►
From YouTube: Weaving Safety into Fabric of Open Source Collaboration Emma Irwin (Microsoft) | OpenShift Commons
Description
Weaving Safety into the Fabric of Open Source Collaboration
Guest Speaker: Emma Irwin (Microsoft)
Host: Diane Mueller (Red Hat)
OpenShift Commons Briefing
#Transformation Friday
October 30, 2020
Additional Resources:
https://blog.mozilla.org/community/2020/09/10/weaving-safety-into-the-fabric-of-open-source/
A
All
right,
everybody
welcome
to
another
openshift
commons
transformation
friday
and
today
we're
going
to
talk
about
something
that's
near
and
to
dear
to
my
my
heart,
around
open
source
collaboration,
and
we
have
with
us
emma
erwin
from
the
open
source
program
office
at
microsoft,
formerly
from
from
mozilla
and
what
started
this
conversation
was
a
blog
post.
She
worked.
A
You
know,
places
where
we've
touched
and
interacted
with
and
collaborated
with
in
the
past,
and
the
work
that
emma's
done
has
been
instrumental
in
bringing
some
of
this.
This
conversation
to
light
and
to
making
sure
that
we
have
some
good
pieces
of
documentation
and
good
practices
for
open
participation.
A
But
safety
is
always
an
interesting
topic
and
I'm
just
going
to
have
emma
talk
a
little
bit
about
the
gist
of
what
was
in
her
blog
post
and
maybe
for
10
minutes
or
so
from
the
comfort
of
her
car,
where
she's
stationed
right
now
and
in
doing
all
that,
and
so
emma.
How
about?
If
you
introduce
yourself,
give
us
a
little
bit
about
your
background,
how
you
came
to
mozilla
how
you
ended
up
over
lovely
working
over
at
microsoft
now
and
we'll
just
talk
for
about
10
minutes.
B
Sure,
thanks
so
much
for
having
me
diane,
it's
a
real
honor
to
be
here
and
to
be
talking
about
this
particular
topic.
Thanks
thanks
for
the
invite
and
yeah
so
hi,
I'm
emma,
I,
as
you
mentioned,
started
kind
of
this
journey
around
our
topic
area
at
mozilla,
but
I've
been
a
part
of
open
source
for
probably
15
to
20
years.
B
I
started
off
my
career
as
an
engineer,
so
I
really
just
followed
my
kind
of
curiosity
around
how
things
were
made
and
and
and
as
I
became
more
advanced
in
my
career
and
hit
kind
of
those
glass
ceilings.
I
really
looked
to
open
source
as
a
way
to
learn
more
skills
that
I
maybe
didn't
have
the
opportunity
to
my
like
people.
B
Specifically,
I
I
always
mentioned
angie
byron
from
the
drupal
community
was
someone
that
inspired
me
early
on
that
I
was
able
to
go
into
communities
and
learn
and
and
build
new
things
was
really
cool,
so
open
source
really
was
a
venue
for
me
early
on
as
an
engineer
and
as
I
became
like
more
enamored
as
part
of
that
experience,
I
started
to
also
teach
others
how
to
get
involved.
So
that
became
sort
of
my
my
transition
to
mozilla
in
empowering
others
to
be
successful
in
open
source
projects.
B
I
became.
I
really
saw
the
transition,
especially
for
microsoft,
in
that
space
and
with
when
they
hired
stormy
peters
a
year
or
so
ago.
I
really
started
to
pay
attention
and
that
became
you
know
kind
of
the
next
place
I
wanted
to
be
and
to
to
contribute,
and
I'm
was
lucky
enough
to
to
have
that
opportunity
just
starting
recently
and
that's
how
I
got
to
where
I
am
now.
A
So
one
of
the
things
that
you
focused
on
in
in
this
article
that
really
struck
me
was
this
concept
about
why
people
who
are
participating
need
to
feel
safe
and
supported
and
empowered
in
their
roles.
You
know,
I
love
that
the
line
there
and
sort
of
the
four
areas
there
and
if
you
can
talk
a
little
bit,
maybe
about
these
four
areas
and
how
you,
how
you
see
that
being
playing
out
and
what
guidance
and
support
you
can.
