Upcoming Project Policy Changes

The LLVM Project has grown significantly since it began and with that growth we are encountering new territory when it comes to ensuring a healthy, diverse, safe, and thriving community. Recently, we finalized our Code of Conduct and started publishing transparency reports. We also have strengthened some of our infrastructure tools with those that provide better moderation and community engagement in flagging content. All of these steps are to ensure that our community is one that people want to participate in, feel safe doing so, and increase productivity and communication.

The LLVM Foundation has been reviewing our policies regarding participation within the project and have found areas that need to be improved to ensure the safety of our community members. We will be introducing some policy changes to the various parts of the project that are described below.

• We will be creating a “Terms of Service” for all infrastructure parts of the project. This Terms of Service will provide rules regarding participation. One example of a Terms of Service, is our Discourse TOS. While we feel this captures many of the different safety points, we will need to make the following changes:
  • Users must be over the age of 13 unless supervised by a parent or legal guardian.
  • Users may not be a convicted sex offender or listed on any US state or federal sex offender registry (or other country equivalent).
  • Events listed on Discourse must clearly state if they follow the LLVM Project Attendance Policy (see below) or not.
• This general Terms of Service will be used for all parts of the project including: Discourse, Mailman, and Phabricator. Participation rules will also be listed in our Developer Policy and apply to GitHub LLVM Project access, Discord access, contributors and code owners alike. There may be slight modifications to wording or removal of some rules, as each service is a little different.
• All official LLVM Events, this includes LLVM Foundation sponsored or those listed on the website, will adhere to the LLVM attendance policy and provide a Code of Conduct contact point. This attendance policy will include the participation rules mentioned above, in addition to the requirement that attendees adhere to the LLVM Code of Conduct. The LLVM Foundation does not organize all events, but we want to make it clear which ones follow the LLVM Project expectations and rules, so attendees have full transparency in what to expect.
• The LLVM Foundation has certain legal responsibilities in regards to privacy and GDPR and our Terms of Service needs to address these items as well. An additional privacy policy may be needed for LLVM Foundation events.

The LLVM Foundation is currently working with legal counsel to draft these documents to share with the LLVM Community. However, we wanted to bring this to the community’s attention such that all are aware of the upcoming changes and have the opportunity to discuss or ask questions at this stage.

Thanks,

The LLVM Foundation Board of Directors

Hi Tanya, looks like a dangling reference (don’t see the policy)

I meant the policy is listed in the bullet below.

This requirement seems unconventional; I’ve never seen it in any other code of conduct or terms of service for an online forum. Could you go into a little more detail about the motivation behind this?

Ah, okay. Looking forward to seeing draft policies posted.

I second efriedma’s concern. Suppose this bullet point were edited to forbid anyone with a serious or violent felony conviction in the past 5 or 10 years, instead of just anything sex-related in the past forever years?
(However, note that discrimination on the basis of prior convictions has frequently been found to disproportionately affect minority groups. I would prefer to see a Code of Conduct that focuses on conduct, not anyone’s past associations or current membership in any specific disadvantaged group, such as ex-offenders.)

If this is in fact targeting a specific individual contributor, maybe you should just say that directly, and also explain why (like, what have they done this year that justifies a new policy).

Considering how to handle felons in the community is important, IMO. Better to handle it sooner than later.

• Users may not be a convicted sex offender or listed on any US state or federal sex offender registry (or other country equivalent).

I think this is actually pretty reasonable, because AFAIK, people can ask to be removed from a registry after a set period of time, contingent on good behaviour. I’m not a lawyer, so I could be completely wrong here, but that seems to be the case in California at least.

I’ll admit I’m not super informed on the way that sex offender registries work, their failings, or what they do well. Completely open to being more educated on this topic.

But AFAICT, barring based off a registry isn’t a terrible idea.

Wrt whether or not clauses like this exist anywhere else, there are certain nerdy conventions that have clauses like this.

Though we work to ensure that all interested individuals may join us, FurCon reserves the right to deny or revoke memberships for any reason including but not limited to safety concerns and Code of Conduct violations.

