 Hi, everybody, and welcome to the Kubernetes Code of Conduct Committee Community Update 2020. My name is Ava Black and I am the open source program manager for the Confidential Compute Team at Azure. My pronouns are they and them, and here with me today is Karen. Hi, everyone. I'm Karen Chu. I'm an open source community PM on the Container Compute Up-True Team, also at Microsoft Azure, and my pronouns are she and her. Let's get started. All right. So in today's session, we're going to talk about the current state of the Code of Conduct Committee, including who our members are, what our purpose is, what our scope is, and our plans in progress around documentation. I want to start with a little bit of background about the committee and our organization and our relationship to steering. There are five members of the committee, three in addition to Karen and I. We also have Tasha and Tim at VMware and Celeste at the CNCF, and the five of us are elected or appointed by steering, but then given separate powers, we don't actually report to steering, one of the few committees that doesn't. This was intentional. Both of these committees are intentionally separate to hold each other accountable if that need ever were to arise. Also to note is that no more than two members of the Code of Conduct Committee are ever from the same company, and this avoids a perception of single-party control. It avoids any situation where conflict of interest might arise, and if one were to arise, members of this committee do recuse ourselves from dealing with that, and so there's enough of the committee still engaged in something, even if, let's say, something happened involving one of the companies. Now, our purpose as a committee is to provide and support and enforce a well-considered viewpoint of what constitutes acceptable behavior within a community, within our community. To do this, we focus on a restorative model that believes in the inherent good intent of all members of the Kubernetes community, and we also believe that codes of conduct in general do not need to be punitive to be effective. Let's talk about the scope of the committee. Here we've mapped out some examples of environments that fall between official and unofficial spaces as well as online and offline spaces. The committee is invested in all these different quadrants because they may involve community members and may affect both the health and behavior of the community. Eva, do you have some examples you want to share? Thanks, Karen. I'd love to. So while the obvious spaces online might be our GitHub and our Slack, or offline might be things like the Linux Foundation events, the Kubernetes, the KubeCon, like this, there are less obvious ones. Our podcasts and streams that people run or a personal Twitter for a SIG lead or an official meetup or an unofficial meetup or even just a couple community members gathering together at a local coffee shop to hang out and talk about what's happening in their working group. Because all of these are spaces filled by members of our community acting in Kubernetes' interests, we feel that this is part of what makes our space safe and welcoming for everybody. And especially true for folks who are in a leadership position in the community. It's important that they reflect the values of the community and make it a safe and welcoming space for everybody. All right, next we'll talk about committee relationships. So depending on the environment, sometimes we work in conjunction with other parties where the next is to communicating with all these groups when there's an incident or concern, no matter where in the community it may have come from. So we're often involved in routing, helping to gather information if needed and deciding what actions to take. But we're often not on the front lines because all these bodies are empowered to act in their respective domains. So think of us as tier two support and let's dive a little deeper into each of these bodies. With SIG contributor experience, we loosely advise them on what they have questions around like cultural aspects. So that's something we'll work with them on. What Slack and GitHub admins, they're the frontline admins in their spaces. So not only do they have the jurisdiction over their spaces, they're also the ones to perform the administration of it and help keep it free from spammers and drive by trolling. But in rare cases, they will reach out to the code of conduct committee, mostly in gray areas or if there's a repeated issue. And lastly, when in-person events are a thing again, the Linux Foundation event team members are the frontline admins for those spaces because they're legally responsible for venues, for managing events staff, hiring security, et cetera. Nonetheless though, we are there for them to help provide backup and to provide support for the community during face-to-face events. So what we do to foster an inclusive and welcoming environment, as Karen mentioned, sometimes we support working groups, but we also support community members directly. So if you are leading a working group or involved in one and would like our input on something you're writing or doing or you're working group and watching our engagement early on, please just reach out. But if you feel like an incident has happened and it's very subjective, also please do reach out. What does that mean to say an incident happened? Well, if any series of interactions feels non-inclusive or combative or someone has an ill intent, it's subjective. There isn't really a strict rubric for this, but we're all human. And historically we've found that the majority of bad actors that we've seen were not actually part of our community. They just showed up like a troll on Twitter or a troll on GitHub to start trouble. And while we have found that there are, generally speaking, a very small percent, but some bad actors