B
Yeah
yeah,
so
I
think,
first
of
all,
like
maybe
historically
or
in
the
beginning,
in
open
thought
about
enforcing
acts
or
mozilla
brazil's
case
of
forcing
their
community
participation
guidelines
was
sort
of
fell
on
the
shoulders
of
the
community
manager
or
like
whoever
happened
to
be
at
the
helm
of
you
know,
maintainer
role
and
something
that
I
started
to
see
was
that
actually
this
was
an
unfair
burden.
Basically
on
those
people,
especially
if
they
weren't
experienced
in
open
source
or
the
you
know,
there's
things
they
hadn't.
B
B
This
is
really,
I
guess,
to
answer
your
questions
that
I
think
partnerships
are
key
in
organizations
and
when
I
say
partnerships
I
mean
like
you
know,
the
engineering
is
talking
to
hr
and
hr
is
talking
to
legal,
and
you
know
there's
this
this
circle
of
understanding
about
what
the
problems
are,
that
that
staff
are
facing
and,
of
course,
contributors
and
community
are
facing
and
then
to
to
strategize
how
we
might
best
solve
those
things
together.
So
safety
is
is
so.
B
These
are
the
the
the
four
areas
of
risk
that
we
identified
were
safety,
privacy,
legal
and
brand
and
in
some
ways
it
felt
kind
of
like,
like
the
empathy,
seemed
to
be
missing
by
categorizing
them
as
risks,
but
actually
that's
a
really.
I
found
that
was
actually
very,
very
empathetic
to
think
about
the
the
ways
that
people
might
be
harmed
and
the
organization
as
a
term
might
be
harmed.
So
safety
is
definitely
you
know
whether
we're
in
our
physical
spaces
or
online
like
safety
and
that's
psychological,
perceived
or
otherwise
right.
B
So
sometimes
people
get
caught
up
in.
Oh.
Is
that
actually
gonna
happen?
Are
they
really
gonna
get
dogs?
Is
that,
but
you
know
so
that's
a
part
of
safety
as
well
privacy,
of
course,
in
when
we're
you
know,
taking
reports
from
people
or
we're
storing
data.
You
know,
since
like
data
classification-
and
you
know
like
privacy,
is
something
that
that
permeates
all
different
areas
of
work.
Legal,
of
course,
is
you
know
applicable
laws.
B
For
example,
you
can't
have
you
can't
report
sexual
harassment
in
a
digital
format
in
india,
like
there's
like
these
really
like
interesting
laws
and
and
also
anonymous
reporting,
is
not
allowed
in
somewhere,
like
denmark,
so
understanding
all
these
different
things
that
can
be
risky
is
the
legal
category
and
of
course
brand
is
like
you
know.
If
you're
not
handling,
you
know
your
complaints
and
you're
not
supporting
your
staff.
A
B
A
Think
if
something
goes,
awry
yeah
reflect
badly
on
on
your
brand,
and
then
you
can
get
your
corporate
management
and
other
teams
involved
in
bet
doing
better,
partnering,
better
education.
You
touched
on
something
earlier
too
about
the
role
that
we
normally
in
open
source
projects,
the
role
of
the
community
manager,
especially
in
the
past
historically-
and
it's
still
true
for
a
lot
of
projects.
A
It's
lands
on
the
maintainers,
the
folks
who
are
leading
the
project
and
the
engineers,
and
I
think,
what
we're
seeing
in
the
arc
of
open
source
community
development
is
this
understanding
that
the
maintainers
maintain
and
that
for
the
most
part,
if
they're,
maintaining
from
an
engineering
perspective,
doing
code
contributions.
You
know
roadmaps
and
you
know
figuring
out
the
technology,
innovations
that
there's
a
new
role-
that's
sort
of
emerging.
B
A
In
an
open
source
project
and
that
recognizing
the
importance
of
other
roles,
we
talk
a
lot
about,
like
the
easiest
way
to
get.
A
contribution
is
maybe
to
to
onboard
to
write
documentation,
but
we
also
now
are
seeing-
and
I
talk
about
this
extensively
in
other
places-
the
rise
of
end
users
participating
side
by
side
in
open
source
projects.
A
I
was
just
talking
with
the
metal
cubed
folks
and
though
it
may
have
sprung
from
the
head
of
red
hat,
like
out
of
some
whatever
vendor's
head
and
got
put
into
a
the
sandbox
over
in
cncf.
