[personal profile] mjg59
Free software communities don't exist in a vacuum. They're made up of people who are also members of other communities, people who have other interests and engage in other activities. Sometimes these people engage in behaviour outside the community that may be perceived as negatively impacting communities that they're a part of, but most communities have no guidelines for determining whether behaviour outside the community should have any consequences within the community. This post isn't an attempt to provide those guidelines, but aims to provide some things that community leaders should think about when the issue is raised.

Some things to consider

Did the behaviour violate the law?

This seems like an obvious bar, but it turns out to be a pretty bad one. For a start, many things that are common accepted behaviour in various communities may be illegal (eg, reverse engineering work may contravene a strict reading of US copyright law), and taking this to an extreme would result in expelling anyone who's ever broken a speed limit. On the flipside, refusing to act unless someone broke the law is also a bad threshold - much behaviour that communities consider unacceptable may be entirely legal.

There's also the problem of determining whether a law was actually broken. The criminal justice system is (correctly) biased to an extent in favour of the defendant - removing someone's rights in society should require meeting a high burden of proof. However, this is not the threshold that most communities hold themselves to in determining whether to continue permitting an individual to associate with them. An incident that does not result in a finding of criminal guilt (either through an explicit finding or a failure to prosecute the case in the first place) should not be ignored by communities for that reason.

Did the behaviour violate your community norms?

There's plenty of behaviour that may be acceptable within other segments of society but unacceptable within your community (eg, lobbying for the use of proprietary software is considered entirely reasonable in most places, but rather less so at an FSF event). If someone can be trusted to segregate their behaviour appropriately then this may not be a problem, but that's probably not sufficient in all cases. For instance, if someone acts entirely reasonably within your community but engages in lengthy anti-semitic screeds on 4chan, it's legitimate to question whether permitting them to continue being part of your community serves your community's best interests.

Did the behaviour violate the norms of the community in which it occurred?

Of course, the converse is also true - there's behaviour that may be acceptable within your community but unacceptable in another community. It's easy to write off someone acting in a way that contravenes the standards of another community but wouldn't violate your expected behavioural standards - after all, if it wouldn't breach your standards, what grounds do you have for taking action?

But you need to consider that if someone consciously contravenes the behavioural standards of a community they've chosen to participate in, they may be willing to do the same in your community. If pushing boundaries is a frequent trait then it may not be too long until you discover that they're also pushing your boundaries.

Why do you care?

A community's code of conduct can be looked at in two ways - as a list of behaviours that will be punished if they occur, or as a list of behaviours that are unlikely to occur within that community. The former is probably the primary consideration when a community adopts a CoC, but the latter is how many people considering joining a community will think about it.

If your community includes individuals that are known to have engaged in behaviour that would violate your community standards, potential members or contributors may not trust that your CoC will function as adequate protection. A community that contains people known to have engaged in sexual harassment in other settings is unlikely to be seen as hugely welcoming, even if they haven't (as far as you know!) done so within your community. The way your members behave outside your community is going to be seen as saying something about your community, and that needs to be taken into account.

A second (and perhaps less obvious) aspect is that membership of some higher profile communities may be seen as lending general legitimacy to someone, and they may play off that to legitimise behaviour or views that would be seen as abhorrent by the community as a whole. If someone's anti-semitic views (for example) are seen as having more relevance because of their membership of your community, it's reasonable to think about whether keeping them in your community serves the best interests of your community.


I've said things like "considered" or "taken into account" a bunch here, and that's for a good reason - I don't know what the thresholds should be for any of these things, and there doesn't seem to be even a rough consensus in the wider community. We've seen cases in which communities have acted based on behaviour outside their community (eg, Debian removing Jacob Appelbaum after it was revealed that he'd sexually assaulted multiple people), but there's been no real effort to build a meaningful decision making framework around that.

As a result, communities struggle to make consistent decisions. It's unreasonable to expect individual communities to solve these problems on their own, but that doesn't mean we can ignore them. It's time to start coming up with a real set of best practices.
From: (Anonymous)
Not at all—that was just the first question.

> So there's a spectrum, and somewhere along that spectrum there's a threshold where we flip from it being reasonable for a group to ostracise somebody based on their behaviour outside that group to the consequences of said ostracism being so severe that it should only be possible based on a meaningful legal process.

as if it were a unidimensional spectrum. It most definitely isn't.

Even if it were, why would "spectrum" imply that there must be a single threshold, where everybody "flips"?

Even if it were, what makes you believe that everybody who hasn't "flipped" yet is going to find an universal "decision making process" agreeable?

(And even if all of these things were true, which they obviously aren't, what makes you believe that that mythical "consistent" view should be focused on "disciplining," rather than minimizing friction and damage?)

P.-S. — Case in point:


Again: "appropriate"… according to whom?
From: (Anonymous)
Yes; there is evidently a core on which we agree. (I am not here for trolling, and appreciate you tolerating my "pushing." Oh—while I'm at it: agreeing does not imply "right.")

I have nothing against you contributing approaches to mediation.

One reason I have not answered this earlier question of yours as is, is because it is a fallacy (not implying intent, but bias):

> Is it better for every group to make entirely ad-hoc decisions, or is it better for there to be some degree of consistency?

No group makes "entirely ad-hoc" decisions. There is always "some degree of consistency," if only because the "leader" (there is often one; sometimes referred to as "dictator"—WTF?) has limited power to make themselves respected in the face of (real or perceived) unfairness.

This is why I kept asking you to define "community," "membership," etc.; we cannot possibly ourselves be consistent if we don't consider the solidity of the pillars of our reasoning—which is particularly negligent if we are discussing any kind of punitive measure.

To circle back to my original point: I am not questioning your motivations, only the method and vocabulary—and pointing out that you may be severely underestimating collateral damage. Some of the words you have been using can easily be interpreted as an attack by those who do not hold your views. In which case: congratulations—you now have two problems!

I hope that I, and perhaps some others, will still be able to enjoy your constructive insights without feeling like we are being drawn to totalitarian talk. And whether you mean those words or not does not matter as much as whether you project them; propaganda works.

Cheers, -D

P.-S. — There is still the largely-but-not-quite unrelated TPM subject: as briefly mentioned, I highly question your seemingly unrestrained enthusiasm and advocacy for the current crop of "solutions."

I do not wish to debate it here and now, but I believe the second- and higher-order effects of these systems is something which merits deep consideration, and hope to one day find an opportunity to express my concerns—preferably not prompted by an outrageous tweet!


Matthew Garrett

About Matthew

Power management, mobile and firmware developer on Linux. Security developer at Google. Ex-biologist. @mjg59 on Twitter. Content here should not be interpreted as the opinion of my employer.

Expand Cut Tags

No cut tags