Upcoming Project Policy Changes

So, the plan is to run the names through some databases and deny entry to people that are listed, right? Do we also verify their ID at the event entry to make sure they don’t use a pseudonym during the registration? Do we have to do that for all LLVM events, e.g., workshops, social events, etc?

It’s also worth bearing in mind that countries around the world have very different views on legality of certain sexual acts, so “Users may not be a convicted sex offender or listed on any US state or federal sex offender registry (or other country equivalent)” could well cover things you do not want it to. Many countries outlaw sodomy, for example, but I highly doubt we’d want to be denying access to anyone convicted of such an offence. Blanket statements like this unfortunately do not work and it is very difficult to write down concrete rules.

The item about sex offender registry seems to me to be indeed targeted to the recent event/controversy (what about people convicted of drug trafficking, human trafficking, murder, …?). It great that we’re fast to react and try to adjust, thanks for that. However we may be going a bit too fast here.
While I can understand the problem with having convicted sexual offenders (or rather “people convicted of violent crimes” in general) attending real world events or interacting on Discord, it’s not clear to me why this is relevant to sending a patch to the project (it is mentioned that this policy would apply to Phabricator).
And that is even leaving aside the fundamental underlying problem of the sex registries in general that we would be contributing to here.

At the same time, there are initiatives to teach code to people actually in prison, actually contributing to help reinsertion in society (writing software in particular is one of the few job that does not require contact with the public, or anyone, and so seems very suitable for felons reinsertion), we are saying here that we don’t even allow patches and other code contributions to an open source project, that is really sad to me.

I was largely expressing my feelings on the former that you mentioned. I am not as certain on code contributions; your example of teaching coding to prisoners is a good one that I had not thought of Mehdi.

Also, under 13. I started writing code in C/C++ when I was 9, and having to wait 4 years to work with LLVM would have been really silly for something that is quite frankly nonsensical.

Edited to add: It seems the “unless supervised” is the loophole that allows kids to contribute as long as parents/carers know about, not necessarily be present in every interaction, which is fair enough.

I think this is mostly a sensible policy, with a few smallish concerns.

It’s also worth bearing in mind that countries around the world have very different views on legality of certain sexual acts, so “Users may not be a convicted sex offender or listed on any US state or federal sex offender registry (or other country equivalent)” could well cover things you do not want it to.

I was going to post exactly this. I would hate to exclude people from the project because they live in a society that persecutes them for their sexual orientation. I’ve had conversations at FOSDEM with developers on other projects who fled their country of birth because homosexuality was illegal and punished by death. A strict reading of this rule would prevent such individuals from participating in the LLVM community. This exclusion would then be illegal under US law (discriminating against people on the basis that they are a member of a protected class).

Note also that in some countries (including parts of Europe), convicted felons who have served their sentences are a similarly protected class and so excluding such people from EuroLLVM may well be illegal under local law, depending on where it is held.

Finally, it’s worth noting that even in countries that don’t have sodomy laws such as the US, you can be put on the sex offenders’ register for indecent exposure and this has been used in the past to include public urination. It seems very odd that we’d ban someone for peeing in public but not for (non-sexual) violent assault or murder.

Please can this clause be thoroughly reviewed by someone specialising in international rights law before it is included? I would hate for us to have a policy that is incompatible with local law for EuroLLVM.

Also, under 13. I started writing code in C/C++ when I was 9, and having to wait 4 years to work with LLVM would have been really silly for something that is quite frankly nonsensical.

In a lot of jurisdictions, minors cannot agree to legally binding contracts (legal guardians often can on their behalf). If a 12-year-old clicks through an agreement that states that they are 14 then they have not made a legally binding attestation. Unless this agreement is backed by the Foundation following the kind of know-your-customer laws that are common in the legal and financial professions then this is more or less advisory: it is not legally binding for anyone who has not yet reached the age of majority.