It's
now
really
folks
from
erickson
an
end
user
community.
That's
that
are
that's
driving
that
project,
so
the
engineers.
So
you
have
this
other
thing
too.
That's
happening,
I
think
around
who's
participating
and
the
brand
piece
of
this,
which
I,
for
some
reason,
I'm
stuck
in
my
head
right
now
on.
A
B
Yeah
100
to
everything
you
just
said,
and
I
know
especially
at
microsoft,
like
you
know,
putting
developers
first
and
our
users
first
is-
is
central,
so
100
to
everything
you
just
said
and
and
that
building
those
safe
and
inclusive
places,
of
course,
directly
aligns
with
that.
Like
a
100,
what
you
just
said,
I
think
I
think
the
I
mean
I
think
if
the
question
is,
how
do
we
get
organizations
to
recognize
that
I
definitely
like
I
found
that
was
one
of
my
biggest.
B
Challenges
at
mozilla
initially
was
think
it's
important
for
people
to
be
safe
right,
no
matter
what
their
role
in
open
source
part
like
everyone
will
nod
and
say,
like
it's
important
that
you
know,
everyone
feels
safe
and
feel
inclusive.
You
know
like
that's
hard
to
get,
and
what
is
hard
to
get
sometimes
is
like
you
know,
those
parts
of
an
organization
are
coming
to
go.
Oh,
that's!
B
That's
me
that
should
own
that
right
or
that's
you
know,
or
that
this
isn't
something
that
can
just
be
like
a
nice
intention,
but
it
has
to
have
you
know,
for
example,
safety
at
mozilla
like
we
had
a
you
know,
a
safety
group
that
didn't
have
a
dr
dri
like
a
directly
responsible
individual
for
a
little
little
while,
and
so
what
that
meant
was.
You
know
like?
B
Yes,
there's
all
these
like
people,
you
know
from
info
security
and
hr
and
and
that
that
were
had
the
skills
and
capabilities
to
support
somebody
who
was,
you
know
in
some
way
threatened.
But
you
know
if
it
happened
on
a
saturday,
for
example
right
like
without
a
dri,
then
you
know
then
there's
a
chance.
I
mean
it
didn't
you
know
it
didn't
happen,
but
there
was
a
chance
that
you
know
we
might
fail
someone.
So
I
think
storytelling
is
probably
an
important
part
of
that.
B
A
You
touched
on
a
part
of
it
too.
That's
actually
interesting
to
me
is
the
hr
side
of
this.
So
in
the
past,
I've
been
like
in
open
source
events
or
just
tech
events.
There's
been
these
huge
con
conversations
around
codes
of
conduct
because
you
can
put
a
code
of
conduct
up
there
on
your
page.
Have
these
wonderful
words,
but
I
one
of
the
conversations
I've
I've
had
in
the
past.
A
Is
that
don't
put
it
up
there
unless
you
can
act
on
it
right
like
unless
you
let
the
dri
piece
that
you're
referring
to?
But
if,
if
it's
just
words
on
a
page
and
someone
and
there's
no
person
who's
going
to
take
responsibility
or
action
or
follow
up
on
it
with
the
right
skill
set,
then
that's
almost
worse
than
than
than
nothing
right.
B
Yeah,
it's
super
dangerous,
I
mean,
and
I
did
I
did
a
survey
in
2017
that
kind
of
informed
some
of
this
work
and
one
of
the
questions
that
I
asked
was,
and
we
surveyed
over
240
different,
open
source
projects,
and
we
had
like
75
of
those
who
opted
into
the
survey
were
themselves
an
underrepresented
group.
So
we
felt
like
did
a
good
segment.
B
You
know
the
fact
that
that
many
people
this
is
2017,
so
I'm
hoping
that
that
has
changed
since
then.
You
know
didn't
have
that
confidence
is,
is
alarming,
right
and
and
to
your
point
yeah
that
I
think
it's
great,
that
a
lot
of
people
threw
up
code
of
conduct
when
you
know,
but
the
enforcement
piece
is
really
critical
and
to
your
point
having
it
there
and
not
enforcing
it
is
actually
dangerous
for
folks.
A
Yeah
I've
seen
you
know,
and
I've
probably
been
guilty
of
it
in
the
past
too.
