[PHP-DEV] [RFC] Generalize support of negative string offsets

[François Laupretre]

Hi,

Starting discussion about https://wiki.php.net/rfc/negative-string-offsets

Please read and comment.

Regards

François

--
PHP Internals - PHP Runtime Development Mailing List
To unsubscribe, visit: http://www.php.net/unsub.php

[PHP-DEV] Re: A Modest Code of Conduct Proposal that Almost Everyone Can Agree On

[Flyingmana]

On 01/23/2016 06:41 AM, Scott Arciszewski wrote:
> Let's start with a rhetorical question: When you are adding unit
> tests to a legacy code base, where do you start?
> 
> ...
> 
> Typically, you start at the extremes and work your way to the core of
> the application, refactoring as you need to go.
> 
> I think many people agree that a Code of Conduct, in the abstract
> (not a particular one!), would be a good thing to have. So why don't
> we apply the same methodology with the CoC initiative?
> 
> I propose we start with the most extreme elements of the PHP
> community and field test a CoC proposal there. If we can improve the
> quality of communication and contributions there, then we know it
> will have a positive impact on the core.
> 
> And my most extreme, I am of course talking about OpenCart[1],
> arguably the most toxic open source software project on the
> Internet.
> 
> 
> 
> Please, fellow PHP community members, join me in proposing a Code of 
> Conduct (i.e. the Contributors' Covenant) to the OpenCart team,
> explicitly stating that it applies to Daniel Kerr and James Allsup
> too.
> 
> [1] http://www.openwall.com/lists/oss-security/2016/01/19/16 [2]
> https://github.com/opencart/opencart/issues
> 

I would perceive it as toxic, to make such a try there. It would
probably being seen as direct attack against the maintainers, even
without explicitly stating this out.
Analysing the currently (and from you linked) public handling of
problematic cases, such a try is likely to get directly put down.
Followed from even more negative publicity and attracting of trolls and
angry MOBs.
To make such an appeal successful, you need the support of the
maintainers, especially if they are small in number. And you need to
show them, how it is advantage. I think that would work best in a
private mediation. But not everyone is accepting such a private
mediation from everyone, especially from outside their community.
So it has to come from inside their community, from someone they really
trust in a personal way.

I assume its very unlikely, that we can initiate such a process from
here, so a failing is likely.
So we would already fail in the requirements, what would be the
conclusion for the core?

Probably nothing, as we have a very different precondition with a lot
more regular core contributors instead of 2 people doing all the stuff.
Also we have the goal to increase the number of core contributors, that
may not be true for opencart, which we should respect as understanding
community.


Lets go a step further, the main place for the community of opencart,
the forum. Most forums today have an Netiquette or Etiquette somewhere.
Opencart is no exception here, including:
> Keep all commentary civil, and be courteous at all times.
> Constructive criticism is welcome, but insults directed towards other
> users or the site admins will not be tolerated. Coarse/insulting
> language will not be tolerated.
But first it would be needed a prove, that the environment there is also
toxic.



-- 
PHP Internals - PHP Runtime Development Mailing List
To unsubscribe, visit: http://www.php.net/unsub.php

[PHP-DEV] Specific incident in relationship to the proposed Code of Conduct

[Brandon Savage]

All,

It's encouraging to see people working hard to improve and expand on the
proposed Code of Conduct for PHP. The strenuous and passionate debates
aside, I'm pleased to see so many people working on this together.

I want to propose a scenario that I came across this morning, that might
work well as a thought exercise for us as a group in considering how we
would APPLY the Code of Conduct to specific members.

This morning, Gary Hockin posted a pull request to the Doctrine project,
proposing a rename from "Doctrine" to "Shitty". The full pull request is
here: https://github.com/doctrine/doctrine2/pull/5626 He then tagged one of
the maintainers personally. It was a master stroke of humor and trolling
between two friends. The PR was closed as "Cant Fix" due to "licensing
issues" and "namespace conflicts."

There are several things at issue here:

1. This was an obvious attempt at trolling the Doctrine maintainers, a
masterful stroke by a master (and well-known) troll who had no ill-intent.
But it was still trolling, violating the CoC.
2. The vulgarity used to rename the project would generally be considered
in most circles to be "unprofessional behavior."
3. Tagging the maintainer could be construed as a "personal attack" on that
person's work.

GeeH is well-known and well-respected in the community. There's no doubt
that in some capacity, he represents the community, especially since he
speaks regularly at conferences and events. In addition, by reading the
comments, it's clear that not everyone got the joke at first (see comments
by "nuxwin" on the thread).

If someone came to the mediation team with a complaint that this pull
request made them feel "unsafe", how would we as a community respond?

The Code of Conduct, as written, makes no exception for the intent of the
person involved. This is an important problem, because intent ("mens rea"
in Latin, for "guilty mind") is typically required to convict people of
criminal acts in much of the world. For example, you cannot be convicted of
murder unless you had intent to kill the person (or should have known that
your actions created the grave risk of death). Our current code makes no
exception for intent. Instead, "if you broke it, you're guilty".

The second problem here is the fact that all of us probably know that GeeH
was kidding, and would make that point to anyone who complained. This is
actually a HUGE problem. Being known to the community actually becomes a
benefit for people, because their past history is known, and thus they
might receive more favorable treatment than those we don't know.

Finally, the current Code of Conduct permits any person to complain, even
if they weren't a party to the original incident. It permits this by not
explicitly restricting it. Even though it should be (and is to the
reasonable person) clear that this was a joke, any person in the community
could complain and have an argument.

I think these are fixable problems. I propose the following:

* The Code of Conduct should specifically state that a person who is not a
direct party to the alleged incident is not permitted to make a complaint.
* We should require that any person who is accused of violating the Code of
Conduct clearly have intent to do so. This is a harder standard to prove,
but one that should help us from having to deal with edge cases. A death
threat is a clear-cut case of intent, for example.
* The Code of Conduct should be modified so that abiding or not abiding by
it is demonstrable with evidence, taking "feelings" out of it entirely. For
example, a person shouldn't be in violation of the code because someone
"feels harassed/trolled/etc", it should be because they're ACTUALLY
harassed/trolled/etc.
* The Code of Conduct should bar filing a claim of harassment if harassment
from both parties towards one another can be demonstrated. This avoids a
race to the courthouse by one side to punish the other in an argument.

Open to suggestions/comments on this. I'll work on pull requests to
Derrick's repo over the next couple of days to let folks share their
thoughts.

