Newsgroups: php.internals
Path: news.php.net
Xref: news.php.net php.internals:90480
Mailing-List: contact internals-help@lists.php.net; run by ezmlm
Received-SPF: pass (pb1.pair.com: domain zend.com designates 207.46.100.120 as permitted sender)
To: Larry Garfield <larry@garfieldtech.com>
CC: "internals@lists.php.net" <internals@lists.php.net>
Thread-Topic: [PHP-DEV] [RFC] [Draft] Adopt Code of Conduct
Thread-Index: AQHRS1LH8OOHaE61qE+F+j0qqSsPWZ70ISYAgAGuTACAADPJYA==
Date: Mon, 11 Jan 2016 12:11:43 +0000
Message-ID: <BY2PR02MB298A99FAE3EF9F129FC1A48ACC90@BY2PR02MB298.namprd02.prod.outlook.com>
References: <CAAyV7nFbngZ42qzbSFyveH+vsyir9QNtMJq8H=u9VqTBVBv5Og@mail.gmail.com>
 <CAAyV7nHrip8Ljxjdi2DiGbcnXxY9JK+pN+LCwYKqsjJNvEyUrg@mail.gmail.com>
 <910b145571b2c3e98338d54c0dd6a981@mail.gmail.com>
 <CAAyV7nGGJ3-mCZhDcmhcjqgEOMUBQwvA0vVEE67K4Vmot4ep5Q@mail.gmail.com>
 <CAPgLKii-L-TvKLiSYNdcXxmkr60k2_93EE7hc9LSL=3NQwQjRw@mail.gmail.com>
 <CAESVnVqrXQHpYabkOZvVhbGVUNtQLLS_h=OsnaaQWhEeHWx+uw@mail.gmail.com>
 <CAAyV7nGV4Vawdq67j0eZa4j+R2zM_14-KZpBe_S6JUOc7-9Yfg@mail.gmail.com>
 <0E9E4C89-1800-4000-BD5A-BC81F43BE2FE@gohearsay.com>
 <CAAyV7nEVKqOJWn9Fb7Sa2cAPRBZ-Pu00BOmha4ObGciwPHXiGQ@mail.gmail.com>
 <44142A2C-0E7C-4525-880F-7759CD8A502A@heroku.com>
 <5691D820.4080309@gmail.com> <56934116.70002@garfieldtech.com>
In-Reply-To: <56934116.70002@garfieldtech.com>
Accept-Language: en-US
Content-Language: en-US
received-spf: None (protection.outlook.com: zend.com does not designate
 permitted sender hosts)
spamdiagnosticoutput: 1:23
spamdiagnosticmetadata: NSPM
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
X-MS-Exchange-CrossTenant-originalarrivaltime: 11 Jan 2016 12:11:43.3953
 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 32210298-c08b-4829-8097-6b12c025a892
X-MS-Exchange-Transport-CrossTenantHeadersStamped: BY2PR02MB297
Subject: RE: [PHP-DEV] [RFC] [Draft] Adopt Code of Conduct
From: zeev@zend.com (Zeev Suraski)

Larry,

Thanks for your detailed letter.  I think that I'm not that far off from yo=
ur position, but clearly, there are some differences of opinion that lead u=
s to different conclusions.
Given the length of your email, I'm going to be very^H^H^H^H selective in w=
hat I respond to.

> I'm inclined to see the (partial) validity in most arguments, even if I d=
on't
> entirely agree with them.

Same here.  In fact, being able to see things from other people's point of =
view - and being able to articulate it, even if I disagree with it, repeate=
dly came up as feedback for me over the last 20 years (yikes) of my career.

> However, it also means that extreme positions frustrate me to no end,
> because I cannot bring myself to agree with the extreme position even if =
it
> has valid points to make.

I actually try to understand very extreme positions too, even if I complete=
ly disagree with them.  Being able to understand how people reach extreme p=
ositions is extremely important in combating them (in case of any doubts, I=
'm *not* talking about internals at all here).