AAE and FurCon do not permit membership or attendance by any individual who is a convicted sex offender or who appears on any federal or state sex offender registry. In addition, AAE and FurCon reserve the right, at the board’s discretion, to deny membership or attendance to anyone with a documented history of sexual violence, including inappropriate conduct towards minors.

(FWIW I’d personally not be comfortable say, grabbing after-conference drinks with someone and then finding out that they’re a registered sex offender. Those are just my personal feelings though.)

FWIW @barrelshifter’s comments are exactly the ones I think are most important to consider with that bullet point. We need to provide a place where members can feel safe and welcomed. EITHER position we take is going to exclude folks, and I prefer to be inclusive to those who have done nothing wrong, rather than excluding innocent individuals so we don’t have to say otherwise.

I very much appreciate and approve of this direction.

Thanks for this @barrelshifter; also thank you @tonic. I have the same concerns and I am sure younger members of the community do too.

Personally considering the amount of drinking that goes on in tech communities I think it is very important to protect people, especially younger members, from folks who have a documented history of violence, sexual violence or inappropriate conduct especially in that kind of setting in any and every way that the community possibly can. IMHO no contributor is so important as to compromise on this level of integrity.

So, the plan is to run the names through some databases and deny entry to people that are listed, right? Do we also verify their ID at the event entry to make sure they don’t use a pseudonym during the registration? Do we have to do that for all LLVM events, e.g., workshops, social events, etc?

It’s also worth bearing in mind that countries around the world have very different views on legality of certain sexual acts, so “Users may not be a convicted sex offender or listed on any US state or federal sex offender registry (or other country equivalent)” could well cover things you do not want it to. Many countries outlaw sodomy, for example, but I highly doubt we’d want to be denying access to anyone convicted of such an offence. Blanket statements like this unfortunately do not work and it is very difficult to write down concrete rules.

The item about sex offender registry seems to me to be indeed targeted to the recent event/controversy (what about people convicted of drug trafficking, human trafficking, murder, …?). It great that we’re fast to react and try to adjust, thanks for that. However we may be going a bit too fast here.
While I can understand the problem with having convicted sexual offenders (or rather “people convicted of violent crimes” in general) attending real world events or interacting on Discord, it’s not clear to me why this is relevant to sending a patch to the project (it is mentioned that this policy would apply to Phabricator).
And that is even leaving aside the fundamental underlying problem of the sex registries in general that we would be contributing to here.

At the same time, there are initiatives to teach code to people actually in prison, actually contributing to help reinsertion in society (writing software in particular is one of the few job that does not require contact with the public, or anyone, and so seems very suitable for felons reinsertion), we are saying here that we don’t even allow patches and other code contributions to an open source project, that is really sad to me.

I was largely expressing my feelings on the former that you mentioned. I am not as certain on code contributions; your example of teaching coding to prisoners is a good one that I had not thought of Mehdi.

Also, under 13. I started writing code in C/C++ when I was 9, and having to wait 4 years to work with LLVM would have been really silly for something that is quite frankly nonsensical.

Edited to add: It seems the “unless supervised” is the loophole that allows kids to contribute as long as parents/carers know about, not necessarily be present in every interaction, which is fair enough.

I think this is mostly a sensible policy, with a few smallish concerns.

It’s also worth bearing in mind that countries around the world have very different views on legality of certain sexual acts, so “Users may not be a convicted sex offender or listed on any US state or federal sex offender registry (or other country equivalent)” could well cover things you do not want it to.

I was going to post exactly this. I would hate to exclude people from the project because they live in a society that persecutes them for their sexual orientation. I’ve had conversations at FOSDEM with developers on other projects who fled their country of birth because homosexuality was illegal and punished by death. A strict reading of this rule would prevent such individuals from participating in the LLVM community. This exclusion would then be illegal under US law (discriminating against people on the basis that they are a member of a protected class).

Note also that in some countries (including parts of Europe), convicted felons who have served their sentences are a similarly protected class and so excluding such people from EuroLLVM may well be illegal under local law, depending on where it is held.