Until
I
chilled
until
someone
called
up
on
the
phone
and
said
this
happened
to
me,
and
then
it
was
on
me
to
figure
out
how
to
do
that
as
the
person
who
was
hosting
an
event.
So
that
was
you
know,
that's
been.
That
was
a
bit
of
an
eye-opener
too
for
me
and
enrolling
in
the.
I
think.
A
The
success
fast
factor
for
us
was
enrolling,
a
partnership
with
hr
and
making
sure
that,
like
whether
it
was
us
the
event
organizer
or
the
community
manager,
organizer
or
a
development
person
having
having
prior
to
the
event
or
be
prior
for
the
launching
of
the
community,
a
conversation
with
hr
about
what
will
we
do
if
someone
reports
right
now
that
the
the
workflow
even
to
get
it
down
to
breaking
that
down?
So
so,
if
we
put
an
email
here
who
is
going
to
answer
it?
A
Who
is
doing
that
and
I
and
I
think
since
2017
we-
I
am
probably
a
little
bit
prior-
that
we've
seen
the
hr
involvement
and
the
ensuring
that
there
is
like
a
you.
Were
talking
about
the
safety
committee,
there
is
a
group
who
are
on
standby,
for
if
this
happens,
hopefully
nothing
happens,
but
there
is
actually
a
body
there.
A
I
think
that
is
one
of
the
the
key
things
I
think
that
was
it
and
the
other
part
that
has
always
been
an
interesting
conversation
is
working
with
our
corporate
legal
teams,
because
then
there's
resp
you're
taking
responsibility
for
ensuring
the
safety
and
that
that,
maybe
it's
that
word
ensuring
right
that
you
will
you're
taking
responsibility
for
it
and
for
companies
and
organizations.
Whether
they're
vendors,
like
us,
that
put
on
these
events
or
cncf
foundations
and
linux
foundations.
A
They
might
not
have
had
this
conversation
yet
with
their
legal
or
their
hr
team,
and
so
everybody
is
at
different
stages
in
the
spectrum
and,
as
we
see
this,
what
I
keep
referring
to
as
this
huge
rise
of
end
users.
You
know
if
we
look
at
uber
donating,
lift
and
lift
donating
code
to
the
cncf
or
envoy
or
open
tracing
in
jager
or
spotify.
A
Some
of
these
are
newer
companies,
so
they
hopefully
come
out
of
the
startup
silicon
valley
point
of
view,
but
there
are
some
stuff
that's
coming
from
older
companies,
telcos
and
stuff
like
that,
where
they
don't
have
perhaps
as
strong
as
an
ospo
culture
or
support
network
internally
to
the
company-
and
you
see
this-
I
see
this
now
in
the
rise
of
open
source
program
offices
or
things.
Similarly,
named
inside
of
our
end,
users
and
companies
is
part
of
almost
as
part
of
the
digital
transformation
arc.
A
B
So
just
one
one
thing:
if
you
scroll
down
this
blog
post,
there's
like
three
circles,
there's
like
two
green
and
one
gray
and
that'll
help
me
speak
something
a
little
bit
later.
I
think
I
mean
I
think
if
I
understand
your
question,
it's
really
about
communi.
Getting
those
partnerships
to
happen
is
that
is
that
the
yeah.
B
Yeah,
okay,
so
I'll
just
say,
like
aside,
I
think
it'd
be
amazing
at
some
point.
If
organizations
like
mozilla
and
red
hat
and
other
should
get
together
and
produce
data,
because
I
mean,
of
course,
there's
nothing
like
data
to
get
people
to
get
on
board
right.
So
initially,
when
I
worked
on
the
on
our
hr
partnership
in
internally
to
mozilla,
you
know
what
I
brought
them
was
like
a
year's
worth
of
data
to
talk
about
okay,
so
here's
how
many
cases
we've
handled
as
like
the
community
focus
team.
B
B
So
that's
that's
a
number
that
hr
and
you
know,
hr
your
role
to
support
staff,
so
that
was
really
sort
of
helpful
in
the
narrative,
and
I
gave
a
couple
stories
about
what
what
those
types
of
how
those
played
out.
