IETF Logo Mail Archive

Re: Harassment, abuse, accountability. and IETF mailing lists

John C Klensin <john-ietf@jck.com> Fri, 03 June 2022 03:26 UTC

Return-Path: <john-ietf@jck.com>
X-Original-To: ietf@ietfa.amsl.com
Delivered-To: ietf@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 84F42C159486; Thu, 2 Jun 2022 20:26:48 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -6.907
X-Spam-Level:
X-Spam-Status: No, score=-6.907 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_HI=-5, SPF_HELO_NONE=0.001, SPF_NONE=0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id EhsfJIwa_Ab2; Thu, 2 Jun 2022 20:26:44 -0700 (PDT)
Received: from bsa2.jck.com (ns.jck.com [70.88.254.51]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 814A3C159481; Thu, 2 Jun 2022 20:26:44 -0700 (PDT)
Received: from [198.252.137.10] (helo=PSB) by bsa2.jck.com with esmtp (Exim 4.82 (FreeBSD)) (envelope-from <john-ietf@jck.com>) id 1nwxxO-000Mzw-Cd; Thu, 02 Jun 2022 23:26:38 -0400
Date: Thu, 02 Jun 2022 23:26:32 -0400
From: John C Klensin <john-ietf@jck.com>
To: Brian E Carpenter <brian.e.carpenter@gmail.com>, Pete Resnick <resnick@episteme.net>, tom petch <daedulus@btconnect.com>
cc: IETF discussion list <ietf@ietf.org>, art-ads@ietf.org
Subject: Re: Harassment, abuse, accountability. and IETF mailing lists
Message-ID: <10863445C94B1C12A5973429@PSB>
In-Reply-To: <e1d5ba16-8c12-cd30-ea4c-762b9225cee4@gmail.com>
References: <16C5EC99A155D55344E1F195@PSB> <5a53fa11-8138-2261-0e30-ae603b064cc8@network-heretics.com> <452764b0-a758-874a-2ce5-122f9d0de763@gmail.com> <4520B31984B329BF6936113D@PSB> <6298831D.8030605@btconnect.com> <941D4EB9-8EDF-4612-AD55-251C381C09FB@episteme.net> <e1d5ba16-8c12-cd30-ea4c-762b9225cee4@gmail.com>
X-Mailer: Mulberry/4.0.8 (Win32)
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Content-Disposition: inline
X-SA-Exim-Connect-IP: 198.252.137.10
X-SA-Exim-Mail-From: john-ietf@jck.com
X-SA-Exim-Scanned: No (on bsa2.jck.com); SAEximRunCond expanded to false
Archived-At: <https://mailarchive.ietf.org/arch/msg/ietf/q81Ubd8JWYXAW-LSwqNGa4mNr44>
X-BeenThere: ietf@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: IETF-Discussion <ietf.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ietf>, <mailto:ietf-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ietf/>
List-Post: <mailto:ietf@ietf.org>
List-Help: <mailto:ietf-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ietf>, <mailto:ietf-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 03 Jun 2022 03:26:48 -0000

Hi.   Before I try to respond to Brian's specific comments
(below), there seems to be confusion about what problem I think
needs solving.  While my initial posting in this thread was
motivated by a particular problem that came to my attention,
after the discussion and further looking around, it appears that
there are three separate (although related) ones:

(1) If someone is feeling abused or harassed in conjunction with
an IETF mailing list, they should have readily-available
information about who to discuss that with.  That person, or
choice of people, should have clear responsibility for
responding to such queries and should be identified by name and
contact information.   Non-transparent role addresses with
neither hints about who might receive them nor a clear
indication that they should be used for such purposes are not
good enough.  For the (hopefully rare) cases in which action is
required, those contact people should have either the authority
needed to enforce our behavior rules or quick access to someone
with the authority and should be accountable to someone if they
do not respond in a timely and useful way.

