Re: Patch submission should not imply agreement to policy (was Re: Promoting the GNU Kind Communication Guidelines?)

[Mark H Weaver]

Hi Chris,

Christopher Lemmer Webber <address@hidden> writes:

> Mark H Weaver writes:
>
>> Christopher Lemmer Webber <address@hidden> writes:
>>
>>> Thorsten Wilms writes:
>>>
>>>> On 29/10/2018 09.59, Björn Höfling wrote:
>>>>> In law, there is the term of "conduct implying an intent". So even not
>>>>> signing anything you could argue that by sending a bug or a patch you
>>>>> silently agree with the community guidelines, CoC, etc. You enter the
>>>>> community be interacting the first time. And will be judged by their
>>>>> guidelines.
>>>>
>>>> It used to be that you could pick a Free Software project and send a patch.
>>>>
>>>> Now sending a patch is supposed to imply agreeing to the equivalent of
>>>> an EULA? Everyone is expected to welcome that as progress?
>>>
>>> Submitting code to a project under a copyleft license is also agreeing
>>> to policy.
>>
>> What is the basis for this claim?
>>
>> While I'm generally in favor of the CoC, I strongly oppose the idea that
>> submitting a patch or communicating with us implies automatic agreement
>> to our policies.
>>
>> We should not claim that someone has "agreed" to anything without their
>> conscious knowledge and consent.  Even if the law would allow us to make
>> such a claim, we should not do it because it would be unjust.
>>
>> Please, it is enough to make our policies clear and highly visible, to
>> encourage people to read them, and to give the lead project maintainers
>> the authority to issue warnings, and if deemed necessary, to ban people
>> from our communication channels who repeatedly or severely violate our
>> CoC.  I support that practice, as long as it's used judiciously, and I
>> have every confidence in Ludovic and Ricardo to do so.
>>
>> We do _not_ need to extract promises from contributors ahead of time
>> that they will follow our policies, and I think it's a bad idea to ask
>> them to.  It's a worse idea to claim that they've done so implicitly
>> without their knowledge or consent.
>>
>>       Mark
>
> I suspect we do not disagree Mark, but the way in which you replied to
> me makes it sound like we do, so let me clarify. :)  My short reply was
> because I was trying to demonstrate, in few words, that the message I
> was replying to was introducing an inaccuracy.  I did not clarify what
> that was, but I will below.
>
> We accept many patches from users where the user does not sign an actual
> document, but their patch and their name applied on the top is
> considered sufficient evidence that they have declared their code to be
> licensed under the GPL.
>
> But I should clarify the claim I was making, since I was not trying to
> say that the legal or mechanistic aspects of this were equivalent.  Let
> me quote what was I was replying to:
>
>>>> It used to be that you could pick a Free Software project and send a patch.
>>>>
>>>> Now sending a patch is supposed to imply agreeing to the equivalent of
>>>> an EULA? Everyone is expected to welcome that as progress?
>
> The statement above makes it sound like the Code of Conduct is
> dramatically new.  My claim here was that in both cases, there is a
> policy the community has adopted.  One is legal and copyleft, the other
> is behavioral and a code of conduct.  In both cases, your participation
> in this community is dependent on your willingness to agree to respect
> the policies and norms that the group upholds.

These two cases are fundamentally different, in my view.

Contrary to what you wrote above, I assert that submitting code to a
project under licensed under the GNU GPL does _not_ require my agreement
to any policy.

All that can be reasonably expected of me, as a contributor to free
software projects, is that I'm being honest about the copyright status
of my contributions.  This is not an instance of agreeing to project
policy, but simply of not committing fraud.  It is obvious, and
therefore unsurprising and unobjectionable.

In contrast, I would be *very* surprised to learn that my contribution
to a project had been construed to imply agreement with that project's
policies, and I've been contributing to various free software projects
for about 25 years now.

