Cross-project-council: Balancing privacy vs. transparency for the travel fund

Created on 5 Nov 2019  路  18Comments  路  Source: openjs-foundation/cross-project-council

I'm stoked that the foundation has a travel fund. I think that's super important.

It's equally important that there's transparency in how those funds are attributed, used, etc.

But I'm uneasy for that transparency to come at the cost of the privacy of those that benefit from those funds.

I'm concerned that having this data public could do them a disservice, e.g. when negotiating a salary or client work.

Similarly, for those whose request is rejected in public, this can feel humiliating.

I'm sure there are solutions that would better balance the privacy of contributors requesting travel funds and transparency requirements.

governance

Most helpful comment

I see a strong -1 sentiment to my proposal from the community of people actually doing the work, so I'll rescind it.

I do want to point out that we haven't really heard from the community of people you're trying to help with this, and in particular from those who are deciding not to get involved precisely because of the privacy problem I outline. Please do keep an eye out and an open mind for contributors expressing such concerns and revisit if you do. Thanks.

All 18 comments

Similarly, for those whose request is rejected in public, this can feel humiliating.

This seems like something we can prevent by setting clear rules about who is eligible for the travel fund and who isn't.

Similarly, for those whose request is rejected in public, this can feel humiliating.

In the past there have only been a few cases of this and I think they were handled in a manner to minimize that aspect.

I wonder if a survey in which we ask about concerns related to the fund being public would help. As you say its a tradeoff and before we reduce transparency and add more work for those managing the fund it would be good to understand if those who will use the fund see it as a concern or not.

This seems like something we can prevent by setting clear rules about who is eligible for the travel fund and who isn't.

In the Node.js project we outlined pretty direct rules and guidelines about who was eligible and for what, but there were absolutely occurrences where folks either did not understand or thought they found relevant exceptions. I think that no matter how much we document, there鈥檒l still be outliers.

I wonder if a survey in which we ask about concerns related to the fund being public would help.

I am concerned that we鈥檇 only get a homogenous response and not one from the folks who would actually be impacted by this. If we do go this route, I鈥檇 ask that we ensure we鈥檙e sufficiently understanding if the responses are representative of the diverse audience who could be negatively impacted in the ways described in the OP.

I'm not sure it would be such big of a problem. It worked extremely well for the last few years, and no one complained. Is this theoretical or have you got a real-life example?

Why would it be a disservice when negotiating?


Similarly, for those whose request is rejected in public, this can feel humiliating.

I think the best course of action is to amend the docs so that it states "in doubt, open an issue or contact [email protected] before making any reservations". We really do not want people being rejected in public - on the other hand it's up to them to know if they are eligible or not.

I'm not sure it would be such big of a problem. It worked extremely well for the last few years, and no one complained. Is this theoretical or have you got a real-life example?

The first and only interaction I had with the travel fund was to reject the request of someone. :)

Unless there's a safe and private way for people to complain about this, we can't expect to find out whether people are complaining about this. And even if there were such a system, how do we know people would feel confident complaining to an org that's not respecting their privacy in the first place?

A privacy-respecting solution can be as simple as setting up a Google form or similar, and the transparency requirements can be fulfilled by releasing a few data points yearly.

I think that will complicate approval of the request as right now it does not need any special permission and can be easily linked & forwarded. I'm -1 in changing the process for now.

I'm happy to add a private channel to provide feedback on the travel fund.

I think that will complicate approval of the request

I assumed the concern was one of transparency, not conveninence for the people having to handle it. I understand we're all busy, but I don't think this is a reason to disregard people's privacy.

Some underepresented minorities are actively persectued in some countries. Just asking them to be public about the fact that they identify as such might put them at risk.

I'm pretty sure we can find options that help address usability concerns for those having to make the decisions while being more respectful of people's privacy while making sure that a fund designed to improve inclusivity isn't excluding people because of how it's implemented.

I strongly disagree in making the travel fund management private. Tracking the funds in public makes it easy to verify who is elegible, as somebody can send a link and verify the person membership in a specific project. It also makes it fair, as we can all see whoever used the funds in the past.
I think that publishing the fact that somebody used the funds to go to XYZ is important and part of the tradeoff when requesting the funds.

What if only the approval process was private? For instance, the process could be

  1. Send an email to some group email address for approval.
  2. When approved, open a PR.
  3. Continue as normal.

Why is it particularly humiliating to be told you do not meet explicit eligibility requirements? I don鈥檛 think any of them are qualities of character, for example.

In the Node.js project we outlined pretty direct rules and guidelines about who was eligible and for what, but there were absolutely occurrences where folks either did not understand or thought they found relevant exceptions. I think that no matter how much we document, there鈥檒l still be outliers.

@bnb can you point me to these guidelines? I am asking because I wonder if it makes sense to somehow connect this to the governance of each project. There are a lot of projects that define different types of contributors to which the governance can say: if you are this person (e.g. a Node.js collaborator or higher) you will be automatically eligible to access travel funding. For all other cases (e.g. someone has made a lot of contributions but hasn't been elected to a higher status yet) every project could nominate a contact person that people can contact privately to ask if funding request would be accepted or not. This way every project defines a clear barrier while at the same time allows to privacy when acceptance is in doubt.

I think it would be good to have a way (contact person) for new people to privately ask if they are eligible for travel funds or not before opening a PR in public.

I'm not sure it's as clear as it once was for Node.js. At one, you point need to be an individual member of the Node.js Foundation to use the travel fund. Individual membership was free for those who were members of the Node.js org. With the merger, I'm not sure individual membership (or at least the ability to sign up) is still working (see https://github.com/nodejs/admin/issues/445#issuecomment-567211536).

This is something we need to improve. I agree that each project likely needs to set the qualifications and how they are validated and that needs to be documented somewhere relatively easy to find.

It's working but it's limited to Node, and it requires people to request a discount code from me, and that system is in the process of being sunset. It's the CPC's call of course, but if I were designing a travel request system today, it... probably isn't something I'd recommend including.

If it were me, I'd recommend streamlining the application process by creating a straightforward, crisp PR template that collects the requestors' applications, and then leave it at that. It encourages consistency and will make requests easier to review in light of all other approvals. And finally, these written responses are likely going to be more informative than whether the requestor has registered as a member in an arbitrary system somewhere.

Also, not related to this thread but related to the topic of streamlining processes, would the CPC consider simplifying the approval file (e.g., 2020.md)? That's a pretty gnarly table to manage in markdown, the columns tend to get misaligned easily... :-)

I'd definitely be -1 on making any part of the request and approval process private. Rejections may feel crappy to the person doing the rejection but they're nothing personal and should only ever be done when eligibility guidelines aren't met -- and they should be communicated as such with clear explanation about why. Transparency in this kind of process is essential and we shouldn't step back from it.

I see a strong -1 sentiment to my proposal from the community of people actually doing the work, so I'll rescind it.

I do want to point out that we haven't really heard from the community of people you're trying to help with this, and in particular from those who are deciding not to get involved precisely because of the privacy problem I outline. Please do keep an eye out and an open mind for contributors expressing such concerns and revisit if you do. Thanks.

@tobie will keep an eye out and if you talk to people who have concerns or who are applying because its public please ask them to talk to me or Joe.

Was this page helpful?
0 / 5 - 0 ratings

Related issues

joesepi picture joesepi  路  5Comments

MylesBorins picture MylesBorins  路  6Comments

joesepi picture joesepi  路  3Comments

tobie picture tobie  路  4Comments

christian-bromann picture christian-bromann  路  8Comments