So
I
think
that
that
approach
is
really
good
and
if
you
don't
have
data
yet
then
this
is
why
I
think
at
some
point
it'd
be
awesome
if
multiple
organizations
could
get
together
and
do
some
of
that
storytelling,
maybe
we're
at
a
threshold.
B
Now,
where
you
know
the
the
privacy
of
those
folks
involved,
wouldn't
be
threatened,
of
course,
but
anyways
that
maybe
that's
a
little
bit
of
I've
heard
that
in
our
we
have
a
dni
and
open
source
telegram
channel.
That
folks
are
also
more
than
welcome
to
join
it's
like
a
bunch
of
different
open
source
communities
if
you're
not
already
part
of
it.
B
That
is
something
that's
come
across,
so
you
know
so
to
get
those
partnerships,
definitely
data,
definitely
showing
what
other
organizations
are
doing,
and
you
know
one
mistake
that
I
made
or
that
I
found
was
a
little
bit
it
didn't.
Work
is
trying
to
make
it
like
call
it
a
strategic
partnership
or
make
it
sound
like
a
really
weighty
thing
that
someone
had
to
add
to
their
workload.
B
Instead,
something
like
these.
The
three
circles
that
I've
that
are
on
the
screen
here
breaking
down
like
would
each
department
say
yes
right,
it
doesn't
have
to
be
in
like
a
big
set
of
okay
or
something,
and
so
this
was,
you
know,
employee
support.
You
know
it's
going
to
cover
that.
You
know
if
an
employee
reports
that
they're
going
to
acknowledge
the
experience
they'll
talk
to
their
manager,
the
manager
might
need
coaching.
B
You
know
let
the
employee
know
what
they'll
do
and
and
they'll
resource
for
support
and
they'll
also
invest.
You
know
cover
the
investigation,
that's
actually
a
whole
skill
set
right
like
you
know,
we
can
go
and
look
into
things,
but
I've
discovered,
you
know,
there's
a
whole,
probably
set
of
talented
people
in
your
organization.
There
were
trained
in
investigation,
so
that's
also
something
that
that
I
propose
the
hr
department
did
and
then
offering
our
support.
B
As
far
as
the
community
team
or
those
focused
on
external
contributors,
it's
like
you
know
we
can
work
on
system,
disabling
systems,
communication.
We
have
templates.
We
have
like
our
consequence
ladder,
which
shows
you
know
how
you
can
assign
a
consequence
and
really
like
making
them
feel
supported
at
the
same
time
as
asking
them
for
support.
I
think,
is
critical
and
then
again
just
not
making
it
sound.
Like
a
big,
weighty
thing,
that's
gonna!
You
know,
because
especially
I
think
in
the
current
economy
and
everything
you
know
making
it
sound
like
you
need.
B
A
Of
us
were
previously
software
engineers
on
other
projects,
but
we
didn't
maybe
and
most
of
us
who
are
engineers
when
someone
in
community
management
says.
Oh,
we
need
to
put
this
into
place
it
it.
On
top
of
your
engineering
role,
yeah.
That's
also
like
a
huge
ask.
So
it's
it's
it's
interesting.
It's
like
balancing
it
out
and
these
these
systems,
pretty
much
inside
of
every
company,
should
exist
already.
A
There
are
experts
in
this
at
your
company
somewhere
and
so
yeah,
and
but
I
think
that,
like
for
a
lot
of
new
projects,
it's
the
beginning,
awareness
that
this
has
to
be
part
of
their
thought
process
too.
So,
the
beginning,
yeah.
So
a
lot
of
the
focus
that
we
see
in
new
projects
that
that
arise
in
there
are,
like
you
know,
a
million
plus
github
repos
popping
up
now
out
there,
and
so
every
new
thing
is
we
we
tell
them
they
need
to
have
a
license
in
place.
A
A
And
we're
really
good
at
that
and,
like
I,
give
a
huge
shout
out
to
the
cncs
contributor
strategy,
sig
in
paris,
pittman
and
steven
augustus
and
josh
burkus
are
doing
great
work
around
that.
But
this
is
another
aspect
that
we're
putting
on
open
source
projects,
especially-
and
you
know,
and
part
of
the
reason
there
is
a
benefit
to
joining
a
foundation
because
they
have
this
infrastructure
in
place
and
they
can
add
that
to
your
your
processes.
