Newsgroups: php.internals
Path: news.php.net
Xref: news.php.net php.internals:90868
Return-Path: <scott@paragonie.com>
Mailing-List: contact internals-help@lists.php.net; run by ezmlm
Delivered-To: mailing list internals@lists.php.net
Received: (qmail 65469 invoked from network); 24 Jan 2016 03:25:11 -0000
Received: from unknown (HELO lists.php.net) (127.0.0.1)
  by localhost with SMTP; 24 Jan 2016 03:25:11 -0000
Authentication-Results: pb1.pair.com smtp.mail=scott@paragonie.com; spf=permerror; sender-id=unknown
Authentication-Results: pb1.pair.com header.from=scott@paragonie.com; sender-id=unknown
Received-SPF: error (pb1.pair.com: domain paragonie.com from 209.85.215.53 cause and error)
X-PHP-List-Original-Sender: scott@paragonie.com
X-Host-Fingerprint: 209.85.215.53 mail-lf0-f53.google.com  
Received: from [209.85.215.53] ([209.85.215.53:35430] helo=mail-lf0-f53.google.com)
	by pb1.pair.com (ecelerity 2.1.1.9-wez r(12769M)) with ESMTP
	id 29/5A-03822-51444A65 for <internals@lists.php.net>; Sat, 23 Jan 2016 22:25:10 -0500
Received: by mail-lf0-f53.google.com with SMTP id c192so67205816lfe.2
        for <internals@lists.php.net>; Sat, 23 Jan 2016 19:25:09 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=paragonie-com.20150623.gappssmtp.com; s=20150623;
        h=mime-version:in-reply-to:references:date:message-id:subject:from:to
         :cc:content-type;
        bh=ZNwb/X6ekbf79GiwFO5OqqVy7uaSgCJl8glKWwN0R14=;
        b=03ATdf2oI5fcTCPnjEm2fCxJebjqbCpGWR9VPLCWl7oViIlSL55A8+3dXy3YEPX6uh
         8x8DKR3oa/AvKYaYO13pwCjZ1XpaAeiAVHbfIcNraC2bRCLfD6koJa5HMnZgf8idS6HE
         L1URuIDsn+uHaAz8e8UQNWz04LSscO9YZDTRT0ZDUk6h+IX0b+auL283stuW9xHvAoZ4
         EoggIgdunHWXQYd+2rNKy0+lrM1P84RfnmURVDAW8fBaP2NFzfAZr862pj9isWVwYtZ1
         tEOLw2ge7tRmNM1k55ra70Mh2a1EJLxqvti5Tf/kXxkn5yrwS4dbaPj0Bj9VafOyqeTB
         aGKQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20130820;
        h=x-gm-message-state:mime-version:in-reply-to:references:date
         :message-id:subject:from:to:cc:content-type;
        bh=ZNwb/X6ekbf79GiwFO5OqqVy7uaSgCJl8glKWwN0R14=;
        b=HdBgefTfdIwC1h4djNiTdiIUntrug+i/1YL2STDLXsstJ+slTxMDsyE3V65Fz8rQsF
         Fm7j9S0olu5UEQl1KIsuOijnTGpZvAuxOymsd51dszw5iEpWccNNEVPdDDxCMwYs45ZO
         OTjYtiD8XXYqbS1r+zDETNObQsOYqjTzfO7Qq3kPzPCFZ0uS3i1p7KauKnI5nQA8dFqQ
         JGjwCSEJog2qZQB4cYVfB756qTwQDb3fXFLagUUMtWGkWbPFbHUJ1lwIEWERnC0HdNiU
         cw3d0jmYu60QETKlttNmK467y0mKA4zxPYIITKxQ6OprX0Y1DEQ69OJomTECLA/Q7v3I
         vLtQ==
X-Gm-Message-State: AG10YOT6SdLZukgZ497Zr1mrMObAC3px11QwX787mMgL6xf4sVltKIbvswXtZhOv8WO9HNzBg2kPfqjwzp/3qw==
MIME-Version: 1.0
X-Received: by 10.25.17.89 with SMTP id g86mr3168201lfi.82.1453605906399; Sat,
 23 Jan 2016 19:25:06 -0800 (PST)
Received: by 10.114.173.80 with HTTP; Sat, 23 Jan 2016 19:25:06 -0800 (PST)
In-Reply-To: <CAEZPtU7p_ywqxmdPa0vPGj4f1wtm2BjWp7Jk2A+UiT=tJ3L3Pw@mail.gmail.com>
References: <CALuPxdC1qD-agcALhg19jwXe6QWGkoXmvw7q-y_Nrw2NCvFeeQ@mail.gmail.com>
	<BY2PR02MB298F214CF78C48D6707057EACC50@BY2PR02MB298.namprd02.prod.outlook.com>
	<CALwr1G=sQNURmwSPUxBxeYiu7L4fEPYAXYuBitzsXOCGv+smtw@mail.gmail.com>
	<56A43770.9080104@gmail.com>
	<CAEZPtU7p_ywqxmdPa0vPGj4f1wtm2BjWp7Jk2A+UiT=tJ3L3Pw@mail.gmail.com>
Date: Sat, 23 Jan 2016 22:25:06 -0500
Message-ID: <CAKws9z1LEAAmOMm4Gpy56Bva-7sVz3aQ_35tEs9_QROC6xU3MA@mail.gmail.com>
To: Pierre Joye <pierre.php@gmail.com>
Cc: Stas Malyshev <smalyshev@gmail.com>, =?UTF-8?Q?P=C3=A1draic_Brady?= <padraic.brady@gmail.com>, 
	PHP internals <internals@lists.php.net>, Brandon Savage <brandon@brandonsavage.net>, 
	Zeev Suraski <zeev@zend.com>
Content-Type: multipart/alternative; boundary=001a113f8fa6b1dd25052a0bff9f
Subject: Re: [PHP-DEV] Specific incident in relationship to the proposed Code
 of Conduct
From: scott@paragonie.com (Scott Arciszewski)

