GNOME Code of Conduct committee procedures
The audience for this document is the GNOME Code of Conduct committee. The goal of this document is to ensure that the committee consistently handles all reported Code of Conduct incidents.
The GNOME Code of Conduct committee has the following members:
Christel Dahlskjaer - email@example.com
Federico Mena Quintero - firstname.lastname@example.org
Felipe Borges - email@example.com
Rosanna Yuen - firstname.lastname@example.org
Temporary committee members
The GNOME Foundation executive director, president of the board, vice president, and other GNOME Foundation executives may serve as temporary Code of Conduct committee members. They will only serve as temporary members when less than three committee members do not have a conflict of interest for a report.
The executive with the most authority without a conflict of interest will be invited to become a temporary Code of Conduct committee member for this report. GNOME Foundation executives will be added as temporary committee members until there are at least three people to evaluate a report.
Temporary committee members will discuss and vote like any other committee member, as outlined in this document. Temporary committee members will only have access to documentation for that report. Documentation for other reports will remain restricted to the permanent GNOME Code of Conduct committee members.
Additional access to reports
Please note that GNOME sysadmins have administrative access to some private committee resources. If a report is received that involves a GNOME sysadmin, all committee report discussion and documentation should occur off GNOME servers. GNOME sysadmins making a report and people reporting GNOME sysadmins are encouraged to contact committee members individually via private email. If a GNOME sysadmin accesses private committee resources, the committee will contact the GNOME Foundation board.
The committee has one chairperson. The committee chair's duties involve:
- Calling committee meetings
- Contacting committee members for term renewals
- Tracking the status of active reports
The currently acting committee chair is Federico Mena Quintero.
The committee has one director. The director provides a communication link between the GNOME Foundation Board of Directors and the GNOME Code of Conduct committee. The board appoints one committee member to be the committee director.
The currently acting director is Federico Mena Quintero.
The chair may assign a committee member, or a committee member can nominate themselves, to do the following duties:
- Communications lead for a particular reporter, witness, or reported person
- Communications bridge to GNOME event organizers or online moderators
- Records keeper to ensure the committee notes related to a report are up-to-date
On-boarding new committee members
Should there be two or fewer committee members, additional committee members will be added.
New committee members will be appointed by the GNOME Foundation Board of Directors. The GNOME Code of Conduct committee may recommend new members to the board. The committee may provide feedback on potential candidates under discussion by the board. The GNOME Foundation Board of Directors will vote on all potential candidates.
All committee members will be re-confirmed by the GNOME Foundation Board of Directors once per year. The committee director will ask all committee members if they wish to continue serving on the committee. The committee director will then report back to the board which committee members wish to continue serving. The board will then vote to re-confirm those members.
Confirmed committee members will be given access to the following committee resources:
Committee private mailing list for email@example.com
Committee private wiki pages
Committee private GitLab
- Committee private Google docs for meeting minutes and incident reports
- Committee private Telegram group
- Committee meetings hosted through Uberconference
When a new committee member is on-boarded, they will be asked whether they have a conflict of interest with any open or closed reports. Go through the list of reported people verbally and see whether they have a conflict of interest. If not, grant them access to that report's documentation.
Off-boarding committee members
Committee members shall serve for a term of one year. After one year, the committee chair will check in with the committee member. If the member confirms they wish to continue serving, the committee liaison to the board will report this to the board. If the member fails to respond to the chair request communications, they will be removed from the committee and off-boarded.
If a committee member displays behavior that makes them unfit to continue serving on the Code of Conduct committee, the committee should discuss their removal. One person should email all committee members privately to discuss the person's conduct. If necessary, committee members will privately email the GNOME Foundation Board of Directors to recommend the member be removed. The board will then vote to remove the member, and notify the subset of the committee with the results of the vote.
If the board vote passes, the committee chair will email the person to let them know they have been removed from the committee. Their access to committee resources should be revoked before the email is sent.
When a committee member is resigning or being removed, they should have their access removed from the committee resources listed in the on-boarding section.
