- Purpose and Summary
- Jurisdiction of Project CoC Responders
- Jurisdiction of the CNCF Code of Conduct Committee
- Jurisdiction of The Linux Foundation
- Joint Jurisdiction of the Linux Foundation and CNCF
- Legal Risk Analysis
- Central Recordkeeping and Notification
- Licensing
This policy outlines which of the following incident response teams has jurisdiction to resolve reported Code of Conduct (CoC) violations:
- The Linux Foundation (including the Linux Foundation Events team)
- CNCF Code of Conduct Committee (“CNCF CoC Committee”)
- Project-level Code of Conduct responders
In general:
- Project-level CoC incident responders (e.g., the Kubernetes Code of Conduct Committee) resolve incidents that occur entirely within the project, with some exceptions.
- The CNCF CoC Committee resolves incidents that are project-agnostic, that impact multiple CNCF projects, or that occur in projects that do not have their own designated CoC responders, with some exceptions.
- The Linux Foundation (including its events team) resolves most incidents that take place at or in connection with events that are produced by the Linux Foundation (including CNCF events) and incidents with a heightened risk of legal action or liability.
- Some incidents are jointly resolved by the Linux Foundation and CNCF CoC Committee.
Projects that have their own designated Code of Conduct (CoC) responders have jurisdiction over alleged violations that occur entirely within the project, except when transfer of an incident is required below.
Project-level Code of Conduct responders shall promptly transfer a reported incident to the CNCF CoC Committee if any of the following are true:
- The incident is project-agnostic or impacts multiple CNCF projects.
- A majority of project-level Code of Conduct responders have hard conflicts of interest (as described in the Conflict of Interest Policy).
- Laws or regulations may have been violated.
- The incident or its resolution is likely to expose CNCF, the LF, or CNCF project or community leaders (including the CNCF CoC Committee or other CoC responders) to legal risk or liability as determined in accordance with “Legal Risk Analysis’ below.
An involved party (a reporter, a person who was targeted or harmed by the incident, or the accused person) can appeal a decision of project-level CoC responders to the CNCF CoC Committee. The CNCF CoC Committee may reverse or overturn a Project-level decision regarding a CoC incident only in the following circumstances:
- The Project-level CoC responders lacked jurisdiction and were required to transfer the incident to the CNCF CoC Committee per “Transfer by Project CoC Responders” above;
- Individuals who have hard conflicts of interest (see the Conflict of Interest Policy) decided the outcome of the incident;
- The Project-level responders did not conduct a fair evaluation of the incident (e.g., they failed to review relevant evidence that was available to them);
- The Project-level responders violated applicable policies or procedures of the project or of CNCF, or violated applicable laws, when responding to or resolving the incident;
- The outcome is grossly disproportionate to the alleged misconduct (e.g., permanent ban for an single instance of minor misconduct with a low probability of recurrence) or grossly inadequate to protect the community from further harm (e.g., mere warning to an individual who continues to engage in severe misconduct that endangers the safety of others).
The CNCF CoC Committee has jurisdiction over alleged violations of the CNCF Code of Conduct that meet any of the following criteria:
- The incident occurred in a project that does not have its own project-level Code of Conduct enforcement team.
- The incident is project-agnostic or impacts multiple CNCF projects.
- The incident was transferred to the CNCF CoC Committee by a CNCF project.
The CNCF CoC Committee will transfer an incident to the Linux Foundation if any of the following are true:
- The members of the CNCF CoC Committee who are available to resolve the incident do not meet the following minimums: (a) there must be at least one committee member with no hard or soft conflicts of interest and (b) there must be at least three committee members with no hard conflicts of interest. See our Conflict of Interest Policy for a description of hard and soft conflicts.
- The incident impacts one or more LF communities besides CNCF.
- The incident or its resolution is likely to expose CNCF, the LF, or CNCF project or community leaders (including the CNCF CoC Committee or other CoC responders) to legal risk or liability as determined in accordance with “Legal Risk Analysis’ below.
If an incident is reported to the CNCF CoC Committee that falls under the jurisdiction of project-level responders, the committee will transfer resolution of the incident to the project-level responders.
The Linux Foundation (which includes the LF Events team), has jurisdiction over the following incidents:
- Alleged violations of the Linux Foundation Events Code of Conduct, including violations that occur onsite at a Linux Foundation-produced event.