Brandon

Re: [PHP-DEV] Specific incident in relationship to the proposed Code of Conduct

[Eli]

Hey Brandon, definitely some thoughts for consideration.  I did want to
respond to one piece of this:

> This is an important problem, because intent ("mens rea"
> in Latin, for "guilty mind") is typically required to convict people of
> criminal acts in much of the world. For example, you cannot be convicted of
> murder unless you had intent to kill the person (or should have known that
> your actions created the grave risk of death).

I think this is somewhat incorrect.  For example, yes, you cannot be
convicted of murder, however you will be convicted still of
Manslaughter.  Even 'Involuntary Manslaughter' is still a crime.  In
those cases, even if you didn't mean to kill someone, but your
actions/choices lead to that happening, is a crime.

But that's very far afield of CoC violations anyway.  Perhaps the best
analogy would be in the legal definitions of harassment.  Harassment
does not require a 'guilty mind' to be convinced of such.  IE:  You
don't get to say:  "Oh, I didn't mean anything bad when I grabbed
's .  It was a compliment!".  The issue in that case,
is that perhaps, truly to the person who commited that act, they had no
guilty mind, that they truly felt that they were doing something
right.   Which 'average person' would respond 'oh heck no' towards.  Of
course, most laws (in the US at least) about harassment happen to only
apply in a 'work context'.  And not in 'general life'.  Hence why one
could argue that a project like PHP might want to enact something similar.

What could be determined to be harassment to one person, might be
'perfectly normal' to someone else.  That's why the US Supreme Court
came up with a method for determining this.  Which was the 'Reasonable
Person' standard.   Basically per the courts definition, if a
"reasonable person" / 3rd party would feel that action was harassment,
then it was.  Regardless of intent.

And typically that reasonable person aspect is decided by a jury / peers
/ etc.

Which, is very similar to what the purpose of having a Mediation/CoC
team within a project would fulfill.

Anyway, just more food for thought / another POV.

Eli

-- 
|   Eli White   |   http://eliw.com/   |   Twitter: EliW   |




signature.asc
Description: OpenPGP digital signature

Re: [PHP-DEV] Specific incident in relationship to the proposed Code of Conduct

[Michael Cullum]

Whoops, I accidentally hit reply instead of reply to all on this earlier,
thanks Brandon for pointing that out.

On 23 January 2016 at 17:43, Brandon Savage 
 wrote:


> The Code of Conduct, as written, makes no exception for the intent of the
> person involved. This is an important problem, because intent ("mens rea"
> in Latin, for "guilty mind") is typically required to convict people of
> criminal acts in much of the world. For example, you cannot be convicted of
> murder unless you had intent to kill the person (or should have known that
> your actions created the grave risk of death). Our current code makes no
> exception for intent. Instead, "if you broke it, you're guilty".


Not quite. Mens rea as you rightfully point out is one of the two core
elements required to be proved for conviction of the majority of crimes
(The exception being those with strict liability), this does not mean
intent is required as mens rea can be formed of direct intent, indirect
intent, recklessness and negligence. Direct intent would be 'I murdered him
by stabbing him because I wanted to murder him', indirect intent would be
'I stabbed him (and he died) because I wanted to stab someone in the chest'
(Note the lack of wanting to kill, essentially you knew that it would have
that effect for sure, but that wasn't your primary intention) and
recklessness of which is best described by 'Realising there was a risk of
injuring someone by drinking whilst drunk, but carrying on and driving down
my road regardless' (I've only studied UK law but I've tried to abstract
the principles to clarify but I understand other countries may have
differences).

In most modern legal systems different crimes require different levels of
mens rea to be proved. For example murder requires intent (direct or
indirect intent) whereas battery or assault (lesser crimes) can be proved
by recklessness, direct intent or indirect intent.

Therefore it might make sense to have a non-black and white answer to this.
Someone messaging someone else who they don't know with rude and
insensitive comments that cause great insult to that person could be
grounds for me getting in trouble. Applying the reasonable man test (Which
has been described many times in this discussion) you would ask if most
people would realise that sending rude and insulting personal attacks to an
individual they've never met or spoken with before could have the potential
risk to make them feel... unsafe. But then, if they didn't have the direct
intent, they probably shouldn't get the harshest possible punishment if
those same actions had been done with malice.

It's all about finding balance and applying reasonable actions considering
the circumstances. Having a blanket rule on direct intent (which it sounds
like you are suggesting) could be damaging as direct intention is very
difficult to prove and most would just claim they didn't realise it could
be offensive.

--
Michael C

On 23 January 2016 at 17:43, Brandon Savage 
wrote:

> All,
>
> It's encouraging to see people working hard to improve and expand on the
> proposed Code of Conduct for PHP. The strenuous and passionate debates
> aside, I'm pleased to see so many people working on this together.
>
> I want to propose a scenario that I came across this morning, that might
> work well as a thought exercise for us as a group in considering how we
> would APPLY the Code of Conduct to specific members.
>
> This morning, Gary Hockin posted a pull request to the Doctrine project,
> proposing a rename from "Doctrine" to "Shitty". The full pull request is
> here: https://github.com/doctrine/doctrine2/pull/5626 He then tagged one
> of
> the maintainers personally. It was a master stroke of humor and trolling
> between two friends. The PR was closed as "Cant Fix" due to "licensing
> issues" and "namespace conflicts."
>
> There are several things at issue here:
>
> 1. This was an obvious attempt at trolling the Doctrine maintainers, a
> masterful stroke by a master (and well-known) troll who had no ill-intent.
> But it was still trolling, violating the CoC.
> 2. The vulgarity used to rename the project would generally be considered
> in most circles to be "unprofessional behavior."
> 3. Tagging the maintainer could be construed as a "personal attack" on that
> person's work.
>
> GeeH is well-known and well-respected in the community. There's no doubt
> that in some capacity, he represents the community, especially since he
> speaks regularly at conferences and events. In addition, by reading the
> comments, it's clear that not everyone got the joke at first (see comments
> by "nuxwin" on the thread).
>
> If someone came to the mediation team with a complaint that this pull
> request made them feel "unsafe", how would we as a community respond?
>
> The Code of Conduct, as written, makes no exception for the intent of the
> person involved. This is an important problem, because intent ("mens rea"
> in Latin, for "guilty mind") is typically required

Re: [PHP-DEV] Specific incident in relationship to the proposed Code of Conduct

[Pádraic Brady]

Hi,

On 23 January 2016 at 17:43, Brandon Savage  wrote:
> I think these are fixable problems. I propose the following:
>
> * The Code of Conduct should specifically state that a person who is not a
> direct party to the alleged incident is not permitted to make a complaint.

