Decide how to handle "controversial" events

[webchick]

Background/Context

From time to time, there's some kind of controversy around this or that tech event. Here's a recent / ongoing example:

https://www.404media.co/coding-unicorn-instagram-julia-kirsina-devternity/

TL;DR: An event organizer of several paid events was caught first adding fake women speakers to the speaker roster over multiple years to improve their gender balance, and then this article alleges they also are out there impersonating as a woman "influencer." There's a big dust-up about it right now on Twitter, and various people are choosing to withdraw their speaking / sponsorship at his events as a result.

This issue isn't about this particular organizer / set of circumstances / event(s), however. This is about planning ahead and thinking about how we want to deal with these kinds of things as a general practice in the future when they inevitably crop up, and also the comms plan when we inevitably get angry-tagged on social media about it.

(Once again, if OpenSSF / Linux Foundation already has a policy around this and we can just adopt it, we can just close this issue!)

Options

There are a variety of options we can employ when something like this comes up, or perhaps a combination of different options, depending on the scenario:

• Do nothing. OpenSSF's DevRel Community working group is here merely to provide resources to the community. Who chooses to use it and what events they choose to use it at doesn't bother us one way or another. The action plan here then would be to draft a policy that we can link to in the future to explain our stance.

• Handle each case individually. We wait for an issue complaining about this to be filed, and then as many as possible of a) the person filing the complaint b) a subset of working group members + c) the event organizer(s) + d) the prospective speaker(s) get into a virtual "room" and hash out a way forward. The comms plan would then be to post back to the GitHub issue summarizing the results of the conversation. This is a lot more effort, but hopefully instances are few and far between.

• "Deny List" certain events. We maintain a NOPE.txt or similar that contains a (hopefully small) list of events that we choose not to engage with, along with criteria on how one gets on (and also off) such a list. If we have any OpenSSF community speakers registered to speak at these events, we would request them to withdraw their OpenSSF session for risk of tainting the brand. (I don't think / believe we would want to be more heavy-handed then that?) The list is managed by PRs filed by either working group members or community members.

• [Your ideas here] :)

Thoughts?

[mattstratton]

Based on a chat @webchick and i just had, what might be interesting is to create the equivalent of a speaker rider that was for OpenSSF's participation in events. This would be public and then if an event does not meet the requirements of the "rider" then the participation would be pulled.

[kdruckman]

First, thank you @webchick for your ideas and outline. This is fantastic. And thank you @mattstratton for the link. Interesting idea!

I'm wondering where in the conversation we might think about the extent to which a presentation warrants an opinion from the OpenSSF, the DevRel committee, etc. At what point does the inclusion of an OpenSSF topic or materials provided by the OpenSSF rise to representing the OpenSSF? I'm thinking also of the difference between adding a slide mentioning OpenSSF work or projects vs presenting a talk that is wholly or largely covering something like Scorecard, or even presenting slides created by the OpenSSF DevRel group and meant to be shared.

This is not an area where I have much experience, and these are some questions on my mind. I agree that this topic will inevitably come up, and I appreciate bringing this up early on in our planning!