should not be interpreted as the opinion of my employer.

Page Summary

Expand Cut Tags

No cut tags