Maybe. My main concern is closing doors on actual cases from being
reported where they occur very publicly for anyone for see and where
the identities of those involved are already public knowledge. It
would be a bit hard to just ignore such a case. On what basis would
we?

For example, non-targeted actions - like sexual images on a public forum.

The point I do take, separately, is that "unprofessional conduct" can
be permitted where it falls on the low end of the spectrum. Does the
COC get employed if someone is continually 10mins late to meetings? In
the workplace, that would get one kicked out the door very quickly,
but an open source project may be much more forgiving with respect to
everyone being a volunteer.

So basically:
a) remove the phrase; or
b) add a better phrase in the context of the project

> * We should require that any person who is accused of violating the Code of
> Conduct clearly have intent to do so. This is a harder standard to prove,
> but one that should help us from having to deal with edge cases. A death
> threat is a clear-cut case of intent, for example.

No. Harrasment can be conducted without intent. The reality is that
edge cases may exist, and just have to be dealt with.

> * The Code of Conduct should be modified so that abiding or not abiding by
> it is demonstrable with evidence, taking "feelings" out of it entirely. For
> example, a person shouldn't be in violation of the code because someone
> "feels harassed/trolled/etc", it should be because they're ACTUALLY
> harassed/trolled/etc.

Yes. I would have thought that obvious, so it's completely reasonable
to clarify it as clearly as possible should there be any doubt.
However, as I stress above, intent is not necessarily relevant in this
evaluation. I also note that the outcome of harassment may include
"feelings" of a severe negative nature so let's avoid that word for
clarity. I would go with the more clear term "beliefs". Believing
something is happening, does not make it true in the absence of
evidence.

> * The Code of Conduct should bar filing a claim of harassment if harassment
> from both parties towards one another can be demonstrated. This avoids a
> race to the courthouse by one side to punish the other in an argument.

On the basis of equal treatment, I disagree. They would then both have
allegations of unknown value which should be evaluated. This would
also open the door to baseless allegations being used to thwart the
process as a defensive tactic. As a basic level, the "demonstrated"
test still needs investigation, evidence gathering, etc.

Paddy

P.S. I like thought experiments - more the merrier in fact to actually
test ideas.

--
Pádraic Brady

http://blog.astrumfutura.com

--
PHP Internals - PHP Runtime Development Mailing List
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP-DEV] Specific incident in relationship to the proposed Code of Conduct

[Mark Baker]

On 23/01/2016 17:43, Brandon Savage wrote:

* The Code of Conduct should specifically state that a person who is not a
direct party to the alleged incident is not permitted to make a complaint.
While I'd agree with this in general, there might be circumstances where 
a "direct party" doesn't feel comfortable making a complaint in person 
(newcomers in particular might feel too overawed or too embarrassed to 
make a complaint themself), but might be willing to allow somebody else 
to make a complaint on their behalf... as long as they have given 
permission (that can be proven, such as an email) for a 3rd party to do 
so, I don't see why that shouldn't be permitted.


Of course, there's nothing to stop a 3rd part from calling somebody out 
if the original alleged offence is public, and I'd hope that other 
members of the community would do so if the situation warranted.


--
Mark Baker

 _
|.  \ \-3
|_J_/ PHP |
|| |  __  |
|| |m|  |m|

 I LOVE PHP


--
PHP Internals - PHP Runtime Development Mailing List
To unsubscribe, visit: http://www.php.net/unsub.php

[PHP-DEV] [RFC][VOTE] Warn about invalid strings in arithmetic

[Andrea Faulds]

Good evening,

Just over two weeks ago I introduced this RFC. There's not been a lot of 
discussion since then, and there's no unfinished business that I can 
think of.


So, I think it's time to put it to a vote:

https://wiki.php.net/rfc/invalid_strings_in_arithmetic

Voting starts today (2016-01-23) and will end next Sunday (2016-01-31), 
an 8-day period, which means there's half of this weekend and all of 
next, more than enough time I hope.


Thanks.
--
Andrea Faulds
https://ajf.me/

--
PHP Internals - PHP Runtime Development Mailing List
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP-DEV] [RFC][VOTE] OpenSSL AEAD support

[Marco Pivetta]

Just FYI, I'm voting against this proposal, as the number of parameters is
simply growing out of control, which involves:
 - more BC breaks if default parameters change
 - more security issues if the defaults are unsafe (or become unsafe, for
whatever reason)
 - more cognitive load (it's arguably more complex)

In general, this simply pushes too many responsibilities on the interface.
Support for AEAD can be moved to a separate function, which involves a
minor BC break: collision with pre-existing functions, if anybody was
crazy/stupid enough to implement crypto in userland, and even worse in the
global namespace.


Marco Pivetta

http://twitter.com/Ocramius

http://ocramius.github.com/

On 20 January 2016 at 17:40, Jakub Zelenka  wrote:

> Hi,
>
> The vote is now open:
>
> https://wiki.php.net/rfc/openssl_aead#voting
>
> Cheers
>
> Jakub
>

[PHP-DEV] Re: [RFC] Generalize support of negative string offsets

[Andrea Faulds]

Hi François,

François Laupretre wrote:


Starting discussion about https://wiki.php.net/rfc/negative-string-offsets

Please read and comment.


I like this RFC. Being able to use negative offsets helps code 
readability, but it not being universally supported is annoying. I like 
that this brings more consistency.


I particularly like that this is supported for string indexing with the 
[]/{} operator.


At present a negative offset is interpreted as being the maximum string 
length plus that offset, so $str[-1] is equivalent to $str[(2**64 - 1) - 
1]. In practice, this means you will get an empty string and an 
"Uninitialized string offset:" E_NOTICE. It's not useful except for 
extremely large strings and so I suspect that behaviour comes from an 
implementation detail (naïve signed-to-unsigned integer conversion).


What you're proposing is to have the negative offset be interpreted as 
an offset from the end of the string, as the built-in functions do. This 
is more useful, but it's a change of behaviour from the present one, and 
thus a backwards-compatibility break, even if it's unlikely to affect 
real-world code. So, you might wish to mention that.


Also, I think the RFC would be more accessible if you included some 
examples of where to use negative offsets. That would give readers an 
at-a-glance view of what the RFC changes.


Anyway, I like what you're doing here. Thanks for the proposal!

--
Andrea Faulds
https://ajf.me/

--
PHP Internals - PHP Runtime Development Mailing List
To unsubscribe, visit: http://www.php.net/unsub.php

[PHP-DEV] Re: [RFC] Generalize support of negative string offsets

[Andrea Faulds]

Hi again,

Andrea Faulds wrote:

At present a negative offset is interpreted as being the maximum string
length plus that offset, so $str[-1] is equivalent to $str[(2**64 - 1) -
1]. In practice, this means you will get an empty string and an
"Uninitialized string offset:" E_NOTICE. It's not useful except for
extremely large strings and so I suspect that behaviour comes from an
implementation detail (naïve signed-to-unsigned integer conversion).