A
So
the
burden
isn't
on
the
the
engineers
or
the
maintainers,
or
you
know
the
people
who
are
the
end
users
of
these
things.
So
you
know
I,
I
might
not
have
been
always
the
most
vociferous
supporter
of
foundations
in
the
past.
I
think
who
listen
to
me
might
hear
me
rant
and
rave
about
that,
but
the
price
that
we
as
vendors
pay
for
memberships
and
everything
else
supports
bringing
that
this.
A
So
these
sorts
of
infrastructure
and
support
systems
to
your
projects
so
yeah,
that's
another
aspect
that
people
don't
really
think
about
what
foundations
are
bringing.
So
I
yeah
and
kudos
to
them
to
doing
that
and
then
so,
if
you're
in
a
in
a
foundation,
look
to
that
foundation
to
see
what
their
processes
are,
if
you're
in
a
large
company
or
even
a
small
one,
talk
to
your
hr
folks
and
find
out
what
already
is
pre-existing
and
what
they
can
help
you
with
so.
A
So
you
don't
you're,
not
you're,
not
reinventing
the
wheel
here,
and
I
that's.
I
think,
what
I
thought
was
so
nice
about
this
blog
post.
Was
it
really
kind
of
mapped
out
where
we,
you
know
where
we
were
coming
from?
What
what
we
could
do
and
and
and
perhaps
you
talked
a
little
bit
about
in
the
blog
post-
about
the
program
for
enforcement
that
you
guys
put
in
place?
A
B
B
So
the
the
if
you're,
looking
for
metrics
around
code
of
conduct
enforcement
or
even
assessing
your
code
of
content,
that
you
can
go
to
the
chaos
project
and
look
there
you'll
find
there's
like
even
a
tool
we
built
to
to
look
through
anyway.
So
that's
to
your
point,
yeah
found
you're
doing
great
work.
A
Groups
are
are
absolutely
awesome,
looking
at
community
health
and
helping
build
out
best
practices
and
share
lessons
learned
and
actually
create
metrics
around
community
health
that
this
these
pieces
of
the
of
the
puzzle
is
there
yeah,
and
I
think
that
was
kind
of
where
I
was
moving
with
your
the
program
that
yeah
you
built
out.
So
maybe
I'll
slide
down
to
that,
and
so
you
can
talk.
B
About
a
little
bit
about
it,
I
mean
it
really,
it
was.
It
was
kind
of
cool,
I'm
not
sure
the
right
word,
but
when
we
really
stepped
back
at
the
end
of
this
viewing
over
the
last
two
years
was
building
a
program.
It
was
very
much
like
piece
by
piece,
and
so
you
know
the
components
of
the
program.
Our
enforcement
program.
Were
you
know,
policy,
obviously,
but,
and-
and
you
know
by
policy-
you
know
we're
talking
about
standards
like
a
code
of
conduct
or
our
community
participation.
Guideline
itself.
B
Are
you
know,
standards
and
policy,
and
and
not
just
that,
you
know
we
in
a
corner
of
the
project
or
core
of
the
organization,
say
matters,
but
that
others
recognize
so
that
you
know
the
fact
that
we
have
a
consequence
ladder
that
the
hr
department
is
also
using
when
they
are
making
recommendations.
You
know,
that's
a
policy,
that's
like
in
place.
The
the
code
of
conduct
itself
is
a
policy,
and
we
make
that,
what's
the
word
relevant
by
constantly
updating
it.
B
So
last
year
we
added
cast
to
that
after
we,
you
know
talked
to
somebody
forgetting
the
organization
name,
but
you
know
that
basically
opened
our
eyes
to
the
fact
that
cast
discrimination
was
a
thing
that
happens.
You
know
in
open
source
communities
and
what
that
looks
like.
So
we
added
that
so
always
updating
this
policy.
Internal
partnerships.
You
know
mostly
informal,
as
I
mentioned,
with
hr,
but
just
the
deliberate
the
those
partnerships
are
key.
So
that's
legal!
B
That's
working
with
safety,
that's
working
with
workplace
resources,
so
I
don't
know
what
that's
called
in
other
organizations.
But
you
know
people
who
work
in
offices
and
run
events.
You
know
having
partnerships
with
those
folks.
So,
for
example,
if
you
have
someone
that
has
been
banned
from
your
communities
that
turns
up
an
event,
you
know
having
that
partnership,
make
sure
that
that
is
stopped
in
its
tracks.