Finally, it’s worth noting that even in countries that don’t have sodomy laws such as the US, you can be put on the sex offenders’ register for indecent exposure and this has been used in the past to include public urination. It seems very odd that we’d ban someone for peeing in public but not for (non-sexual) violent assault or murder.

Please can this clause be thoroughly reviewed by someone specialising in international rights law before it is included? I would hate for us to have a policy that is incompatible with local law for EuroLLVM.

Also, under 13. I started writing code in C/C++ when I was 9, and having to wait 4 years to work with LLVM would have been really silly for something that is quite frankly nonsensical.

In a lot of jurisdictions, minors cannot agree to legally binding contracts (legal guardians often can on their behalf). If a 12-year-old clicks through an agreement that states that they are 14 then they have not made a legally binding attestation. Unless this agreement is backed by the Foundation following the kind of know-your-customer laws that are common in the legal and financial professions then this is more or less advisory: it is not legally binding for anyone who has not yet reached the age of majority.

I think the way that this is worded is fine as a rule of thumb. If you’re a child and someone else is legally responsible for you, then it’s fine that they should at least be aware that you’re participating in a mostly adult community. It’s up to them to determine the level of supervision that you need.

Thank you for posting this!

I think some of the concerns about the overreach of the sexual offender bullet are valid on a technical front and should be addressed (such as unintentionally impacting people from countries with less progressive views), but personally, I like the intention behind the bullet of excluding people convicted of violent sexual offenses. We can either be welcoming of women or we can be welcoming of people who prey on (predominately) women, but we can’t be welcoming of both simultaneously.

I value the LLVM community’s efforts at diversity and inclusivity and that we take concrete steps to improve the imbalances we have in our industry. I see this as being one such step. I have a hard time imagining this particular bullet point (once adjusted based on feedback from the thread regarding unintentional situations) impacts a wide audience of current and potential community members. I believe it’s safe to assume that a community failure to adopt such protections would impact a far wider audience of women in compilers.

So I’m in support of something along the lines of what’s proposed if we can find a way to address the problematic aspects of the wording.

I would not compare a techy gathering such as LLVM Dev Meeting to something like a FurCon, which is devoted to, shall we say, certain lifestyle choices, social interaction and adult fun, where a prohibition on sex offenders would make far more sense.

(edit)
That said…

Hear hear.

As mentioned by others, the inconsistency of these registries across jurisdictions in terms of what acts may land one on them, the duration for which one is required to remain listed, and the possibility (or lack thereof) for appeal and removal, makes this a questionable policy choice for me. At a minimum, I think the policy should impose its own standards so that it is at least applied equally. E.g., no conviction in the past X years and the existence of other LLVM participants in good standing willing to vouch for the person in question.

I think there is room to distinguish between in-person, remote, and non-interactive activities. I’m much more ok with excluding someone from the first two based on prior convictions than I am the last; each of these has a significantly reduced risk profile compared to the one before it.

Others have mentioned enforcement. Unless the LLVM Foundation is planning to commit resources to investigate all existing community members and each prospective future member, we have to acknowledge that this policy will be enforced unevenly. This concern applies to the age restrictions as well. I suspect the LLVM Foundation currently lacks age and government names and aliases for a number of active contributors. Requiring those may even dissuade some current contributors from continuing to contribute.

The under-13 clause is probably necessary in order to comply with COPPA in the US. See Complying with COPPA: Frequently Asked Questions | Federal Trade Commission . I assume we don’t actually plan to ask anyone’s age.

Looking at that site really makes it sounds like we don’t have to do anything. We’re not targeting children under 13, and don’t have “actual knowledge” that we’re dealing with children under 13. (I don’t, anyway…) But IANAL and so my opinion means nothing.

I recall registering for a dev meeting, where part of the social activities included alcohol, and the registration originally asked for birthdate (which was an unnecessary collection of PII, IMO). That got fixed so people just had to tick an “I am of legal drinking age” box. Not asking for anyone’s age is a good thing.