(2) The above is particularly important for newcomers and is
important whether perceived abuse is involved or not.  Telling
(and showing) people that there are clear, easily discovered,
and easily accessed support mechanisms --even if only to provide
information when they get confused-- helps to turn interested
parties into participants.  That applies to decisions as to
whether to join a mailing list in the first place, not just to
what goes on after one signs up (and, for better or worse, the
number of separate lists we have been creating discourages
signing up out of curiosity about what might be going on in a
particular one).   By contrast, creating the impression that
being able to function in the IETF requires obscure knowledge,
or passing a hazing or induction ritual, is probably going to
discourage anyone who lacks instructions to participate from an
employer and/or is extremely determined and stubborn.

(3) It is important that the IETF (and all of the associated
organizations and groups) maintain the trust of the larger
community -- implementers, people making product and procurement
decisions, users, even politicians and regulators concerned
about how various industry arrangements affect competitiveness
-- that its processes and outputs are fair and represent
consensus among all parties who might be relevant.  Put
differently, that we are really trying to make the Internet
better rather than promoting particular sets of companies and
their products.  Our strongest tools in that regard include
openness and transparency and being welcoming to new
participants (in practice, not just in what we say).   Making
things obscure -- even if accidentally and in the name of
efficiency -- tends in the other direction and, sooner or later,
may hurt us and hurt us badly.

I think the current state and content of many of our pages and
databases are not serving us well in any of those regards.

Now...

--On Friday, June 3, 2022 11:25 +1200 Brian E Carpenter
<brian.e.carpenter@gmail.com> wrote:

> On 03-Jun-22 10:01, Pete Resnick wrote:
>> On 2 Jun 2022, at 4:30, tom petch wrote:
>> 
>>> How about
>>> 
>>> <list-name>-owner
>>> 
>>> making it clear in future to those who take on that
>>> responsibility that that is part of their responsibility?
>> 
>> Yes, but the email address and/or name of the human(s) on the
>> other end of <list-name>-owner needs to be easily and
>> publicly available.
> 
> Which is *not* a feature of mailman; I suspect that hiding the
> admin's identity is probably intentional. However, I think
> that our table of non-WG lists should identify the admins and
> responsible AD (either by name or as <area>-ads@ietf.org).

But, Brian, no one (as far as I know, has suggested anything
that requires a modification to mailman.  We maintain pages for
each and every IETF mailing list (at least other than
IETF-announce and the main discussion list), accessed via 
   https://datatracker.ietf.org/wg/ For the WG lists, and
   https://datatracker.ietf.org/list/nonwg For the non-WG ones.

and people generally see those pages at least at subscription
time.

Before I go on, 

>  Another twist is that if the list in question is subsidiary
> to a WG, such as a design team list, then it seems logical
> that the WG chairs should be on the hook too.

In case it isn't clear from the above, I don't really care who
is on the hook or how those decisions are made... only that
there be someone "on the hook" for any mailing list we have and
that they be clearly identified by name and with contact
information.

Now, let's look at those very important pages from which, among
other things, one ought to be able to find out who is on said
hook and, btw, what the list is about.

* For a typical WG one, the Chairs and AD are listed, but
without contact information (just a pointer/link to a
datatracker profile page that does not have that information).
I believe that is a change although I don't have any idea how
long ago it was made.   If the observer knows enough to click on
the "email expansions" tab, the addresses are there, but
consider how likely it is that a newcomer who has been abused or
attacked will be able to find them.  Maybe requiring the
newcomer to have the knowledge or luck to find that tab is ok,
but putting email addresses (or a little mailbox icon) next to
the names on the "about" page would be much more obvious and
easier.


* For a typical non-WG page, the situation is far worse.  I
think it is typical (but am not sure), but look at what ought to
be an uncontroversial example:
    https://www.ietf.org/mailman/listinfo/114all
No information there about the responsible AD (or other party),
much less an address.  The only contact information, without any
information about what it is to be used for, is a line at the
bottom of the page underneath the horizontal line that reads:
   114all list run by 114all-owner at ietf.org
No hints as to who or what is at the other end of that link,
whether the mailbox at 114all-owner@ietf.org is archived and
publicly readable, and, for someone interested in reporting
abuse (or even asking if some behavior is appropriate), no
information as to whether the abuser is a recipient of that
address.