B
We
have
two
different
working
groups.
Speaking
of
tracking
data.
The
first
was
actually
merging
the
records
of
hr,
the
community,
the
community
records
for
violations
of
enforcement
and
legal
and
making
those
not
the
records
themselves
accessible,
but
making
sure
that
we
weren't
giving
moss
grants
or
hiring
people
or
giving
leadership
roles
to
people
who
might
have
been
you
know,
banned
from
the
community.
Something
we
recognized
early
on
was
that
we
had
scattered
records,
and
so
it
was
actually
possible
for
a
while
that
somebody
might
get
hired
being
banned
from
the
community.
B
B
Yeah
yeah,
and
so
under,
like
speaking
of
bringing
people
back,
that
would
fall
in
our
policy.
We
do
have
like
on
our
consequence
ladder.
We
have
temporary
ban
it's
level
five
or
six,
and
we
have
a
process
cpg
onboarding,
which
is
where
you
know
people
are
offered
to
come.
We
offer
to
bring
them
back
where
there's
my
phone,
where
they
have
to
have
a
conversation.
B
We
set
them
up
for
success,
it's
very
positively
oriented
but
also
might
have
some
restrictions,
and
so
we
do
we.
We
did
have
a
policy
for
that
which
is
about
a
50
50
success
rate.
The
last
time
that
I
checked
it,
so
the
other
working
group
is
safety.
So
we
have
you
know
if
someone's
being
doxxed
or
someone
you
know
feels
unsafe
or
like
we
have
infosec
and
hr
illegal
and
workplace
resources
and
all
like
the
c-level
people-
and
you
know
vps
on
that,
so
that
you
know
someone
emails,
that
we
can
act
quickly.
B
That's
the
other
working
group,
education.
We
have
two
courses
which
have
actually
been
really
critical.
The
first
is
for
staff,
and
it
just
covers
it's
like
a
first
aid
course
for
enforcement.
So
it's
not
like
teaching
people
to
be
very,
you
know
to
know
all
the
things
that
I
might
know
or
you
might
know,
but
that
they
know
okay.
This
is
what
how
you
take
a
report
and
you
don't
try
and
get
someone
to
change
the
story
and
you
you
know
you
make
sure
that
the
data
is
like
labeled
confidential.
B
There's
all
these
different
steps,
and
then
you
know
what
to
expect
and
yeah
and
their
role.
So
it's
very
very
first
aid.
We
even
have
like
infographic
what
to
do
by
like
p1
p2
p3,
four,
you
report
it.
You
tell
your
manager
something
they
can
print
and
put
on
their
wall,
and
we
had
eighty
or
eighty
eight
percent
of
our
community
facing
staff
and
their
managers
took
that
course
last
year.
B
So
that
was
a
huge
win
that
everyone
walking
around
knows
what
their
responsibility
is
and
what
to
do,
and
then
on
the
community
side.
We
also
had
a
training
course
that
mirrored
that,
but
it
was
for
community
managers
for
non-staff
community
managers
and
maintainers,
and
that
sort
of
thing,
so
they
also
knew
hey.
B
B
B
A
B
B
A
A
B
A
B
Yeah
so
yeah,
so
it's
my
third,
I
just
was
my
third
week
at
microsoft,
but
I
and
I'm
doing
a
lot
of
learning
around
like
how
does
you
know
what
I
just
built
it
at
mozilla
like?
Where
does
that
fit
in
microsoft?
Or
what
are
they
doing?
That
is
also.
This,
I
guess
is,
is
something
that
I've
answered
and
I've
been.
You
know
super
impressed
by
the
fact
that
internally,
there's,
you
know
open
source
champs.
B
So
there's
across
the
organization
which
is
really
big,
I
thought
mozilla,
you
know,
there's
lots
of
people
who
care
about
open
source
and
their
you
like
your
to
your
point,
the
users
of
their
open
source
software
and
just
the
the
ecosystem
overall.
So
the
program,
the
program
isn't
quite
like
this,
but
there
is
this
intention
across
the
organization
that
is
really
remarkable
and
I
feel
like
everything
is
being
handled
really
well
there
already.