Ratifying Code of Conduct Changes
When discussing a change to the Code of Conduct or enforcement policies, the GNOME Code of Conduct committee will follow this decision-making process:
Brainstorm options. Committee members should discuss any relevant context and brainstorm a set of possible options. It is important to provide constructive feedback without getting side-tracked from the main question. Brainstorming should be limited to 3-7 days maximum.
Vote. Changes to the Code of Conduct will be decided by a three-fourths majority of all the Code of Conduct committee members
Board approval. The GNOME Foundation board will review and approve the Code of Conduct changes
Reports will come in from the email firstname.lastname@example.org. This is a private mailing list with archives. It is only accessible to committee members and GNOME sysadmins.
Conflicts of Interest
When a new incident report is received, it's important to only involve the Code of Conduct committee members who don't have a conflict of interest. Committee members who have a conflict of interest should not have access to discussion of the report, documentation of the report, or information about who made the report.
Examples of conflicts of interest include:
- You were directly impacted by the incident and reported it to the committee
- The reporter or reported person is your manager
- You have a romantic or platonic relationship with either the reporter or the reported person. It’s fine to participate if they are an acquaintance.
- The reporter or reported person is your family member
- The reporter or reported person is your direct client
- The reporter or reported person is someone you work closely with. This could be someone on your team or someone who works on the same project as you.
- The reporter or reported person is a maintainer who regularly reviews your contributions
Committee members do not need to state why they have a conflict of interest, only that one exists. Other committee members should not ask why the person has a conflict of interest.
Talking to reporters
When taking a report:
- Engage the person in a private space
- Listen and summarize. Make sure the person feels heard, rather than immediately jumping into problem solving. Make sure you record the important details.
- Acknowledge emotions with "You" statements. Use the phase "I'm hearing you felt (emotion) when (that happened)."
- Seek assistance or resources as needed. You may need to pull in a second committee member or a moderator if there is a situation that needs an immediate response.
- Ensure everyone is safe. If a situation involves threats of violence or publishing personal information (doxxing), it should be dealt with immediately.
- (Optional) If the reported person might know who the reporter is, tell the reporter that might be possibility and ask if they have any concerns.
- Get the reporter's contact information
- Outline the next steps: the report will be evaluated by the committee, a committee member will talk with the person reported, and then the committee will email the reporter
- Thank the reporter for making a report
- Offer them support (see the "Support for Reporters" section below)
Things to avoid when taking a report:
- Do not pressure people into giving reports if they don't want to
- Do not ask whether the reporter wants to withdraw their report
- Do not share the identity of the reporter outside of the committee
- Do not ask for a reporter's advice on how to deal with the complaint. This is the committee's responsibility.
- Do not say what consequences or behavioral modification plan may be given to the reported person. This is decided by the committee after discussion.
Talking to hesitant reporters
Sometimes a reporter may seem hesitant to meet with you or reluctant to provide details in a report. They may fear retribution. They may be worried you won’t act on the report. They may be worried that you won’t believe them. There are several different things you can do. Try them in order:
- Reassure them that their report will remain confidential
- Offer that they report to another member of the team, such as someone who shares their gender identity, race, or ethnicity
- Offer to take an anonymous report. You will not record the reporter's name or contact information. Other Code of Conduct committee members will not be told the reporter's name. Unfortunately, that means they will not receive a follow-up about the report.
- The last option if the reporter is still hesitant is to allow the reporter to "escrow" a report. They can provide a description of the incident and the Code of Conduct committee will not act on it unless the behavior is repeated. The Code of Conduct committee should review any past reports for patterns of behavior, or a pattern of behavior that pushes at the boundaries of what is inappropriate.
Dealing with immediate danger
If there is immediate danger at an event (e.g. occurrence or threat of physical violence), ask the event organizers to call venue security, a crisis line, or other non-emergency numbers. Only call law enforcement if the person at risk asks you to.
If there is an online incident that could threaten someone's physical safety or mental health, only involve law enforcement if the person at risk asks you to. This includes situations such as stalking or sharing personal information publicly in order to encourage harassment (doxxing).