Even our announcements of new non-WG lists are part of the
problem.  As a handy example, an announcement appeared today
titled "New Non-WG Mailing List: cfbl".  It tells the reader
where the archives are and how to subscribe.  It tells us that
it is "intended for discussions relating to the Complaint
Feedback Loop Address Header", but one needs to be rather
thoroughly immersed in that corner of the ART area (the
announcement does say it belongs to that area) to have a clue
about what that is about.  Either you or I could probably could
figure out where to look but a newcomer, especially one who did
not know enough to treat "This list belongs IETF area" (sic) as
a clue, I think it would be pretty hopeless.  It does tell
anyone who wants additional information to "please contact the
list administrators". That, unfortunately, just makes things
worse: No information in the announcement as to who those people
might be or how to contact/ reach them, etc.   Someone very
experienced with the IETF might notice that someone named
"jpb@cleverreach.com" is copied on the announcement and is not
the list address itself, but that is not a person's name, it is
just a hint, it is easily missed, and expecting a newcomer to
make that inference is, well, unrealistic.  One might reasonably
try to go to the list's "info" page (disguised in the
announcement as "To subscribe:") for information about how to
contact the list administrators, but that page is very similar
to the 14all list.   In particular, the terms "list
administrator" or even "administrator" do not even appear on it.

Once upon a time, we required anyone requesting that the IETF
create or host a list provide a paragraph of description of what
that list was about, who was expected to participate, and why.
Apparently that is no longer the case.  If we care about
openness and transparency, probably not a step in the right
direction.


* Interestingly, it has gotten hard to find information about
IETF-Announce and ietf@ietf.org, why one might want to subscribe
to either or both, and how to do that.   They are listed on the
"non-WG lists" page, but one would need to know there names and
that one should look.  If, e.g., one goes to the "ietf" page
accessed from there, that page does not mention the SAA team.
It does differ from most of the non-WG pages by saying, in the
description at the top, "Any items posted are subject to the
rules of BCP 78 and BCP 79", but, if that is needed there, it
should probably appear with every WG and non-WG list and it
should probably reference the code of conduct and
anti-harassment policy too.  I encourage people to try it for
themselves, pretending that they knew little or nothing about
the IETF before trying.  For those who don't have time, there
does not appear to be a hint about either of those lists at
www.ietf.org or at the "Get started" page to which it provides a
link.  

For those who are interesting in the experiment, go to
www.ietf.org.  Glance at the page and see how easily you notice
the "Get started" link.  Think about whether it is prominent
enough that a newcomer interested in possibly participating in
the IETF would notice it.  Click on it.  The target page does
not appear to mention those mailing lists either.  Instead, the
"How to Start" advice says that a newcomer should "decide on one
or two (not more!) Working Goups (WGs) whose topics are
interesting or relevant, and join their mailing lists".
Reasonable advice but it then points to
https://datatracker.ietf.org/wg/  to find out about WGs.  While
it tells how to navigate from that list once one picks a WG of
interest, many of the WG names are obscure, chosen more to
create clever acronyms than for explanatory quality, so, unless
the newcomer already has a guide (official or otherwise), the
pointer to that page can be rather intimidating.    And, by not
telling people that they might want to subscribe to
IETF-announce, IETF discuss, and/or last-call, we are not doing
much to promote the sort of broad participation and reviews we
claim to be after.

That page goes on to say, albeit in a different context, "The
IETF is normally very welcoming to newcomers,...".  Well, maybe
not if they try to navigate our systems, have issues with list
discussions and how they are treated, try to understand what
non-WG mailing lists are about, etc.   I think we can, and
should, do better.  With the exception of going back to
requiring something more charter-like for non-WG lists
(references and links to other documents would be fine) and
maybe rethinking that "Get started" page, I think it would all
be straightforward if we decide we care enough to get some
templates reworked.  If we don't, we should, IMO, stop
complaining about our difficulties recruiting and retaining
newcomers (at least those who are not ordered to participate in
the IETF by their day job organizations or commitments).

best,
   john

v2.23.0 | Report a Bug | By Email