I have just updated the instructions I wrote to point to Libera and use their web client. I’ll leave it there for now!
@rhys-davies, this process looks pretty solid, I guess I am the person to talk with, I am very busy these days so it may be Monday before I can talk with you, I am thinking chat on irc or telegram is best for this but let me know what best fits your needs, we can communicate here for transparency but sounds like real time chat may be in order, however I will still want to run the ideas we discuss by all board members. Thank you for writing all this up and to @mark.johnson for starting this discussion and continuing to contribute, and everyone else that has posted here.
@madhens a special thanks to you for taking on this large task of making the whole Ubuntu community better for all involved.
Great, I’ll reach out today or later in the week with some ideas on telegram then for a more real-time conversation and I can report back here when you talk to the other board members
-1 on the second part of the proposal, because crypto sigs (whether done by YubiOATH verification of a key that is registered to an account, S/MIME certificates, identity certificates, PGP keys, etc.) generally would be stronger ways of validating that an individual actually wants to adhere to the terms - a simple ‘check box’ is akin to what people do in general when signing up for a service or a website and makes it so they don’t actually have to read/acknowledge the terms before doing anything. While technically the crypto requirement doesn’t prevent this, it makes it much more of a “Listen, I actually agree to abide by the Code of Conduct” situation because you can’t ‘accidentally’ digitally sign a document you don’t intend to follow or didn’t care enough to read, techincally.
Digital signatures are essentially equivalent to signing a piece of paper and would be more legally binding than simply ‘accepting a checkbox’. When you delve deeper, membership is implied with things like upload rights to the repositories, etc. where PGP keys are absolutely required, which means that part of that process (governed by the Developer Membership Boards) will have already been taken care of if someone’s going to go down that route.
I don’t think we should remove the crypto requirement, per above reasons.
I’m not against using Discourse for documenting contribs, but we need to consider first if we’re going to nix the wiki, because the Wiki side for applications is required for DMB applications, etc.
I’m not against finding a good idea for a better real-time communications platform, though it’s fairly trivial to bridge between various platforms if we need to have a -membership-board-meetings room or such (and on Libera, ubuntuTGbot is the ‘bot’ which i run for several things right now - Flavors Team and Translators Team and QA Team - for bridging the various chat mechanisms in a specific way (Flavors wanted a single-direction bridge from IRC to Telegram), so it’s not that hard to make such bridges work, nor is it hard to make the name be ‘ubuntubridgebot’ or something if we needed a cross-communications-platform bridge for ‘official’ channels for membership teams, etc.)
What if an applicant were directly asked (in realtime or otherwise) about their intentions wrt. the CoC as part of a membership application? Do you think that could prevent “accidentally” agreeing, or not having cared enough to read it, etc? Different people on a membership board might have different views on how likely it is that an applicant reads, understands and agrees to abide by it; couldn’t that be accommodated by letting different board members ask for more or less detail on this point accordingly?
Separately, what would actually go wrong here? I imagine a case where a member who supposedly agreed to the CoC is hauled up on a violation of it, and then responds with “oh, I hadn’t actually read it” or “I didn’t mean to agree to it”. At that point, either they agree to correct that mistake, or if they insist on not following the CoC, they have their membership revoked. I don’t see much extra harm caused either way. The only case I see extra harm is if a well-intentioned member genuinely didn’t read the CoC and accidentally violated it; but that could be addressed by my previous paragraph.
If we have it as a direct question during membership meetings, then yes that would be an affirmation. They would still need to ‘sign’ the CoC somehow, but they will then have to have that reiterated during the application meeting - an explicit question regarding the CoC that must be asked and answered during the application process. That helps assuage that concern.
There’s a case related to this as to why I am so hung up on “you must agree to the CoC and verbally or digitally affirm this” I can’t disclose here at the moment. Suffice it to say, though, having some type of affirmation from the user that is explicitly a “Yes, I will obey the CoC” among other things will help to affirm that they will agree to the behavior the CoC dictates, rather than regularly skating against the CoC in a way that they get punted or chastised by the CC for violations.
I completely agree that we need to affirm that the user understands and agrees to the CoC.
I take your point that a digital signature may make the person think more about what they are agreeing to, and that’s probably true for people who understand and regularly use PGP. However, for an applicant for who this is their first use of PGP and they’re just following the step-by-step guide to get it done, I am less convinced this is the case. Including an affirmation as part of the interview on top of the technical agreement process would definitely be a wise addition to the new process.
This goes back to an email thread I shared with Monica at Canonical - part of the reason people don’t want to go the PGP route with crypto that we require is laziness or “It’s too new to me”. Unfortunately, that doesn’t negate the fact they still need to have some type of signature of agreement (crypto or otherwise), as well as the membership board meeting question and affirmation.
I both agree and disagree with you on the crypto key stuff @teward. I think you’re right that a check box is less meaningful but I think we’re currently putting the meaning in the wrong place. The most important part of the application is your contributions and the interview, where the applicant communicates and interacts with the board. The digital signing procedure isn’t best liked by the people who have no problem with it and is an outright obstacle for the people who don’t know how to do it. Like myself in fact.
I would love to see membership mean more to people that just upload rights, contributions can come in infinite forms, not necessarily code. At the moment the process is blocking and turning those people away, we should be catering to the non-technical.
I’m of the same mind as @rbasak, What do you think about removing the crypto requirement and make acknowledgment of the CoC part of the interview or contributions process, and replace the crypto with a check box? Which is just as legally binding if that was part of your concern?
I can tell you though with great certainty, for the people who care enough about Ubuntu to become a member, who have contributed enough to be considered, it’s not laziness or it being new, its difficult and offputting. It signals that things will be hard, maybe outdated, and mainly for technical people. None of which I think we should be signaling. So what if we can get the acknowledgement of reading with a check box and then an agreement to follow the CoC as part of the meeting?