Filing a report with law enforcement without the impacted person's consent may cause unnecessary distress. Filing a police report means the person will have to recount the events, which may further re-traumatize them. Law enforcement may not believe reports of sexual harassment or hate crimes. Police officers may harass the reporter. Police officers often are not trained to handle people who are experiencing mental health issues. Law enforcement often shows bias against people of color. Law enforcement may use the report as an excuse to deport immigrants or children of immigrants, whether that is the reporter or the reported person. In summary, involving law enforcement may put people in further danger.
If a reporter wishes to seek additional help, point them to crisis and non-emergency resources first. Then provide contact information for law enforcement, and say, "if you want any help reporting this incident, please let us know."
Note that there may be cases where the GNOME Foundation is legally obligated to contact law enforcement, even if the reporter did not request it.
Support for Reporters
If someone has been impacted by a Code of Conduct incident, it is important to ensure that they receive appropriate support. This is important not only to ensure their well being, but also to show that the project takes their welfare seriously. Even if an offer of support is not accepted, it still sends a powerful message.
Judging when to offer support and who requires it can be difficult. Remember that it isn't always obvious who might be experiencing distress or hurt. Therefore, as a rule, it is better to offer support than not.
Ways you may be able to offer support to people who have been impacted by an incident at an event:
- Ask: "How can I help?" or "Is there anything else I can do to support you?"
- Offer the person a private place to sit
- Offer them access to your event's quiet room
- Ask: "Is there a friend or trusted person who you would like to be with you?" (if so, arrange for someone to fetch this person)
- If they are feeling isolated/alone: offer to introduce them to other event organizers or attendees who are friendly
- If someone feels that their safety might be at risk, you might want to consider:
- Helping them to find alternative accommodation
- Organizing an escort
- Provide emergency contact information in case they need help later
- If they want to make a report to law enforcement, provide as much assistance as possible
Ways you may be able to offer support to people who have been impacted by an incident in an online space:
- Ask: "How can I help?" or "Is there anything else I can do to support you?"
- Ask: "Is there a friend or trusted person in the community who you would like to talk to?" (if so, send this person a private message)
- Offer to have another person cover their online community duties so they can take a break offline
- If the incidents is on-going or may spread to other online communities:
- Give them the moderator contacts and shift schedule so they know who to contact when further incidents occur
- Notify moderation teams in other communities
- Offer to have moderators watch channels or forums they use more closely
- Offer to lock comments on an issue or bug report
- Offer to set a mailing list to have all email moderated
- Offer to moderate specific people on a mailing list
- Offer to set up moderation for their blog comments
- If they want to make a report to law enforcement, provide as much assistance as possible
Documenting a report
FIXMESteps for documenting a report are listed on a private wiki page accessible to committee members.
Data Retention Policy
Each reported incident will be documented in order to retain records of:
- Contact information for the reporter, third-party witnesses, and reported person
- Incident description, including discussions with reporters or third-party witnesses
- Details of the inappropriate behavior
- Committee meeting minutes
- Committee decisions regarding report jurisdiction and impact/risk assessment
- Committee decisions about behavioral modification plans and consequences
- Discussions with the reported person, including whether they have agreed to a behavioral modification plan and/or consequences
- Follow-up actions to make the community more safe or inclusive
Records must be retained to:
- Review incident documentation during committee discussion of the incident
- Identify repeated inappropriate behavior
- Identify patterns of borderline inappropriate behavior
- Determine whether stricter consequences are necessary, based on past records
- Contact a reporter or third-party witnesses with the resolution to their report
- Contact a reported person to deliver a behavioral modification plan and/or consequences
- Contact a reported person to lift a temporary ban or remove a sanction
- Review documentation during a decision appeal
- Contact a reporter or third-party witnesses with an updated resolution to their report
These records might also include communications such as copies of electronic correspondence between the committee and reporters, third party witnesses, or reported people.
Records must be securely kept on GNOME Foundation servers or under individual access control under Google Documents. Do not turn Google doc link sharing on. Only committee members should have access to the records. Information can be shared with the GNOME Foundation Board of Directors on a case by case, need to know basis. Personal copies of information should not be retained by anyone who has access to them.