I see no compelling need for Guix contributors to agree with our CoC.
It is enough for the project maintainers to agree, and for the lead
maintainers to possess the technical means to enforce the CoC through
their control over our communication channels.

> What's interesting to me is that this isn't new at all, it's just
> codified for some specific things.  The Code of Conduct is not a legal
> document, it is a set of policies about community norms.  Many of these
> norms already existed, and the same process (speak to the person, ask
> them to change their behavior, if we can't fix it, yes they may be
> banned) has existed for a long time in free software circles.  What is
> new from the code of conduct perspective is making explicit what some of
> those norms are, and what participants can expect if they are not
> upheld.
>
> I have seen some accusations that this is censorship or an overreach or
> equivalent to an EULA to have these norms enforced.  And yet the free
> software community, and especially GNU projects, have long been
> enforcing of policies.  Copyleft is a mechanism for enforcement of
> policies by law, but even beyond that, I think most of the members of
> this group would find it perfectly acceptable to ban someone who began
> to post patches to the list under a license that was incompatible with
> the GPL and which "poisoned" our ability to use them upon seeing them.

Agreed.

> The former is a legal agreement, the latter is a norms agreement, but
> they are both policy, and by participating in our group in general you
> have an understanding that these policies exist.

Again, I think these cases are fundamentally different.  I do _not_
think it's reasonable to expect that all Guix project participants will
be familiar with the policies outlined in our CoC.

Incidentally, I agree that it would be _desireable_ for project
participants to be familiar with our policies and to agree with them.
However, I don't think it should be required.

>                                                   The code of conduct
> does not provide a legal enforcement mechanism, so the EULA comment in
> that sense does not hold up; this is just a codification of some of the
> norms that we have.  But someone made the EULA comment, and the extent
> that it *did* make sense (that there are policies, in some way), I
> wanted to reply to it.

I agree that the lack of a legal enforcement mechanism in our CoC is a
very significant difference with EULAs.  Whereas EULAs are backed by the
full force of the law with all that entails, the most that will happen
if you violate our CoC is that we might deny you write access to our
project infrastructure.

That said, I also see at least two similarities between EULAs and your
suggestion that participation implies agreement with our policies: (1)
in both cases, there is the presumption that someone has agreed to terms
without making explicit statement to that effect, and (2) in both cases,
agreement to the terms is a prerequisite for participation.

> The free software community has always had policies, has always asked
> people to respect language, has always had the expectation that if you
> participate in our community, you are expected to abide by certain
> norms.  Having those norms even be explicit is not new; there are norms
> posted all over the GNU website, and participants are frequently asked
> to abide by them.  Internet forums of all kinds have expressed rules and
> policies.  That is not new.

I agree, it's not new.

However, if we were to start requiring people to agree with our policy
as a prequisite to their participation, or worse, to presume that they
have implicitly agreed, that _would_ be new.  Let's not do that please.

> Let's be clear about what the difference is then about adding a code of
> conduct: we are extending and making explicit the norm-policies of
> requirement to participate in our community to extend to various forms
> of respect for others.  For a long time, many such norms were even
> implicit rather than explicit.  We are choosing to make explicit some
> norms that encourage good behavior and respectful treatment amongst
> participants in the group.  We are also explicitly requiring respecting
> the well being of participants who have long had difficulty
> participating due to reasons that are largely culturally systemic.
>
> It is this last sentence that most people objecting to a code of conduct
> seem suspicious of, but I feel like much of the conversation around code
> of conducts beats around the bush that many of the skeptics simply don't
> believe that last sentence is true.  Well, it turns out the code of
> conduct is a useful document whether you believe that last sentence is
> true, but I believe it sticks in the craw of people who believe that our
> society does not have unequal distributions of justice, and that is the
> source of almost all objections.

I agree with all of this.

It seems to me that our only point of disagreement here is on the
question of whether to require/assume that all participants agree with
our policies.

      Regards,
        Mark