I think the way that this is worded is fine as a rule of thumb. If you’re a child and someone else is legally responsible for you, then it’s fine that they should at least be aware that you’re participating in a mostly adult community. It’s up to them to determine the level of supervision that you need.

Thank you for posting this!

I think some of the concerns about the overreach of the sexual offender bullet are valid on a technical front and should be addressed (such as unintentionally impacting people from countries with less progressive views), but personally, I like the intention behind the bullet of excluding people convicted of violent sexual offenses. We can either be welcoming of women or we can be welcoming of people who prey on (predominately) women, but we can’t be welcoming of both simultaneously.

I value the LLVM community’s efforts at diversity and inclusivity and that we take concrete steps to improve the imbalances we have in our industry. I see this as being one such step. I have a hard time imagining this particular bullet point (once adjusted based on feedback from the thread regarding unintentional situations) impacts a wide audience of current and potential community members. I believe it’s safe to assume that a community failure to adopt such protections would impact a far wider audience of women in compilers.

So I’m in support of something along the lines of what’s proposed if we can find a way to address the problematic aspects of the wording.

I would not compare a techy gathering such as LLVM Dev Meeting to something like a FurCon, which is devoted to, shall we say, certain lifestyle choices, social interaction and adult fun, where a prohibition on sex offenders would make far more sense.

(edit)
That said…

Hear hear.

As mentioned by others, the inconsistency of these registries across jurisdictions in terms of what acts may land one on them, the duration for which one is required to remain listed, and the possibility (or lack thereof) for appeal and removal, makes this a questionable policy choice for me. At a minimum, I think the policy should impose its own standards so that it is at least applied equally. E.g., no conviction in the past X years and the existence of other LLVM participants in good standing willing to vouch for the person in question.

I think there is room to distinguish between in-person, remote, and non-interactive activities. I’m much more ok with excluding someone from the first two based on prior convictions than I am the last; each of these has a significantly reduced risk profile compared to the one before it.

Others have mentioned enforcement. Unless the LLVM Foundation is planning to commit resources to investigate all existing community members and each prospective future member, we have to acknowledge that this policy will be enforced unevenly. This concern applies to the age restrictions as well. I suspect the LLVM Foundation currently lacks age and government names and aliases for a number of active contributors. Requiring those may even dissuade some current contributors from continuing to contribute.

The under-13 clause is probably necessary in order to comply with COPPA in the US. See Complying with COPPA: Frequently Asked Questions | Federal Trade Commission . I assume we don’t actually plan to ask anyone’s age.

Looking at that site really makes it sounds like we don’t have to do anything. We’re not targeting children under 13, and don’t have “actual knowledge” that we’re dealing with children under 13. (I don’t, anyway…) But IANAL and so my opinion means nothing.

I recall registering for a dev meeting, where part of the social activities included alcohol, and the registration originally asked for birthdate (which was an unnecessary collection of PII, IMO). That got fixed so people just had to tick an “I am of legal drinking age” box. Not asking for anyone’s age is a good thing.

I think that’s slightly orthogonal, not least because 13 isn’t drinking age anywhere I know of.

The “parental consent” and other wording allow us not to have to ask people’s ages before a Github merge, but in a conference, for the strict purpose of serving alcohol, in most places I know, serving staff must make sure they’re not serving to anyone that even looks underage (for whatever age in whatever place). The US is very strict on that, the UK less so, but both much stricter than places like Brazil.

There may be things where the age is different and it would be complex to have the foundation or the local team check for every possible combination of age/activity/locality. Perhaps there could be a clause that the organisers (Foundation, local team) are indemnified from the staff not making sure of the requirements?

Sure, we can warn people not to do (locally) illegal things, but it shouldn’t be the job of the local team to stop them (it could even be dangerous to do so).

I’m consolidating our reply to all the questions asked above here as many of the same questions were asked a few times.

What is the motivation behind the participation rules?