If a GNOME online community wishes to abide by the GNOME Code of Conduct, or a GNOME event wishes to abide by the GNOME events Code of Conduct, the moderators or event planners must notify the GNOME Foundation Board of Directors. Such online communities or events may share information about Code of Conduct reports with the GNOME Code of Conduct committee. Appropriate safeguards should be in place to ensure that data can be legally transferred between online community moderators/event organizers and the GNOME Foundation.
Records should be retained for no more than six years after collection. After this time, they should be put beyond use. This means that they must:
- Not be used to inform decision making or actions
- Be stored securely
- Not be passed to external organisations unless legally required to do so
- Be deleted once it is reasonably expected that it will not be required to be produced in the future
Records may be retained for longer than six years if a sanction is active or record removal would negatively impact GNOME community safety.
Discussing a report
Meetings to discuss reports should be held as soon as possible. If the incident requires an immediate response, the meeting should be held within 24 hours of receiving the report. If the incident is not urgent, the meeting should be scheduled within one week of receiving the report.
Only members of the committee should be present at the meeting. At least half of the committee must be in attendance in order to determine consequences and a behavioral modification plan.
Evaluate conflicts of interest. Anyone who has a conflict of interest (as defined by the conflict of interest policy) will remove themselves from the discussion. This may mean the discussion needs to happen with a subset of committee members on an email thread, or with a subset of committee members in a private chat room.
Call a meeting of committee members. Not all committee members may be able to attend the meeting, either because of a conflict of interest, or because of personal reasons. There must be at least half of the committee members who do not have a conflict of interest present in the meeting to make a decision.
Check for missing information. Flag any significant omission or questions. Decide which committee member will follow up with witnesses or the reporter.
During the meeting, discuss the reported incident. Use the evaluation techniques described below.
Propose behavioral modification plan. What behavioral modification plan (if any) should be given to the reported person?
Propose consequences for reported person. What (if any) actions will the committee need to take in order to ensure the behavior does not happen again? What actions will need to be taken if the reported person does not agree to the behavioral modification plan?
Vote on behavioral modification plan and consequences for the reported person. Decisions will be made by a simple majority of the committee members in the meeting.
The current status of all reports should be documented. This includes documenting email and verbal conversations as they occur. A designated committee member will document committee meeting notes, the committee's report evaluation, and what behavioral modification plan and consequences are decided on. The committee member who follows up with the reported person will document their response.
Follow up meetings may need to be scheduled to review additional information, decide additional consequences based on the reported person's response, or to review an appeal.
Evaluating a report
Is this a Code of Conduct violation? Is this behavior on our list of inappropriate behavior? Is it borderline inappropriate behavior? Does it violate our community norms?
Did this occur in a space that is within our Code of Conduct's scope? If the incident occurred outside the community, but a community member's mental health or physical safety may be negatively impacted if no action is taken, the incident may be in scope. Private conversations in community spaces are also in scope.
Did this incident occur in a private conversation or in a public space? Incidents that all community members can see will have more negative impact.
Does this behavior negatively impact a marginalized group in our community? Is the reporter a person from a marginalized group in our community? How is the reporter being negatively impacted by the reported person's behavior? Would members of the marginalized group decide to disengage with the community if no action was taken?
Does this incident involve a community leader? Incidents that aren't handled well can have more negative impact on overall community health.
Does this incident include sexual harrasment?
Does this pose a safety risk? Does the behavior put a person's physical safety at risk? Will this incident severely negatively impact someone's mental health?
Is there a risk of this behavior being repeated? Does the reported person understand why their behavior was inappropriate? Is there an established pattern of behavior from past reports?