> To be clear, the "there's a risk of abuse so do nothing" crowd

I haven't seen a crowd that supports the 'do nothing' approach, at least no=
t vigorously so.  The way the RFC was presented, the CoC and the ways to en=
force it came hand in hand as one integrated, inseparable bundle.  I've yet=
 to see anybody saying 'we must not do anything', even though some did argu=
e there's no real need for change.  I believe most of those will be fine wi=
th a CoC that is a Mission Statement, or for that matter, a true Code of Co=
nduct (which means it does not contain enforcement measures).=20

> is saying,
> implicitly, that the known and existing problem of people getting death
> threats

Let me stop you right there.

I don't know that there have been death threats going around here.  I've ne=
ver seen one with my own eyes, or for that matter, heard about one 2nd hand=
.

I don't know for a fact that there have been threats of ANY kind of violenc=
e.   I know that Anthony reported four threats of violence, but even if he =
fully believes he was threatened with violence, I'm not sure that had we ha=
d access to the messages sent to him, we'd all agree that these are true th=
reats of violence, or just a broad interpretation.

Given that I was presented in numerous forums as a true 'enemy of the state=
' during the STH RFC - and certainly felt that there was a mob with electro=
nic pitchforks working in tandem to blame me for all sorts of things I eith=
er didn't do, or were completely legitimate but presented as illegitimate b=
y interested parties (on internals, Twitter and Reddit)  - I now feel almos=
t offended that I never once got any threats of violence, let alone death t=
hreats, in the context of the PHP project.  On a more serious note, yes, I =
find it difficult to believe true threats of violence were made, although I=
 believe Anthony may have felt that way.

And that is exactly the problem with the judicial system.  All judicial sys=
tems are inherently subjective.  That's not something we can fix by working=
 harder or spending more time on the RFC in my opinion (although as I told =
Anthony, I'm game for helping out - but think it's fundamentally impossible=
 to fix).  The state laws we all live under are subjective, subject to abus=
e - and they do break all the time.  Even when they work out - there are di=
fferent opinions regarding the effectiveness of the penal code, vs. rehabil=
itation efforts.

World history is full of examples in which certain events - real, staged or=
 imaginary - were used as pretext to attack/persecute other groups.  I'm NO=
T saying this is what's happening here, definitely not purposely, but I am =
saying that it's impossible to hold the stick at both hands - if we want to=
 take into account that there have been death threats or other threats of v=
iolence - which is mind-boggingly far-reaching from my point of view, we ne=
ed to see evidence - not just to know whether it's true or not, but also so=
 that we can each form our own opinion about them and whether they truly co=
nstitute threats or not.  If people are not willing to present that evidenc=
e - which I fully respect and is entirely within their rights - I, for one,=
 cannot accept their existence as evidence.  At best, it's an uncorroborate=
d testimony - but a more accurate description would be 'calling for conclus=
ion'.

> It ignores that the status quo is also subject to abuse; it's just a diff=
erent kind
> of abuse (taking advantage of the lack of accountability and lack of due
> process we have now), and perhaps easier to abuse by a different type of
> person.

This keeps coming up, but without any substantiated evidence that there's l=
ack of accountability or that we're somehow being harmed by lack of due pro=
cess.  Not a single case has been presented for public scrutiny as a way to=
 'test drive' the CoC, despite repeated requests from David, Stas and mysel=
f (and perhaps others).
As an analytic person that believes in science, I'm very reluctant to belie=
ve what I can't either see myself, or that's been widely researched and pro=
ven with sound scientific method.  The evidence presented as grounds for ne=
eding this CoC is either weakly supported, or not really relevant - at leas=
t the way I understand it the CoC - to the kinds of problems people want it=
 to solve.

In fact, whenever this point was brought up - the main response seems to de=
al with the 'toxic nature of internals', or how 'unfriendly it is', putting=
 off people from contribution.