B
I
have
to
get
kind
of
my
hooks
into
like
exactly
how
it
functions,
but
from
what
I
can
see
it's
well
in
hand
as
far
as
safety
goes,
and
that
is
in
law
and
that
there's
some
merging
culture
there
that
really
values
values
the
outcome
of
what
they're
building
for
their
customers
and
users,
but
also
the
the
broader
ecosystem,
so
that
the
partners
that
they
have
you
know
we're
part
of
lakes
foundation.
You
know
to
do
group
and
working
with
other.
B
I
think
it's
probably
one
of
the
the
more
remarkable
things
that
I
see
happening,
and
so,
while
mozilla
at
mozilla,
we
had
to
build
this
program
for
enforcement.
I
see
it
those
partnerships
as
being
a
so
really
they're
leveraging
each
other's
expertise.
You
know
outside
of
the
organization.
I
think
it's
really
exciting
to
follow
how
ospos
are
working
together
on
some
of
these
problems
and
like
I,
I
personally
had
been
doing
that
anyways
because
it
was
like
wow
like
who
would
have
thought
you
know
like
uber,
and
you
know.
A
B
A
Myself
for
that,
but
yeah
there's
when
I
go
back
to
this,
this
rise
of
the
end
user
participation
in
on
that.
So
we
who
have
been
in
vendors
that
have
had
huge
open
source
leanings
have
teams
of
people
doing
this,
and-
and
I
think
one
of
the
things
what
I'm
so
grateful
for
you
coming
here
today
is
being
able
to
have
this
conversation.
It
may
not
be
hallway,
like
at
conferences
where
we
share.
B
A
But
the
the
sharing
of
this
information
through
conversations
like
this
and
building
awareness
of
the
need
for
having
these
safety
nets
and
practices
and
processes
and
policies
in
place
as
new
companies
emerge
with
their
own
open
source
ones,
so
that
it's
more
than
just
talking
about
making
sure
that
there's
open
governance
and
the
right
license
is
picked
and
that
there
isn't
contributor
ladder.
All
of
these
things
are
incredibly
important
as
well,
but
this
is
the
other
side
of
the
coin,
and
I'm
glad
you
brought
up
chaos.
A
Some
of
the
roles
that
people
were
in,
but
folks
like
guido
and
others,
were
amazing
at
sharing,
sharing
the
spaces
and
creating
the
space
for
these
conversations,
and
I
think
that's
what
creating
spaces
to
continue
to
have
these
conversations,
whether
they're,
virtually
or
in
person
and
sharing
the
lessons
learned
in
the
stories
and
what
I'd
love
to
do
is
have
something
like
get.
The
the
apple
and
the
sales
force
and
the
in
the
vendor.
Ospos
together
and
the
linux
foundation.
Does
some
of
that
work.
A
B
B
I
mean,
I
think,
that
you
covered
collaboration
and
that
deliberate
sharing
of
things
you
know
if
you
write,
if
you
create
something
you
know
put
it
in
a
repository
and
the
mozilla
diversity
repository
like.
I
still
maintain
that.
So,
if
anyone
wants
to
improve
or
contribute
those
there,
I
guess
I
just
share.
Like
my
ambition.
As
a
closing
you
know,
we
keep.
A
A
I
think
we're
at
an
interesting
time
where
the
technology
is
broadening
the
access
to
participate,
but
it
also
makes
it
easy
to
violate
the
safety
rules
and
the
participation
rules.
So
there's
some
vigilance
there
and
some
systems
that
we
need
to
continue
to
put
in
place
and
continue
to
work
on
together.
So
yeah,
I'm
totally
grateful
for
you
taking
the
time
today
to
just
did
this
before
and
for
taking
the
all
the
work
that
you
did
at
mozilla,
bringing
it
to
microsoft
and
bringing
it
there.
A
That's
I
can't
wait
to
work
with
you
more
you're
gonna.
You
know
have
a
great
time
over
there
there's
some
wonderful
people.
Thank
you,
yeah.
Look.
I
look
forward
to
collaborating
with
you
and
and
and
bringing
the
ospo
folks
from
from
ibm
and
red
hat
together
and
and
maybe
having
sort
of
a
a
sharing
between
vendors
and
end
users,
who
are
saying
I'll
be
curious
to
see
is
how
that
difference.
Differentiates
too.