- Incidents that are community-agnostic or impact multiple LF communities (not just CNCF).
- Incidents that are transferred to the Linux Foundation by the CNCF CoC Committee.
The Linux Foundation does not have jurisdiction over incidents occurring at events or activities that the Linux Foundation does not itself produce or host. For example, incidents occurring at local meetups organized by CNCF Ambassadors are under the CNCF CoC Committee’s jurisdiction rather than the Linux Foundation's jurisdiction.
If both LF and CNCF have jurisdiction over an incident as described above, LF and the CNCF CoC Committee will collaborate to jointly resolve the incident.
However, if any of the following circumstances applies, the Linux Foundation may take action to resolve the Code of Conduct incident independently without consulting the Interim CNCF CoC Committee:
- Immediate action must be taken in order to prevent harm or otherwise resolve the incident (e.g., removing someone who is threatening violence from an event).
- The incident arises solely from complaints about an event vendor, sponsor, or exhibiting company, and does not involve complaints about any individual community member’s conduct.
- Even if all allegations contained in an incident report were true, it is clear at the outset that the incident would not constitute a violation of the CNCF Code of Conduct (e.g., if the incident occurred entirely outside of the CNCF community).
- The incident has been resolved through conversations with or between the involved parties.
- The incident exposes LF or CNCF employees to workplace safety risks or other potential harm.
- The incident might involve violation of applicable laws or regulations.
- The incident or its resolution might expose CNCF, the LF, or CNCF project or community leaders (including the CNCF Code of Conduct Committee) to legal risk or liability as determined in accordance with “Legal Risk Analysis’ below.
In the event that the Linux Foundation takes independent action to resolve an incident in one of the situations described above, the Linux Foundation shall provide the CNCF CoC Committee with a brief summary of the incident and steps that were taken to resolve the incident. The CNCF CoC Committee may, in its discretion, take additional action to further investigate, respond to, or resolve the incident.
Incident responders will promptly consult LF legal counsel if they become aware that any of the following risk factors exist,
- Any involved party sustained or claims to have sustained physical injury as a result of the incident;
- Any involved party threatens to file a lawsuit or take other legal action;
- Any involved party or witness has reported the incident or communicates that they intend to report the incident to law enforcement or another governmental agency;
- Any involved party notifies the CoC responders that they have hired or will hire an attorney to represent them with respect to the Code of Conduct incident or investigation;
- An involved party may have a legal cause of action arising from the incident; or
- Any applicable laws or regulations were violated or are suspected to have been violated.
LF legal counsel will determine whether the incident is likely to expose CNCF, the Linux Foundation, or CNCF project or community leaders to legal risk or liability and must therefore be transferred to the Linux Foundation for resolution.
Incident responders must also consult LF legal counsel prior to taking any of the following actions:
- Banning or suspending an individual from a project or community space for a duration that is longer than two (2) months;
- Publicly communicating the name or identity of an individual who was accused of violating the Code of Conduct.
If none of the Risk Factors above are present, and the incident responders are not planning to undertake any of the Remedies Requiring Legal Consultation, incident responders are not required to consult with LF Legal Counsel.
LF Legal counsel can be contacted at coclegal@linuxfoundation.org.
To ensure that there is a central repository of data regarding Code of Conduct incidents across all CNCF projects that can be checked to determine whether an accused person is a repeat offender, Project-level incident responders shall promptly notify the CNCF Code of Conduct Committee of any incident that is reported to them even if it is not transferred to the CNCF Code of Conduct Committee. The Project-level incident responders shall provide a brief summary of the nature of the alleged violation and the name of the accused person (but do not have to provide a copy of the full incident report or the identities of the reporters, witnesses, or persons allegedly harmed or targeted), and the CNCF Code of Conduct Committee shall in response notify the project-level Code of Conduct responders if the accused individual has a record of prior violations. When the incident is resolved, the Project-level incident responders shall notify the CNCF Code of Conduct Committee of whether a violation was found and if so, what remediation steps were taken. All information in the central repository shall remain confidential under the Confidentiality Policy and only be shared with other CoC responders in accordance with the Information Sharing policy.
Any amendments to this Jurisdiction Policy must be approved by CNCF and the Governing Board.
This document is licensed under the Creative Commons Attribution 4.0 International License.