--001a113f8fa6b1dd25052a0bff9f
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: quoted-printable

On Sat, Jan 23, 2016 at 9:59 PM, Pierre Joye <pierre.php@gmail.com> wrote:

> Hello,
>
> On Jan 24, 2016 9:31 AM, "Stanislav Malyshev" <smalyshev@gmail.com> wrote=
:
> >
> > Hi!
> .
> >
> > > day. To state an obvious question - what precisely is the status quo
> > > in comparison to a COC? Ad-hoc bans by whoever has access to the ML?
> >
> > Yes, status quo is pretty much that.
> =E2=80=8B=E2=80=8B
> IIRC we needed it one, two times
> > over 20 years? And it worked fine then. Now, maybe it's time to improve
> > on it, but the data so far does not show we're in failure mode.
>
> I think it reasonable to think we don'g have data, at all. Yes we have tw=
o
> cases which were so obvious that we had to handle them.
>
> For anything we have nothing. This proposal will give us more data about
> how we are, how we feel, etc. If anything this is good.
>
> > So I
> > find a hard focus on bans be a bit strange - for something that we'd us=
e
> > maybe once per 10 years, it gets a lot of time spent on it.
>
> I think we should have used temporary bans a bit more to cool down things=
.
> Including to myself along other.
>


=E2=80=8BHi all,

I've been mostly staying out of these discussions because I'm focusing my
time and energy on things that will hopefully be more valuable than just
weighing in with another opinion on this issue. However, I do feel the need
to state this because I haven't seen it stated by anyone else yet (maybe I
missed it?) and everyone in this thread seems calm, collected, and
reasonable:

I think focusing on the extreme behaviors is harmful towards a mature and
progressive discussion on these matters. My opinion is based on two
premises:

1. Good opsec, which career criminals and dedicated harassers would be
incentivized to adopt, can completely thwart any CoC we could come up with.
A good example would be DOXBIN, which hosted peoples' personal information
(their "dox") on a Tor hidden service and thumbed its nose to law
enforcement for years. The operator, Nachash, is still free. At no point in
time has an arrest been made.
2. If you have a hammer, every problem looks like a nail. If you create a
tool meant for dealing with the most extreme harassers, and you will never
CATCH them, all that happens is you create a system for potentially
inflicting damage on less extreme transgressors.

Focusing on the existence/nonexistence/frequency of extreme harassment is a
non-starter. Yes, you might think you only need it once every 10 years now.
Maybe it turns out we need it once per week and we were blind to the abuses
that were occurring. Or maybe it turns out we don't ever need it at all,
but we've created a process for harassment by proxy.

Extreme harassment needs to be dealt with by specialized professionals,
i.e. law enforcement, clinical therapists, and mental health professionals.
We shouldn't even consider them in scope.

So I disagree that notions such as, "=E2=80=8BIIRC we needed it one, two ti=
mes over
20 years?" are worth any future consideration.

Let's start with a solution that is appropriate for 50% or more of
situations, and take it one step at a time. There are no 100% or even 99%
solutions from day one.

That's all I have to say at the moment. I'm going to go back to addressing
technical problems; human problems are beyond me to solve adequately.

Scott Arciszewski
Chief Development Officer
Paragon Initiative Enterprises <https://paragonie.com/>=E2=80=8B

--001a113f8fa6b1dd25052a0bff9f--