What you're proposing is to have the negative offset be interpreted as
an offset from the end of the string, as the built-in functions do. This
is more useful, but it's a change of behaviour from the present one, and
thus a backwards-compatibility break, even if it's unlikely to affect
real-world code. So, you might wish to mention that.


Er, ignore what I just said. Negative string offsets are actually 
special-cased and always produce an "Unitialized string offset" or 
"Invalid string offset" notice. So our current behaviour is in fact 
completely useless, not just mostly. :)


Sorry about that.
--
Andrea Faulds
https://ajf.me/

--
PHP Internals - PHP Runtime Development Mailing List
To unsubscribe, visit: http://www.php.net/unsub.php

[PHP-DEV] Re: [RFC] [Re-proposed] Adopt Code of Conduct

[Matt Prelude]

Hi all,

This is my first mail to the list so please let me know if I do anything 
wrong or if there's a better channel by which to have this kind of 
discussion.


I'd like to propose adoption of an alternative code of conduct, the Go 
Code: https://golang.org/conduct


The primary reasons for suggesting this code are:

- The Go Code focuses primarily on desired behaviours ('be patient', 'be 
respectful') and only secondarily on 'avoiding destructive behaviours'.
- The Go Code explicitly notes that it "is not a mechanism for people to 
silence others with whom they disagree." - this was a major concern on 
the ML, so codifying that this usage will not be accepted in the CoC 
itself is a step in the right direction.
- The Go Code encourages everybody to follow the code in all spaces, but 
limits explicit enforcement to Go spaces.

- The Go Code is far more clear in defining prohibited behaviours.

I've already proposed this idea over at GitHub, but it strikes me that 
the correct channel for discussion is PHP internals.


- Matt


--
PHP Internals - PHP Runtime Development Mailing List
To unsubscribe, visit: http://www.php.net/unsub.php

[PHP-DEV] compiling php 5.6.# fails with sun CC 12.3 sparc sol 10, no problem 5.5 or 5.3

[Ross, Christine]

Hello.

It was suggested I email this to this address.  I hope someone can help. I had 
no problems compiling php 5.3.# and 5.5.# on Sparc solaris 10 with Sun CC 12.3, 
but 5.6.# fails with the error below. GCC works but my whole application and 
environment is built with Sun CC. This is where it fails. I even tried adding 
/usr/sfw to the paths but no change.  I have received responses from others 
with the same issue.
Any help would be appreciated.



Lots of white space character errors before it fails on line 70. I saw 
something about flex and re2c so I installed re2c, and it didn't help. I tried 
without opcache, no help.

"Zend/zend_language_scanner.l", line 66: warning: invalid white space character 
in directive
"Zend/zend_language_scanner.l", line 67: warning: invalid white space character 
in directive
"Zend/zend_language_scanner.l", line 68: warning: invalid white space character 
in directive
"Zend/zend_language_scanner.l", line 69: warning: invalid white space character 
in directive
"Zend/zend_language_scanner.l", line 70: warning: function prototype parameters 
must have types
"Zend/zend_language_scanner.l", line 70: warning: old-style declaration or 
incorrect type for: SCNG
"Zend/zend_language_scanner.l", line 70: cannot initialize function: SCNG
"Zend/zend_language_scanner.l", line 70: undefined symbol: x

#!/bin/sh
#
# Configure PHP
#
PATH=/usr/bin:/usr/local/bin:/usr/ccs/bin:/opt/SUNWspro/bin:/usr/sbin:/usr/dt/bin;
 export PATH
LD_LIBRARY_PATH=/lib:/usr/lib:/usr/local/lib:/usr/local/ssl/lib; export 
LD_LIBRARY_PATH
LD_RUN_PATH=/usr/local/ssl/lib:/usr/local/lib; export LD_RUN_PATH
#
env CC=cc CXX=CC \
../configure \
--with-apxs2=/usr/local/apache2/bin/apxs \
--with-mysql=mysqlnd \
--with-pear \
--with-libxml-dir=/usr \
--with-mysqli=mysqlnd \
--with-pdo-mysql=mysqlnd \
--enable-mbstring \
--with-curl \
--with-gd \
--with-jpeg-dir=/usr/lib \
--enable-soap \
--with-openssl=/usr/local/ssl \
--enable-zip \
--with-iconv=/opt/local \
--enable-opcache

#!/end
#

RE: [PHP-DEV] Specific incident in relationship to the proposed Code of Conduct

[Zeev Suraski]

> -Original Message-
> From: Brandon Savage [mailto:bran...@brandonsavage.net]
> Sent: Saturday, January 23, 2016 7:44 PM
> To: PHP internals 
> Subject: [PHP-DEV] Specific incident in relationship to the proposed Code of
> Conduct
> 
> Open to suggestions/comments on this. I'll work on pull requests to Derrick's
> repo over the next couple of days to let folks share their thoughts.


I've been reading the mini-thread that followed this message, and I'm 
wondering, almost out loud:
Isn't it obvious we're trying to create an amateur drive-by judicial system, 
borrowing ideas from the law (some mostly universal, some not), oversimplifying 
 them (amateurishly, as we would as amateurs) and intending to put amateur 
investigators and judges in charge?  A system that will definitely not have the 
countless checks and balances real world judicial systems have (which still 
fail frequently enough, so they're far from being perfect). 

To me, that's DOA.

I think that the case you brought up could be very easily solved in a 
penalty-free CoC:
1. One of the mediation team members contacts Gary (privately) - either 
proactively or as a response to a complaint, pointing out to him that a PR like 
this, even as a joke, reflects badly on the project and may be considered by 
some as in violation of the CoC.
2. Gary, who obviously meant no harm to anybody, says 'Sure, didn't think 
that'll offend anybody, but I'll refrain from doing it in the future'.
3. Case closed.

We seem over-focused on the situation where the person's response in #2 would 
be ignoring the request from the mediation team, or worse, where the likelihood 
of that is slim to non-existent.