in any system, we don't ask, we don't expect anyone in the community to distinguish between these if it feels unsafe to do so. We've chosen to take on and accept the responsibility of doing that emotional work here to differentiate between a legitimate concern or grievance or folks that might be trying to abuse the system or abuse and cause harm. This space is very nuanced and I want to just reiterate that we know we're all human, we're all trying to do our best. And if non-inclusive behavior seems to be happening, I'm gonna talk you through a little bit of what our thought process is and how we respond to that. We asked ourselves some hard questions to try and understand the greater context and what people's intent was before coming to any conclusion or making any decision. And I'll give two examples, both happened on GitHub. To Karen's point, the GitHub admins were the ones that handled these initially, but both were gray enough that they came to our attention. In the first example, a maintainer was perceived as sort of over-aggressively closing issues and the contributor got very upset, eventually fired off some angry comments on GitHub and both of them reached out to the Code of Conduct Committee to say, hey, something's wrong with the person's being bad. We investigated, we talked to both people separately, we looked at the GitHub histories and realized that this wasn't an intentional harm. The automation had over-aggressively closed things and so the contributor in this case didn't realize that their issues were being closed not by a human, but by a bot and their anger was misplaced. Meanwhile, the maintainer realized that the automation tools they were using were closing more issues than they meant to and so they were able to modify the tools to better represent the intent they wanted in the community and I'd say the outcome from this was pretty positive. Yes, and feathers were ruffled in the beginning, but both people are still members of the community and things improved. Now for a second example, this happened after someone had just joined the community and began opening their first couple PRs because of the demographic that they represent, they got targeted on GitHub and someone began posting harassing comments on their PRs and they were kind of ignoring it at first but then it continued to happen, this came to our attention and upon looking into this, we realized that the harassing comments were coming from someone who first of all wasn't a regular member of our community but they were harassing people about demographic all over GitHub. They were just sort of a drive-by troll who happened to come into Kubernetes space and cause trouble here. And so in that case, we did reach out to the GitHub admin team and asked them to just block that person from our spaces entirely, kind of a last resort but it seemed prudent in that space, in that incident to make our space safer for everyone. All right, so let's now discuss providing restorative support for our community and focusing on harm reduction. So our intent is to safeguard and build trust in the community and all communications with the Code of Conduct Committee is confidential. This is a safe and private space when you come and talk to us. And what exactly does that mean though? So with whichever means of communications you choose to utilize, we never disclose to one party what another party is said about a situation. And additionally, we seek to verify reports without exposing the claimant while also avoiding potentially causing more emotional distress or jeopardy for that matter. Timeliness is important to all of us. So when you contact us, we'll try to provide a response within a day and depending on the scenario, we may reach out for more information. Just remember, our goal is to find a path towards community healing and individual growth and punishment is really our last resort. And where can you go to reference all of this? So the committee is still fairly young. We have a lot to do but we're committed to updating and publishing documentation around our goals and standardized processes. We're hoping that by making everything public and transparent, the community will have clear expectations when it interacts with us. So some of the docs that we're working on include how we receive reports and triage them, how we handle recusals, how we handle the logistics of incident response, educational materials that we can point the community to and we're hoping to publish transparency reports in the near future. Earlier, as I mentioned, we also work often times with other bodies that deal with code of conduct matters. So we're working on formalizing expectations and communication channels with these groups. This effort will also help define our scope better. So we're ready to find us. If and when you need to reach us, you can email conduct at kubernetes.io to reach all of us at once, but if you do wanna reach out to us individually, you can just DM us directly on the kubernetes Slack. Our job is to be here for the community. So as we mentioned, you should get an initial response back within 24 hours of reaching out. Now, if you are a SIG lead or a working group lead or involved in those, like I said, by all means reach out. You can get engaged with us directly and early on. And if you, we want everyone to feel safe, bringing their whole and authentic self here. So if you feel like something is off or something is wrong, please reach out. Please know that also our work happens mostly behind the scenes. So you may not really see it until we get all of our processes matured enough to create transparency reports. You might not see what we're doing in the community unless you're in one of those SIGs or working groups working with us, but know that we're here supporting you. Thanks for coming to our talk and we'll stick around for some questions. Thank you.