I have two things to say about that:
1. I want to understand how the CoC+judicial elements would have been used =
to fix that, in concrete examples.  The way I understand the point of the C=
oC, it was supposed to deal with extreme cases, and not create a thought or=
 behavior police that would be invoked on a daily basis.  Which one is it?
2. I don't think that any CoC can make internals 'friendly'.  To me, it's u=
nfriendly simply because of the sheer volume of messages, and knowing that =
if I want to present a new idea or voice an opinion in a discussion - it wi=
ll be scrutinized from every possible angle by dozens of people - some of w=
hich who hold a very different view than mine on where the language should =
be going.  A CoC can't fix that.  People who aren't up for that - who aren'=
t willing to accept the fact that they would need to defend their position =
against people who think 180 degrees from them - are probably not fit for a=
 place like internals.  Sure, we can do more to avoid negativity that doesn=
't cross lines - and try foster positivity, so that the challenge becomes m=
ore of the to-the-point criticism and less about style/person.  Which bring=
s me to the next point.

I maintain that a 'toothless CoC', or in simple English - a CoC, the behavi=
oral equivalent of a Mission Statement - can do a lot more than a judicial =
system to improve the quality of the discussions on internals, simply becau=
se if the only practical recourse in case of breaking it is mediation (i.e.=
 achieving peace) - the chances for abuse are slim to non-existent (more on=
 that below), and it's clear to all parties involved that the goal is the g=
reater good of everyone - not punishing a particular individual.  With a 'p=
enal code', when things heat up - the motivation to throw accusations aroun=
d would likely grow tremendously, and with the risk of punishment hovering =
above the process at any given time, with a practical 'Anything you say may=
 be used against you', the likelihood of having a true, open discussion see=
king peace is a lot slimmer.

> There is a vast difference between "this could be abused in
> these ways" and "zOMG fascist!!1!"  If anything, the repeated use of the
> latter (which is complete hyperbole and belies a total lack of political =
or
> historical awareness) actively undermines the former, and makes trying to
> address and account for the abuse risk harder, not easier.  It is the mir=
ror
> image of "he offended me so burn him at the stake!", a hyperbole that is
> over-used to the point that it undermines those who are trying to deal wi=
th
> actual abuse and harassment.

As a side note, I don't believe Paul called Anthony a fascist at any point.=
  Although I didn't review all of the many occurrences he used the word so =
I could be wrong, I believe he used that adjective to describe the RFC, and=
 not its author.  This is not splitting hairs, it's a very important distin=
ction.  Granted, with my background and the sensitivities I have, it defini=
tely wouldn't have been my choice of words.  My guess is also that Paul wan=
ted to intentionally explore the boundaries of free speech here.  We all ne=
ed to realize there's a fundamental difference between criticizing an idea,=
 and criticizing a person who brings it up.  As with other areas in life, I=
 think it would be a better world once that's realized.

> The other "contra" position is to make a CoC toothless.  The argument her=
e
> being "if it can't actually be enforced, then it can't be abused."
> Which is, well, partially true, but if anything, not having a real proces=
s around
> it makes it *more* likely to be abused by the professionally-sensitive, n=
ot
> less, because the enforcement falls back on the "court of public opinion"=
.
> The professionally-sensitive tend to be really really good at manipulatin=
g that
> to their own ends, without any due process.  In fact, I would trust a
> reasonable group of mediators as "judges" with due process far more than =
I
> would a mob court.  I would feel safer, as an accused, with a known proce=
ss
> and people I respected managing the process than with it playing out as a=
 100
> message long thread plus who knows what happening on Twitter and and/
> Reddit.

To be perfectly honest, I simply don't understand the point you're making a=
bout the 'professionally sensitive'.  This isn't a rhetorical question, I t=
ruly don't understand what you're referring to here - and how a toothless C=
oC can somehow be abused by such people.  Examples would help.

While I think the court of public opinion can certainly be problematic, so =
can a 'triumvirate' of sorts.  I'm not sure which is better.  But more impo=
rtantly, in my opinion, that's actually an irrelevant comparison and I'll e=
xplain why.