Zeev 

RE: [PHP-DEV] Re: [RFC] [Re-proposed] Adopt Code of Conduct

[Zeev Suraski]

> -Original Message-
> From: Matt Prelude [mailto:m...@mprelu.de]
> Sent: Saturday, January 23, 2016 11:31 PM
> To: internals@lists.php.net
> Subject: [PHP-DEV] Re: [RFC] [Re-proposed] Adopt Code of Conduct
> 
> Hi all,
> 
> This is my first mail to the list so please let me know if I do anything 
> wrong or
> if there's a better channel by which to have this kind of discussion.
> 
> I'd like to propose adoption of an alternative code of conduct, the Go
> Code: https://golang.org/conduct
> 
> The primary reasons for suggesting this code are:
> 
> - The Go Code focuses primarily on desired behaviours ('be patient', 'be
> respectful') and only secondarily on 'avoiding destructive behaviours'.

+1
I think it's sorely missing some 'Please' in there on almost every line, but 
it's already a whole lot better.

I would also include the Golden Rule in there.  It's remarkably helpful in my 
experience.  (en.wikipedia.org/wiki/Golden_Rule)

> - The Go Code explicitly notes that it "is not a mechanism for people to
> silence others with whom they disagree." - this was a major concern on the
> ML, so codifying that this usage will not be accepted in the CoC itself is a 
> step
> in the right direction.

+1

> - The Go Code encourages everybody to follow the code in all spaces, but
> limits explicit enforcement to Go spaces.

+1

> - The Go Code is far more clear in defining prohibited behaviours.

It's clearer and a lot more narrower in scope, but still leaves some 
ambiguity...  More on that below.

> I've already proposed this idea over at GitHub, but it strikes me that the
> correct channel for discussion is PHP internals.

The Go CoC is the best I've laid eyes on so far, although it still has me 
concerned about the punitive parts in it. 
Even in that context, the good news is that if I understand it correctly, it's 
completely limited to specific public spaces, so that there's little likelihood 
of disagreements about the facts - only about their interpretation.

Which still has me worried - as it seems that some people's definition of 
'bullying' and 'harassment' seem to be very liberally scoped.  I can imagine 
'demeaning' can also be very much open to interpretation.

One thing which isn't clear to me is whether this:
"If you conduct yourself in a way that is explicitly forbidden by the CoC, you 
will be warned and asked to stop. If you do not stop, you will be removed from 
our community spaces temporarily. Repeated, wilful breaches of the CoC will 
result in a permanent ban."
... applies to reports, or only to proactive moderation.  In other words, 
whether the response to a report - anonymous or otherwise - can only result in 
a warning the first time around?  Can one only get permabanned after numerous 
temporary bans and repeated 'offenses'?

Last - does anybody know whether this CoC ever got 'battle tested' thus far?

Thanks for your work!

Zeev

Re: [PHP-DEV] Specific incident in relationship to the proposed Code of Conduct

[Pádraic Brady]

Hi,

On 23 January 2016 at 22:02, Zeev Suraski  wrote:
>> -Original Message-
>> From: Brandon Savage [mailto:bran...@brandonsavage.net]
>> Sent: Saturday, January 23, 2016 7:44 PM
>> To: PHP internals 
>> Subject: [PHP-DEV] Specific incident in relationship to the proposed Code of
>> Conduct
>>
>> Open to suggestions/comments on this. I'll work on pull requests to Derrick's
>> repo over the next couple of days to let folks share their thoughts.
>
>
> I've been reading the mini-thread that followed this message, and I'm 
> wondering, almost out loud:
> Isn't it obvious we're trying to create an amateur drive-by judicial system, 
> borrowing ideas from the law (some mostly universal, some not), 
> oversimplifying  them (amateurishly, as we would as amateurs) and intending 
> to put amateur investigators and judges in charge?  A system that will 
> definitely not have the countless checks and balances real world judicial 
> systems have (which still fail frequently enough, so they're far from being 
> perfect).
>
> To me, that's DOA.

We are overly focused on steps beyond mediation, because that's where
most of the objections and arguments are focused - on the assumption
that mediation does not solve all problems.

I have to agree with the earlier part of your statements also though
from a different direction.

What is being proposed is not in any way a court of law, nor does it
claim to be. Communities have been dealing with complaints, moderation
issues, bans, telling offs, and a whole host of steps since forever.
This is no different. I literally cannot fathom why the COC not being
a court is a problem. It's one of the most bizarre and, frankly,
concerning line of objections to arise in the debate from my
perspective. The absolute best we can do is just that - the absolute
best. And it's entirely responsible to ensure that it IS the absolute
best that can be achieved.

However, the argument that since our absolute best does not match a
specific model of a legal court where the participants have decades of
training and experience (and precedence/laws) does not mean that the
PHP project should automatically do nothing whatsoever and call it a
day. To state an obvious question - what precisely is the status quo
in comparison to a COC? Ad-hoc bans by whoever has access to the ML?
No action ever? Does anyone actually know what it is?

Do people object to Twitter's policies? Reddit's? Facebook's? That
forum over there? Some mailing list where one will get perma-banned
for trolling? Your employer's disciplinary process which ends in a
cardbox box and a security escort to the exit? What about the rules at
the local pub on behaviour?

All of the above? Not courts. All of the above? Implemented by people
who are not professional judges and just do the best they can because
they value their communities.

By this odd logic, nobody operating any public forum, event or public
space should ever ban anyone for anything or even caution them. Ever.

And yet...they clearly do.

In the extreme cases which should be very rare where mediation
completely fails :P.

Paddy

--
PHP Internals - PHP Runtime Development Mailing List
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP-DEV] Re: [RFC] [Re-proposed] Adopt Code of Conduct

[Pádraic Brady]

Hi,

On 23 January 2016 at 21:30, Matt Prelude  wrote:
> Hi all,
>
> This is my first mail to the list so please let me know if I do anything
> wrong or if there's a better channel by which to have this kind of
> discussion.
>
> I'd like to propose adoption of an alternative code of conduct, the Go Code:
> https://golang.org/conduct
>
> The primary reasons for suggesting this code are:
>
> - The Go Code focuses primarily on desired behaviours ('be patient', 'be
> respectful') and only secondarily on 'avoiding destructive behaviours'.
> - The Go Code explicitly notes that it "is not a mechanism for people to
> silence others with whom they disagree." - this was a major concern on the
> ML, so codifying that this usage will not be accepted in the CoC itself is a
> step in the right direction.
> - The Go Code encourages everybody to follow the code in all spaces, but
> limits explicit enforcement to Go spaces.
> - The Go Code is far more clear in defining prohibited behaviours.

Reading this previously, I think it's an essential example that should
definitely be taken into account.