What follows are examples of possible responses to an incident report. This list is not inclusive, and the GNOME Code of Conduct committee reserves the right to take any action it deems necessary. Possible responses to an incident include:
- Nothing, if the behavior was determined to not be a Code of Conduct violation
- A verbal or emailed warning
- Requiring that the reported person not send private messages to a community member
- Requiring that the reported person not join specific chat channels
- Requiring that the reported person avoid any interaction with, and physical proximity to, another person for the remainder of the event
- Requiring the reported person not attend evening events
- Refusal of alcoholic beverage purchases at events
- Ending a talk that violates the Code of Conduct early
- Not publishing the video or slides of a talk that violated the Code of Conduct
- Not allowing a speaker who violated the Code of Conduct to give (further) talks at the event now or in the future
- Immediately ending any event volunteer responsibilities and privileges a person holds
- Requiring that a person not volunteer for future events (either indefinitely or for a certain time period)
- Requiring that a person refund any travel grants and similar they received
- Revoking sponsor agreements, refunding sponsorship, and removing sponsor promotion (such as logos or banners)
- Requiring that sponsor attendees immediately leave the event and not return
- Requiring that a person immediately leave the event and not return
- Banning a person from future events (either indefinitely or for a certain time period)
- Removing the reported person from community online chat servers or mailing lists (either indefinitely or for a certain time period)
- Removing the reported person from admin or moderator rights to community infrastructure
- Removing a person from leadership of relevant organizations
- Removing a person from membership of relevant organizations
- Publishing an account of the incident and (optionally) calling for the resignation of a person from their responsibilities
Talking to a reported person
When talking to a person who was reported, discuss the incident in terms of their behavior, its impact, and a behavioral modification plan.
Behavior: "When you joined this chat channel, you greeted people by saying, 'hey guys!'"
Context: "Women are underrepresented in our community. People often assume a woman is not part of our community, and that hurts our women community members. The word 'guys' implies a group of men."
Impact: "When you used the greeting 'hey guys', women in our community felt invisible and unwelcome."
Call in: "I need your help ensuring our community is welcoming to everyone."
Behavioral modification plan: "I need you to not use 'guys' to refer to our community members."
If the reported person wants to apologize, tell them that you will relay their apology, but that they should not contact the reporter. Apologies often center the hurt feelings of the reported person and put the reporter in the awkward position of having to forgive the person. As an incident responder, you can choose to relay the reported person's apology, or you can choose not to if it is not genuine.
Sometimes a reported person does not understand why their behavior was inappropriate, or they will not agree to the behavioral modification plan. If this happens, there may be a risk of the inappropriate behavior repeating. You may need to respond with a more severe consequence than a warning, such as removal from an event or a temporary ban from an online community. Talk with your Code of Conduct committee before hand to determine what response to take if the person does not agree to the behavioral modification plan.
No Forced Apologies
Do not ask for the reported person to make an apology to the reporter, third party witnesses, or other people who were impacted by their behavior. Committee members have no responsibility to enforce friendship or reconciliation. The committee's goal is to stop the inappropriate behavior.
Forcing an apology can cause the impacted person additional distress or trauma. It forces further contact with the reported person, which can cause the impacted person to feel unsafe or impact their mental health. It also creates a social expectation that the impacted person will accept the apology, forgive the reported person, and return their social connection to its previous status.
If the reported person offers to apologize to the impacted people (especially in person), discourage it. Say, "I accept your apology on behalf of (the impacted people)."
If a committee member relays an apology to the impacted people, it should be brief and not require a response. "(The reported person) apologizes and agrees to have no further contact with you" is brief. "(The reported person) is very sorry that their attempts to woo you were not received in the manner that was intended and will try to do better next time, they're really really sorry and hope that you can find it in your heart to forgive them" is emphatically not.
If the reported person recognizes that their behavior was inappropriate, note that in the relayed apology. If the reported person does not recognize their behavior was inappropriate, do not relay the apology, as it is not genuine.
Tell the reported person they are not to further discuss the incident with the impacted people. If the reported person attempts to press an apology on someone who would clearly prefer to avoid them, or attempts to recruit others to relay messages on their behalf, this may constitute continued violation of the Code of Conduct.
Following up with reporters
Reporters should receive an acknowledgment of their report within 24 hours. Follow up on a report should be completed within 1 week.