There are three main things driving the participation rule changes:

1. The LLVM Project has never had any official written policy related to the participation of minors. Given that the LLVM Foundation offers educational programs and events, and we know that many younger individuals are programming at earlier ages, we want to allow minors to participate in all aspects of our community in a safe way. Setting expectations about the participation of minors in our community is an important part of that. We already have this requirement indirectly through using a GitHub account to access many parts of our project and also in the Discord terms of service.
2. Given that we have minors participating in our community, we want to provide a safe community and protect minors as much as possible by restricting who can access our community.
3. We want our community to be a safe place for all individuals in terms of psychological, emotional, and physical safety.

Has this been done in other code of conducts or terms of service before? Other communities?

We have not seen participation rules in a code of conduct but see them associated with the service terms or event rules.

There are many examples of organizations and online services that state they are for ages 13+, and some allow younger participants with parental or legal guardian supervision. For example: GitHub and Discord.

Regarding the sex offender policy, Facebook currently has this restriction in their terms of service.

I started to code at age 9, can people under the age of 13 participate?

We are hoping to allow participants under the age 13 to participate with parental or legal guardian supervision. This is pending legal review as there are specific legal requirements related to minors and privacy.

Do you plan to do background checks on all individuals of the project?

No.

Do you plan to check IDs on all individuals of the project?

No, we do not plan to check identification for online participation.

What about checking ID at all events?

We have not in the past, but we may begin checking identification for LLVM Foundation in person events, as this is common for conferences to check identification for legal and liability reasons (especially when serving alcohol).

Some additional questions that were brought up that we find are all related:

• Why limit this to just sex registry versus all felonies?
• How do you handle different countries (and states) and their laws regarding the sexual registry list and what is legal?
• What about the underlying problem with sex registry lists?
• What about prisoners currently serving time who are intending to reform through coding?
• What about individuals that got put on a sex registry list for something that most would not find aggregious (ie. public urination)?

We want to implement a policy that achieves the 3 main goals as outlined above. We have consulted legal counsel and are aware of the differences and imperfections of using the sex registry list when participants are from different states and countries.

Taking into consideration the feedback and concerns you have iterated, we will continue discussion with legal counsel on the best wording of this policy and if it should be expanded to include additional types of crimes (i.e. hate crimes). However, the resulting policy should still achieve the 3 goals outlined above. We will provide updates when we have them.

While this new policy could hypothetically exclude some new individuals from participating in the LLVM project, our current lack of participation policies are already impacting individuals who are currently involved in the project.

Will contributors who just send a patch be under the same participation rules?

Submitting a patch or code contribution is not done in isolation and involves back and forth dialogue between individuals during the review process. For some members of our community, this impacts their feelings of safety within our community.

We also have roles of leadership in our community such as code owners or “experienced reviewers’’ that would not be appropriate to have individuals who have committed sexual or gender based violent crimes. This starts to create a psychologically unsafe environment and an unwanted power dynamic for some members of our community and discourages their contributions to the project.

We feel that it would be good to revisit the topic of code contributions once we have a more finalized wording for the participation rules.

Thanks for the update Tanya! I think it was well summarised.

How about simply not serving alcohol? People are free to do whatever they like in the evenings, of course, but I’d say that serving mind-altering drugs at a technical event (where people are supposed to use their brains) is fundamentally a bad idea.

The last part of the sentence seems very ambiguous and restrictive. If you want to ban someone specific from US, you should not impose such a rule for the whole world. For example, in many Muslim countries and communities, any relationship between partners that are not married by Islamic law is convicted as sex offense.

You’re not technically wrong. What’s needed here is wording that creates a safe space.

I realize this sort of thing takes plenty of time to do right, but do you have any updates on where we are in the process? Thanks!

I will be installing the Code of Conduct changes this week.

We are still working through the other aspects of policy changes and I’ll try to have a more concrete update in the next couple weeks.

Thanks for the update!