Paddy

-- 
PHP Internals - PHP Runtime Development Mailing List
To unsubscribe, visit: http://www.php.net/unsub.php

RE: [PHP-DEV] Specific incident in relationship to the proposed Code of Conduct

[Pierre Joye]

On Jan 24, 2016 5:02 AM, "Zeev Suraski"  wrote:
>
> > -Original Message-
> > From: Brandon Savage [mailto:bran...@brandonsavage.net]
> > Sent: Saturday, January 23, 2016 7:44 PM
> > To: PHP internals 
> > Subject: [PHP-DEV] Specific incident in relationship to the proposed
Code of
> > Conduct
> >
> > Open to suggestions/comments on this. I'll work on pull requests to
Derrick's
> > repo over the next couple of days to let folks share their thoughts.
>
>
> I've been reading the mini-thread that followed this message, and I'm
wondering, almost out loud:
> Isn't it obvious we're trying to create an amateur drive-by judicial
system, borrowing ideas from the law (some mostly universal, some not),
oversimplifying  them (amateurishly, as we would as amateurs) and intending
to put amateur investigators and judges in charge?  A system that will
definitely not have the countless checks and balances real world judicial
systems have (which still fail frequently enough, so they're far from being
perfect).
>
> To me, that's DOA.
>
> I think that the case you brought up could be very easily solved in a
penalty-free CoC:
> 1. One of the mediation team members contacts Gary (privately) - either
proactively or as a response to a complaint, pointing out to him that a PR
like this, even as a joke, reflects badly on the project and may be
considered by some as in violation of the CoC.
> 2. Gary, who obviously meant no harm to anybody, says 'Sure, didn't think
that'll offend anybody, but I'll refrain from doing it in the future'.
> 3. Case closed.
>
> We seem over-focused on the situation where the person's response in #2
would be ignoring the request from the mediation team, or worse, where the
likelihood of that is slim to non-existent.

Thanks Zeev.

This is exactly what I meant by common sense and appropriate reaction from
the group.

The only thing I had to add is a public (as in the project channel or in
the PR f.e.) apologize from the author of this PR and that's it.

I also think think it is wrong to try to use legal wording or comparisons
as it is not a public environment governed by laws (well, laws applied but
not in our scopes). It is about rules we define and we wish to follow in
our community. Just like what we can see in many other group of people, in
tech, sports or other.

Cheers,
Pierre

Re: [PHP-DEV] Specific incident in relationship to the proposed Code of Conduct

[Stanislav Malyshev]

Hi!

> perspective. The absolute best we can do is just that - the absolute
> best. And it's entirely responsible to ensure that it IS the absolute
> best that can be achieved.

I think this is an incorrect approach - both in making software and
other places. You don't release software when it's absolute best it
could ever be - otherwise PHP would never exist and neither would
99.% of other software. You do it when it is good to solve practical
problem you have. This is why there's a request on identifying the
problem we're trying to solve and result we are trying to achieve.
Because that's the way to know when we're good enough.
Another reason is a dangerous illusion we could predict what people
would do with it years from now. We can't. Thus it is important not
over-specify things - because we don't have enough information now to
know what we'd like to do in specific case in the future.

> day. To state an obvious question - what precisely is the status quo
> in comparison to a COC? Ad-hoc bans by whoever has access to the ML?

Yes, status quo is pretty much that. IIRC we needed it one, two times
over 20 years? And it worked fine then. Now, maybe it's time to improve
on it, but the data so far does not show we're in failure mode. So I
find a hard focus on bans be a bit strange - for something that we'd use
maybe once per 10 years, it gets a lot of time spent on it.

> Do people object to Twitter's policies? Reddit's? Facebook's? That

Of course, all the time in fact. I'm reading allegations of Facebook
both not doing enough and over-doing it, for various dark reasons,
almost daily, and same for other social platforms. Every site with
petitions (except maybe White House one, but even that I'm not sure) has
petitions for Facebook to change their policies for this or that.

> cardbox box and a security escort to the exit? What about the rules at
> the local pub on behaviour?

I have never seen a pub with a formal CoC so far, but maybe they have
them now, I never asked. But pubs have owners, so it's not the same as
here.

> And yet...they clearly do.

Of course. And most social platforms you mentioned also both horrible
for cooperation and teeming with harassment. So I wouldn't take them as
a positive example just yet.

> In the extreme cases which should be very rare where mediation
> completely fails :P.

Almost none of them though ever practiced mediation and such - it's not
scalable and they are all about scale. Thankfully, this is not our case.

-- 
Stas Malyshev
smalys...@gmail.com

-- 
PHP Internals - PHP Runtime Development Mailing List
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP-DEV] Specific incident in relationship to the proposed Code of Conduct

[Pierre Joye]

Hello,

On Jan 24, 2016 9:31 AM, "Stanislav Malyshev"  wrote:
>
> Hi!
.
>
> > day. To state an obvious question - what precisely is the status quo
> > in comparison to a COC? Ad-hoc bans by whoever has access to the ML?
>
> Yes, status quo is pretty much that. IIRC we needed it one, two times
> over 20 years? And it worked fine then. Now, maybe it's time to improve
> on it, but the data so far does not show we're in failure mode.

I think it reasonable to think we don'g have data, at all. Yes we have two
cases which were so obvious that we had to handle them.

For anything we have nothing. This proposal will give us more data about
how we are, how we feel, etc. If anything this is good.

> So I
> find a hard focus on bans be a bit strange - for something that we'd use
> maybe once per 10 years, it gets a lot of time spent on it.

I think we should have used temporary bans a bit more to cool down things.
Including to myself along other.

Re: [PHP-DEV] Specific incident in relationship to the proposed Code of Conduct

[Scott Arciszewski]

On Sat, Jan 23, 2016 at 9:59 PM, Pierre Joye  wrote:

> Hello,
>
> On Jan 24, 2016 9:31 AM, "Stanislav Malyshev"  wrote:
> >
> > Hi!
> .
> >
> > > day. To state an obvious question - what precisely is the status quo
> > > in comparison to a COC? Ad-hoc bans by whoever has access to the ML?
> >
> > Yes, status quo is pretty much that.
> ​​
> IIRC we needed it one, two times
> > over 20 years? And it worked fine then. Now, maybe it's time to improve
> > on it, but the data so far does not show we're in failure mode.
>
> I think it reasonable to think we don'g have data, at all. Yes we have two
> cases which were so obvious that we had to handle them.
>
> For anything we have nothing. This proposal will give us more data about
> how we are, how we feel, etc. If anything this is good.
>
> > So I
> > find a hard focus on bans be a bit strange - for something that we'd use
> > maybe once per 10 years, it gets a lot of time spent on it.
>
> I think we should have used temporary bans a bit more to cool down things.
> Including to myself along other.
>


​Hi all,

I've been mostly staying out of these discussions because I'm focusing my
time and energy on things that will hopefully be more valuable than just
weighing in with another opinion on this issue. However, I do feel the need
to state this because I haven't seen it stated by anyone else yet (maybe I
missed it?) and everyone in this thread seems calm, collected, and
reasonable:

I think focusing on the extreme behaviors is harmful towards a mature and
progressive discussion on these matters. My opinion is based on two
premises:

1. Good opsec, which career criminals and dedicated harassers would be
incentivized to adopt, can completely thwart any CoC we could come up with.
A good example would be DOXBIN, which hosted peoples' personal information
(their "dox") on a Tor hidden service and thumbed its nose to law
enforcement for years. The operator, Nachash, is still free. At no point in
time has an arrest been made.
2. If you have a hammer, every problem looks like a nail. If you create a
tool meant for dealing with the most extreme harassers, and you will never
CATCH them, all that happens is you create a system for potentially
inflicting damage on less extreme transgressors.