We’re not going to nix the wiki, this would be an intermediary change in the process until the wiki gets sorted. Which unfortunately could be some time.
Excellent to know about the bridging thank you
Apologies for letting this thread stagnate I wanted to wait until I checked in with @Wild_Man which I have now and I think if we can come to agreement on the crypto piece we can work to implement the new process
I think @madhens left you out of the list of individuals on an email thread where this is exactly what I said - that if we have a checkmark we MUST in turn follow up at any membership meetings with a question that explicitly asks an applicant that they accept the CoC and will abide by it. And that the CC might need to vote on this to amend the Membership process, even with a proposal. I’d like to see a formal proposal written up and emailed to the CC for us to vote on, because this is a fundamental change that goes a bit beyond the realm of one specific team (there’s multiple membership teams, and this affects them all).
Last week was a bit rough on my end (a rather exhausting move) so I didn’t get to sync up with Rhys as much as we usually do, but we chatted about this during our meeting this morning and we’ll have a proposal for you all to vote on (not for a specific technology to replace the key, but for something that would address the issue to everyone’s satisfaction (CC, Membership Board, Launchpad, etc.)). Sorry for anyone like you who saw this twice!
The Community Council received a proposal from Monica and the Canonical Community Team on this.
Attached is the original proposal, and the final vote by the CC (and changes to it).
Original Proposal sent to CC by Monica - sent July 7th, 2021 to the Council:
Spurred by a proposal made to the Ubuntu Community Discourse, the Community
Team began its own exploration of alternatives to signing the CoC. We
encouraged further discussion on the issue within the community, and spoke
with internal Canonical employees, especially those involved with
Launchpad, to see if the GPG key was a barrier.
After these discussions, we are presenting the following proposal to
provide an alternative signing method that will reduce what we feel are
barriers to membership for valuable contributors whose skills lie in
non-development areas. However, this is a proposal that does not have a
specific solution in mind, as that is best decided by all stakeholders. It
is merely permission to continue this conversation and move towards a
solution - one that ideally combines the proverbial ‘weight’ of signing a
code of conduct with increased accessibility.
(We are also in agreement that a Code of Conduct related question should be
added to the membership interview, in light of recent events, but this is a
separate albeit related conversation to have with the membership board.)
Thank you for continued patience and time, and we look forward to hearing
how to proceed.
Monica Ayhens-Madon (she/her)
Ubuntu Community Representative
Final Community Council Vote and Resolution regarding this proposal - sent July 11, 2021:
Monica, et al:
Over the course of the week, the Community Council has reviewed the
proposal and discussed internally.
In a +5 vote with no abstentions and no negative votes (two individuals
did not vote), the Community Council has approved the proposal as follows:
- The Launchpad mechanism for accepting the Code of Conduct may be
simplified to being as simple as a ‘check mark’ for signing the CoC
on Launchpad. In conjunction with this simplification of the
signature on Launchpad, though, we will require that…
- Applicants for Membership must be asked by the relevant Membership
Board, and must return an affirmation, to the following questions:
- Has the Applicant read the entirety of the Ubuntu Code of Conduct?
- Does the Applicant understand the Code of Conduct they have read?
- Does the Applicant agree to abide by the Code of Conduct for as
long as they are a member?
The second requirement is in lieu of the GPG Signature on the Code of
Conduct, as we will receive a binding confirmation that the CoC has been
acknowledged and agreed to be abided by during an applicant’s meeting.
If an applicant is not asked these questions, then the membership boards
may not grant membership without those questions being answered.
Non-technical applicants not applying for Developer privileges through
the Developer Membership Board are not required to have GPG on their
account. Developer applicants via the DMB must have GPG signatures on
Launchpad in order for them to execute their upload privileges, as a
requirement of dpkg and apt is gpg-signed uploads.
A separate notice will be distributed to the Membership Boards of these
changes as defined by the Community Council.
on behalf of the Ubuntu Community Council
This is me just keeping you all in the loop. The Community Council has no problem with a reduction in the complexity of the signature (even as simple as a checkbox a user can set), but as a result have added Membership meeting requirements of certain questions which must be asked of, and answered by, the Membership Applicant, technical or otherwise.
However this is implemented in Launchpad or however the Community Team at Canonical thinks is best, the Community Council is fine with the reduction in simplicity, provided that the membership applicants are asked the aforementioned questions in the CC response as stated (or similar).
That part is also added as part of… recent events… but are now a mandatory part due to a simplification of CoC signing/agreement on Launchpad.
Hear Hear -
I fully agree and accept the terms. I will so work to insure the amendment to procedure in all future application submissions to the ubuntu membership board,
Thanks to everyone that is making the process easier and better for future applicants.
Hello @rhys-davies , I have looked over the document for the New Member Page but I need to review it more, I will do my best to set aside an hour tomorrow night to read it through more thoroughly to see if I can add any pertinent information to what you already have written up.
Thank you for the excellent work you have done on the the new Members page.
No problem at all, thank you for reviewing it @Wild_Man
I’ve tried to become an Ubuntu member earlier this year, but got stuck on trying to create a personal wiki page. I figured membership was a relic from the past and not really important, so I didn’t look into it further.
When the new process is published, feel free to let me know and I’ll try to re-apply and see how far I get now
Wooo, yes absolutely will do
@rhys-davies, Hello, I have made some suggestions on the gdoc, they are not meant to be taken word for word, meant mainly to add a different perpective, I hope my suggestings help and my apologies for the delay, unfortunately I could not give the review process my upmost attention any sooner.