In my experience, when systems are in place - they start being used.  I see=
 that in all facets of life, including here, the technological world, law, =
everywhere.  That leads me to believe that if we have a system in place, it=
 will undoubtfully be used, and when there are rules that are ready-to-exec=
ute on, it will be all too easy to reach extreme outcomes.=20

The fact we don't have a real structure in place, except for the RFC proces=
s (which arguably, we have to at least ratify as a way to ban or otherwise =
punish people because it was most certainly not designed for that purpose) =
- is, in my opinion, a Good Thing.  While I'm not denying the fact that bad=
 things can happen - and may have happened already (outside my knowledge) -=
 I do want the burden of banning or otherwise punishing a person to be exce=
ptionally high, and not something that's structured and ready to execute on=
.

Now, had we had horrific things happening on a regular basis - I may have t=
hought differently (in which case I still think we'd have an enormous probl=
em in our hands, as in how does a bunch of people that are no legislators n=
or lawyers create a good judicial system overnight).  But until we see evid=
ence to that effect, my working assumption is that this is simply not the c=
ase right now.
=20
> If the CoC is toothless, the teeth will simply come out elsewhere in ways=
 we
> don't like.  If it has teeth, we can determine how sharp those teeth shou=
ld be
> in order to achieve the goal of a less antagonistic, more collaborative
> community.

That's one of the main things that worry me here.  Mixed messages and duali=
ty about the purpose, goal and applicability of the RFC.  Is it to clean in=
ternals from 'toxins' - implying far-reaching effects, or is it handling ex=
treme cases?  At the risk of sounding like a broken record, I'd like to und=
erstand - with concrete examples - both what the goal is and how proponents=
 of it believe that the 'toothfulness' of it is going to help achieving tha=
t.  Especially if the goal is to 'detox' internals, I'd like the examples t=
o be of things that actually happened, and not theoretical.

> I'll take that a step further: Having a CoC with no teeth has a higher ri=
sk of
> abuse than it having teeth, because those who would abuse it can use that
> lack of teeth to their advantage.

I think that the use case of a CoC+judicial system being abused is clear.  =
Someone is falsely accused - either due to malice or by a broad interpretat=
ion of real facts, and mistakenly punished by a team of non-professional ju=
dges using an amateur rulebook.  With systems in place, that's a likely sce=
nario, almost bound to happen sooner or later - and depending on the interp=
retation / goal of the CoC (see the 'mixed messages' above) - can actually =
be quite common.  Things are pretty bad even with professional judges and l=
aws that have been refined for centuries, they can truly be disastrous with=
 amateur ones using pseudo laws invented from scratch.

The situation in which a CoC+mediation team can be abused isn't clear to me=
.  The only thing I can think of is an extreme case, where the offender tru=
ly makes threats of violence and/or repeatedly breaks the CoC and completel=
y disregards both calls to cool off and more elaborate mediation efforts.  =
I don't believe we've ever experienced such a scenario, and nothing I've se=
en in the PHP community leads me to believe that's likely to change.  But i=
n case it does happen - that's exactly the exceptional circumstances where =
a public RFC could be in order.

> The other objection has been the scope of activity that is covered, and h=
ow
> far out from the centerpoint of this list it should extend. This is also =
a very
> legitimate concern.  Certainly, I know I hold certain social and politica=
l views
> that many on this list would disagree with, perhaps be offended by.  And =
I
> most definitely would not want my activity in some other unrelated
> politically-incorrect realm to be used as grounds for kicking me out of P=
HP.  I
> would not want a repeat of Brendan Eich here, to cite a recent example.

That's one huge inherent advantage of limiting ourselves to mediation only,=
 as it naturally limits the scope of application for the CoC.  The fact you=
're supportive of XYZ, unless it personally harms another person - is inact=
ionable, and that's a Good Thing.  If one's only recourse - barring extreme=
 cases like threats of violence or sexual harassment - is mediation, one is=
 much less likely to be trigger-happy with accusations, as there's no 'gain=
' to be had.=20

> That's why the scope needs to cover "involves PHP business, regardless of
> medium" rather than "just on certain pieces of server infrastructure".  I=
t's
> trivial to circumvent otherwise.  Now, how do we define "involves PHP
> business" in a way that, for example, forbids someone from harassing a ga=
y
> person about PHP business but doesn't penalize someone for participating =
in
> an anti-gay-marriage protest in their home town?  That's the question we
> should be discussing: How that balance works to minimize that risk, and a=
void
> it being abused to Eich someone.  (Yes, I just used Eich's name as a verb=
.)