Focusing on the existence/nonexistence/frequency of extreme harassment is a
non-starter. Yes, you might think you only need it once every 10 years now.
Maybe it turns out we need it once per week and we were blind to the abuses
that were occurring. Or maybe it turns out we don't ever need it at all,
but we've created a process for harassment by proxy.

Extreme harassment needs to be dealt with by specialized professionals,
i.e. law enforcement, clinical therapists, and mental health professionals.
We shouldn't even consider them in scope.

So I disagree that notions such as, "​IIRC we needed it one, two times over
20 years?" are worth any future consideration.

Let's start with a solution that is appropriate for 50% or more of
situations, and take it one step at a time. There are no 100% or even 99%
solutions from day one.

That's all I have to say at the moment. I'm going to go back to addressing
technical problems; human problems are beyond me to solve adequately.

Scott Arciszewski
Chief Development Officer
Paragon Initiative Enterprises ​

Re: [PHP-DEV] Re: [RFC] [Re-proposed] Adopt Code of Conduct

[Andrea Faulds]

Hi Derick,

Derick Rethans wrote:

On Fri, 22 Jan 2016, Florian Anderiasch wrote:


On 22.01.2016 15:29, Pierre Joye wrote:


Freshly adopted:

http://rubyonrails.org/conduct/
https://golang.org/conduct



Ruby (the language) is discussing the adoption of a Code of Conduct
right now, and several people in that thread issue what I think are
similar concerns about the wording in the covenant one:

https://bugs.ruby-lang.org/issues/12004

AFAICT Rails adopted exactly that one, not sure about slight changes.

FWIW, I like the Go one a lot better.


I do too. I think there is a lot we can borrow from that. I'll probably
use the weekend to draft the first bit of my suggested process: THe
values document. Expect things from other "codes" to come back into it.


The Go one looks pretty great to me. It might not be such a bad idea if 
we were to adopt it almost verbatim.


I'm concerned that the code of conduct RFC, since its introduction, has 
ballooned in length and complexity, and I don't think it's really done 
any good. I don't like the idea of having to read pages upon pages of 
regulata to know what our values and rules are.


I also don't think we need to write anything new. Other people have done 
that legwork for us, we are wasting our time if we try to create 
something new. PHP is not radically different from other open-source 
projects.


Go's one is not excessively long, gets to the point, and is reasonable. 
It appears to cover everything we need: positive values, what is 
unacceptable, a statement of why moderation is needed, and how to report 
issue and how it will be handled.


I'm not sure yet, but if we were to adopt a code from another project 
(which I think we should definitely do), Go's looks like a good choice.


Thanks!
--
Andrea Faulds
https://ajf.me/

--
PHP Internals - PHP Runtime Development Mailing List
To unsubscribe, visit: http://www.php.net/unsub.php

[PHP-DEV] Re: Specific incident in relationship to the proposed Code of Conduct

[Andrea Faulds]

Hi,

Brandon Savage wrote:

This morning, Gary Hockin posted a pull request to the Doctrine project,
proposing a rename from "Doctrine" to "Shitty". The full pull request is
here: https://github.com/doctrine/doctrine2/pull/5626 He then tagged one of
the maintainers personally. It was a master stroke of humor and trolling
between two friends. The PR was closed as "Cant Fix" due to "licensing
issues" and "namespace conflicts."

There are several things at issue here:

1. This was an obvious attempt at trolling the Doctrine maintainers, a
masterful stroke by a master (and well-known) troll who had no ill-intent.
But it was still trolling, violating the CoC.


Trolling is, by definition, ill-inteded. It is deliberately acting in 
bad faith. It might be a "joke" in some circumstances, but it is 
nonetheless not conducted in good faith.



2. The vulgarity used to rename the project would generally be considered
in most circles to be "unprofessional behavior."


Trolling, in itself, is unprofessional.


3. Tagging the maintainer could be construed as a "personal attack" on that
person's work.


This is really stretching things. How could it be construed that way, 
and what would make you think that, say, a hypothetical body which 
enforces a code of conduct would construe it that way?


A personal attack is an attack on a person. In this case the attack, if 
it is to be called that, is clearly on the project. The request was to 
rename Doctrine, not to rename its maintainer. That the maintainer was 
tagged in it is of no consequence in this specific regard.



GeeH is well-known and well-respected in the community. There's no doubt
that in some capacity, he represents the community, especially since he
speaks regularly at conferences and events. In addition, by reading the
comments, it's clear that not everyone got the joke at first (see comments
by "nuxwin" on the thread).


Joke or not, it's nonetheless trolling.


If someone came to the mediation team with a complaint that this pull
request made them feel "unsafe", how would we as a community respond?


Without additional information to the contrary, we would assume that 
safety was not an issue here, surely? Unless this was part of some 
obvious harassment campaign or such, this would not be construed as a 
safety issue.



The Code of Conduct, as written, makes no exception for the intent of the
person involved. This is an important problem, because intent ("mens rea"
in Latin, for "guilty mind") is typically required to convict people of
criminal acts in much of the world.


Yes, but a code of conduct isn't a criminal code, and the consequences 
are not the same as breaking the law.



For example, you cannot be convicted of
murder unless you had intent to kill the person (or should have known that
your actions created the grave risk of death). Our current code makes no
exception for intent. Instead, "if you broke it, you're guilty".


I think you might be misunderstanding how mens rea actually works. If we 
lived in a strange world where "trolling" were a criminal offence, then 
you would have to meet the standard of intent to troll. I doubt any 
court would find our subject here to not have had it. The fact that it 
was a "joke" does not except them from it, nor would it from anything 
serious.



The second problem here is the fact that all of us probably know that GeeH
was kidding, and would make that point to anyone who complained.