When a report comes in via email:
- Thank the reporter for sending in an incident report
- Give them a timeline for when the incident will be discussed by the committee
After you have talked to the reported person, follow up with the reporter. You can talk to them in person or send them an email.
If the report was determined to be a Code of Conduct violation, follow up with the reporter to:
- Outline what behavioral modification plan was given to the reported person.
- Make sure to mention if the reported person was told not to contact the reporter.
- Thank them for their report.
- Ask them to make an additional report if any other behavior makes them feel unsafe or unwelcome.
If the report was determined not to be a Code of Conduct violation, follow up with the reporter to:
- Thank them for their report.
- Outline why the report was not a Code of Conduct violation, and/or not in scope for the community's Code of Conduct.
- Give the contact information of a person they can appeal to, should they have concerns about how this report was handled.
If handling the report takes longer than 1 week, then the committee will need to send an update to the reporter:
- If you cannot find the reported person at an event, give the reporter daily updates as you search for the reported person.
- If the committee is waiting on additional information, give the reporter an estimated timeline for when the committee will finish their discussion. Once the discussion deadline has passed, follow up with a new deadline.
The committee should send an email acknowledging emailed reports or reports via web form within 24 hours. Reporters should receive an email back with the committee’s decisions and actions taken within 1 week. If deliberations are taking longer than a week, you should email the reporter letting them know that the report will take more time to handle.
Some incidents require a public response after the incident in order to protect the GNOME community. Reasons that you might decide to communicate an incident or enforcement decision with the community include:
- To be transparent with the community
- To ensure that people correctly understand the Code of Conduct
- To reassure people that you are serious about enforcing a Code of Conduct
Be prepared and willing to distance your community from actions of participants that reflect badly on the GNOME community, and to defend your action or inaction in response.
Try to respond quickly to incidents. A late response looks a lot like no response at all and can harm the GNOME community's reputation. Use a simple general statement about the kind of behavior involved.
For example: "$COMMUNITY does not condone $BEHAVIOR. $BEHAVIOR violates the GNOME Code of Conduct. We take harassment seriously and respond to reports of it quickly and firmly."
If the incident has been dealt with at the event, it may be appropriate to make a short announcement at the next plenary, something like: "$thing happened. This was a violation of our policy. We apologize for this. We have taken $action. This is a good time for all attendees to review our policy at $location. If anyone would like to discuss this further they can $contact_us_somehow."
Once every three months, the GNOME Code of Conduct committee will provide a public transparency report about the resolved and ongoing reports it has handled. The committee may decide to delay a transparency report if the timing of releasing a transparency report would jeopardize the privacy of the reporter, the reported person, or third-party witnesses.
The transparency reports will remove any information about the reporter and the reported person. If there is no way to anonymize the report without revealing the identity of the reporter or the reported person, the transparency report will simply note that a report was made. If no reports have been made in the specified time period, the transparency report will state that.
Transparency reports will include:
- A description of how the Code of Conduct was promoted to community members
- A summary of the total number and types of incidents that have occurred since the last transparency report
- A summary of the resolutions to those incidents, including unresolved incidents
- A generalized description of each incident, and how the incident was resolved
Examples of transparency reports include:
Please consult with the GNOME Foundation board and/or GNOME lawyers before making a report to someone's employer. If approved, it may be appropriate to provide a short report of someone's conduct to their employer. This may be appropriate if someone is working in an official employee capacity.
An incident may be reported to an employer if the incident occurred while the reported person was:
- Talking about their employer's product
- Staffing a sponsor booth at a GNOME event
- Answering questions about their employer in the GNOME online community
- Attempting to recruit someone to work for the employer
- Claiming to represent their employer's views
- Working as paid staff for the GNOME Foundation, whether as event staff, online moderators, or contributors
The GNOME Online Code of Conduct is licensed under a Creative Commons Attribution Share-Alike 3.0 Unported License
Additional language and graphics were incorporated and modified from the following resources:
Impact vs risk assessment is licensed under a Creative Commons Attribution Share-Alike 3.0 Unported License by Audrey Eschright of Safety First PDX and Otter Tech