Another inherent advantage of stopping at mediation.  The scope can be as w=
ide as we'd like, since the goal is to bring peace, and not bring people to=
 justice.
As much as it's popular to bash internals - I think we ultimately all want =
PHP to succeed, even if we have different ways on how to achieve that.  I t=
hink that for the most part, there's a lot of good will around our virtual =
table.  Mediation could have improved the process & outcome of numerous 'sk=
irmishes' that took place on both internals and elsewhere in 2015.  An amat=
eur judicial system?  I'm afraid to even think about the possible scenarios=
.

> Yes, that means empowering certain people to make subjective decisions.
> That is not, in and of itself, evil.  Could it be abused?  Yes it can.
> But that is a problem *we already have*.

I think we're going to make it fundamentally worse and much more dangerous =
by structuring it in a ready-to-go process, with a dedicated team that has =
responsibility to act according to it.  Very different from the burden of s=
omeone going through the - admittedly, headache - of proactively coming up =
with an RFC and explaining why person X deserves to be punished.  Like I sa=
id, it's also quite questionable whether we really have that problem today =
as the Voting RFC doesn't deal with penalties, and I hope you can take my w=
ord for it that I never anticipated or even dreamt that it would be used in=
 such a context.  At the very least I think the RFC process needs to be ame=
nded if we want to be able to use it for such purposes.   Personally, I'd m=
ake the bar a lot higher than 2/3s.  Truly unacceptable behavior - such as =
threats or sexual harassment should easily garner >90% support for penaltie=
s.=20

> Possible mitigation for that subjectivity: A clear expectation that membe=
rs of
> the CRT get some training in mediation, conflict resolution, and dealing =
with
> CoCs.  Such training does exist, and would probably be good for them to g=
et.
> Thoughts?

Great idea which I think we should do, but for a mediation team.  Not a med=
iation team that can sudo() into a judging panel.

Of course, if we pick this approach that's better than not having them trai=
ned, but again, I look at the judicial systems of democratic states, with l=
aw codes that evolved for hundreds of years, that employ professional legis=
lators, lawyers and judges, built brick upon brick upon brick in precedence=
 and find tuning - and see how often they fail, sometimes spectacularly and=
 sometimes silently, and I'm wondering what makes us think that a bunch of =
(barely) amateurs (myself included!) can come up with a system that won't b=
reak left and right.

> In short (because I know this email is crazy long): I agree with the conc=
ept
> behind many of the concerns raised about a CoC.  They're legitimate and t=
he
> risk of abuse is real.  Unfortunately, the "therefore do nothing!" or "ma=
ke it
> so weak as to be useless"

As I mentioned numerous times on this thread before, the position I'm advoc=
ating is NOT useless at all.  In fact, I think it stands a much better chan=
ce at improving the spirit of internals, as instead of things revolving aro=
und being able to prove things and potential penalties - good will is almos=
t enforced (except for truly extreme cases).  It's a lot more likely to get=
 invoked more frequently than the report-investigate-punish one, including =
non-extreme cases, that have more to do with style than actions that truly =
cross the line of acceptability.

Some of the most famous CoC's in the world came with no penal codes against=
 them, and these shaped humanity.  Some that come to mind - the Ten Command=
ments, the Hippocratic Oath and the Golden Rule.  That last one is extremel=
y relevant to our discussion too.

Last, we can (relatively) easily 'upgrade' from a CoC+mediation to a CoC+ju=
dicial system, if we see things are going south - in which case I'm sure it=
'll also enjoy much wider support.  The other direction is a lot more diffi=
cult (read: impossible).  Once the systems are in place, it's a lot more di=
fficult to fix them and virtually impossible to undo them.  That I think sh=
ould be enough for us to at least start by focusing on our values and media=
tion - find the commonalties among us instead of focusing on where we disag=
ree.=20

Thanks for reading!
=20
Zeev