Their behaviour was nonetheless unacceptable.


This is
actually a HUGE problem. Being known to the community actually becomes a
benefit for people, because their past history is known, and thus they
might receive more favorable treatment than those we don't know.


Sure, that is a risk. Time and again, you see groups being kinder on 
those with higher status in disputes.



Finally, the current Code of Conduct permits any person to complain, even
if they weren't a party to the original incident. It permits this by not
explicitly restricting it. Even though it should be (and is to the
reasonable person) clear that this was a joke, any person in the community
could complain and have an argument.

>

I think these are fixable problems. I propose the following:

* The Code of Conduct should specifically state that a person who is not a
direct party to the alleged incident is not permitted to make a complaint.


Sure. If someone breaks the rules, someone else can report it. What's 
wrong with that? You can waste the time of who you report it to? You can 
do that anyway.


Consider that the situation is worse if you *can't* report such things. 
What if all the parties to a conversation in a project-run space are 
complicit in blatantly violating the rules? None of them will report it, 
they're complicit.



* The Code of Conduct should be modified so that abiding or not abiding by
it is demonstrable with evidence, taking "feelings" out of it entirely. For
example, a person shouldn't be in violation of the code because someone

Re: [PHP-DEV] Specific incident in relationship to the proposed Codeof Conduct

[Andrea Faulds]

Hi Zeev,

Zeev Suraski wrote:

I think that the case you brought up could be very easily solved in a 
penalty-free CoC:
1. One of the mediation team members contacts Gary (privately) - either 
proactively or as a response to a complaint, pointing out to him that a PR like 
this, even as a joke, reflects badly on the project and may be considered by 
some as in violation of the CoC.
2. Gary, who obviously meant no harm to anybody, says 'Sure, didn't think 
that'll offend anybody, but I'll refrain from doing it in the future'.
3. Case closed.

We seem over-focused on the situation where the person's response in #2 would 
be ignoring the request from the mediation team, or worse, where the likelihood 
of that is slim to non-existent.


I'd like to point out that you don't need a "penalty-free CoC" for this 
anyway. Unless the case was particularly egregious, why would enforcers 
immediately apply sanctions here? The steps you outlined are exactly 
what I would imagine happening in a CoC which did have penalties/


Penalties are always a last resort. Why do we always seem to assume the 
people responsible for administering them would not be reasonable enough 
to think that? Is there this much distrust in the PHP community?


Thanks.
--
Andrea Faulds
https://ajf.me/

--
PHP Internals - PHP Runtime Development Mailing List
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP-DEV] Re: [RFC] [Re-proposed] Adopt Code of Conduct

[Andrea Faulds]

Hi Zeev,

Zeev Suraski wrote:

One thing which isn't clear to me is whether this:
"If you conduct yourself in a way that is explicitly forbidden by the CoC, you will 
be warned and asked to stop. If you do not stop, you will be removed from our community 
spaces temporarily. Repeated, wilful breaches of the CoC will result in a permanent 
ban."
... applies to reports, or only to proactive moderation.  In other words, 
whether the response to a report - anonymous or otherwise - can only result in 
a warning the first time around?  Can one only get permabanned after numerous 
temporary bans and repeated 'offenses'?


I don't think it specifically applies to reports or moderation, but 
rather to what it says: "repeated, wilfull breaches". If the team is 
aware that you've done something multiple times, then it's going to be 
more harsh on you. I don't think whether each of those times was 
reported separately, if at all, would mean anything.


Anyway, as to how many warnings people would get, and how quickly they 
would be banned, if at all, would surely vary from case to case with 
severity. We should assume whoever enforces this is somewhat reasonable.



Last - does anybody know whether this CoC ever got 'battle tested' thus far?


This is a question I'm wondering about as well. It all seems pretty 
good, but I wonder if, for example, the lists of unwelcome behaviour and 
discrimination characteristics are sufficiently complete.


Thanks.
--
Andrea Faulds
https://ajf.me/

--
PHP Internals - PHP Runtime Development Mailing List
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP-DEV] Re: [RFC] [Re-proposed] Adopt Code of Conduct

[Stanislav Malyshev]

Hi!

> This is a question I'm wondering about as well. It all seems pretty
> good, but I wonder if, for example, the lists of unwelcome behaviour and
> discrimination characteristics are sufficiently complete.

They are not supposed to be complete. Again, we're not writing a penal
code. If somebody does something clearly destructive but not in the
laundry list, we'd have to deal with it and we'll find the way to. The
list is just to show what kind of behavior we see as unacceptable, not
to provide complete list with a presumption if it's not on the list, it
must be OK.

For "discrimination characteristics" it's even worse, as we'd be
pretending to have a complete list of human identity and background
groups, which we can not have, and each failure mode for it is worse
than the other - either we presume anything we omitted does not exist,
or is not important enough, or it's OK to discriminate against members
of that group. Also, nobody ever reads these lists anyway - checking
everything against the exact list of a dozen or so items is not a common
behavior, considerate person would behave in a way to be polite to
everybody without the list, and inconsiderate person would ignore it
anyway.

I think simple "we respect everybody regardless of personal and group
identity" would be enough. Just as when we say we'd be polite we do not
list offensive words we don't use, when we say we'd be fair we shouldn't
list ways in which we won't be unfair. And even if we do give examples,
we should not pretend to have "complete" list.
-- 
Stas Malyshev
smalys...@gmail.com

-- 
PHP Internals - PHP Runtime Development Mailing List
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP-DEV] Specific incident in relationship to the proposed Code of Conduct

[Stanislav Malyshev]

Hi!

> I think we should have used temporary bans a bit more to cool down
> things. Including to myself along other.

Ban is a very dangerous thing, since it excludes people from discussion
thus preventing it from reaching a conclusion, achieving consensus and
closure, and it also hurts people and labels them ("ah, this guy who was
already banned stirs up things again? let's just ignore him, he's
obviously a troll"). Stopping discussion by ban breeds resentment on the
banned side and taints whatever the other side achieved with "if I only
were not banned, I would prove you are wrong". Of course, there might be
cases where behavior turns destructive to the point consensus just can
not be reached, but if the person is still committed to overall goals of
the project, neutral third-party moderation would usually help. Not 100%
of cases, but usually. At least that's my conviction.
So I think using bans more "to cool things down" would not be healthy.
Using neutral third party to advise people to cool down (and maybe take
a break) might be.
-- 
Stas Malyshev
smalys...@gmail.com

-- 
PHP Internals - PHP Runtime Development Mailing List
To unsubscribe, visit: http://www.php.net/unsub.php