we need some written expectation of responsiveness, as this would help people assess whether they can help. For instance for rOpenSci software review for most things, we sort of expect answers within one week or so.

This seems trickier for R-multiverse because we don't have a system for explicitly delegating package reviews at https://github.com/r-multiverse/contributions or responses to questions at https://github.com/r-multiverse/help/discussions. Do we want to say that moderators and admins collectively as a team should respond within a week? Does this belong in https://r-multiverse.org/contributors.html instead?

Maybe? My worry is that the docs for moderators have no rough estimate of the workload that the role would entail. Maybe there could be a rough estimate, and also the idea of a trial period after which the moderator can decide it's too time consuming?

What if the moderators tell us up front how many hours per week or month they can volunteer, and what they'd be willing to do? Some could stick to reviewing packages (or only certain kinds of packages) while others could just comb the help forums.

I think this right-sized approach can work because there are so many stopping places: there is very little to check when reviewing a package manually, and for a knowledgeable package developer, I think most reviews will end up taking less than 15 minutes. And they can always contact us for help on difficult cases. Feedback on the forums feels similar. By contrast, an rOpenSci package review is a serious investment of time and critical thinking, and it's either all complete or unfinished.

I think the expectation is that any leftover work will fall on the admins.

I have seen this low-pressure leave-anytime model work well for environmental volunteer groups.

Would we need to record this information anywhere except the web form responses?

how would we keep track of individual reports?

I hadn't thought of that. Should we? IIRC rOpenSci has a code of conduct violation reporting policy, right?

The mechanism for blocking a package is writing free-form text in the package listing to explain the situation. I did this recently with DEPAHRI because the package does not have a serious license and I did not hear back from the authors: https://github.com/r-multiverse/contributions/blob/main/packages/DEPAHRI. Do we need something more centralized, or something that doesn't require blocking a specific package?

What I mean is that if an individual moderator makes a report of a violation to GitHub, then how do other moderators know it's been done?

Would a public GitHub discussion be enough? I think our governance promises open communication, which would point us to https://github.com/r-multiverse/help/issues and/or https://github.com/r-multiverse/help/discussions. From r-multiverse/help#77, it seems like @shikokuchuo may prefer not to make exceptions for these cases, and this is my view as well.

Yes as long as this does not make the person who does the first report and tracks it a target of vengeance (a bit paranoid 😅)

I think these docs should emphasize that a moderator can consult an admin if there is concern about whether or how to post a report.

Open reporting is valuable from a security standpoint: contributors and maintainers will hesitate to act maliciously if they know their actions will become public knowledge. I feel like this should be part of one of our policies somewhere. I will think about it and post a proposal.

Added 7c1c4ff to edit the reporting guidelines:

Each incident, the actions taken to respond to the incident, and the resolution must be reported as an issue at https://github.com/r-multiverse/help/issues with the label "policy violation".
If you do not feel comfortable taking direct action yourself, contact an administrator immediately and ask the administrator handle the situation.

On second thought, some types of policy violations require discretion. In particular, code-of-conduct-related matters can be sensitive. Maybe we need a separate confidential forum for this which includes moderators and admins.

Just posted r-multiverse/help#117

should we have a group email address? which wouldn't prevent people from reaching out first to the one administrator they know best to ask questions.

I would prefer we do not merge this PR before we have a volunteering form (whose questions we'd make available outside of the form for those preparing answers in advance) as a free-text volunteering email is stressful and rather unfair as some people are better at this without this meaning they'd be better/worse moderators.

should we have a group email address?

I'm not sure. I actually like not having one because it nudges more of the communication out in the open.

I would prefer we do not merge this PR before we have a volunteering form

Happy to write one. How are these forms typically deployed?

At rOpenSci we use Airtable, maybe (probably) the free plan could be enough for this. https://airtable.com/pricing

Alternatively there's Google Forms but not everyone likes Google.

These are just the ones I know.

Google Forms looks more convenient and easier to use. Do you have a preference?

Also, from https://r-multiverse.org/governance.html#communication:

Communication is always done publicly via GitHub, and all decisions related to the project are made in public.

An exception exists for confidential security and conduct-related matters, for which there is a private GitHub repository accessible by administrators only. The use of this private repository ensures that even confidential conversations remain accountable and auditable.

Do we also need to mention that survey responses and on-boarding issues for moderators will be confidential (only admins will know)?

Do we also want another confidential repo (e.g. https://github.com/r-multiverse/moderation) to track moderator-related matters? We could include a table of metadata on moderators there: hours volunteered and areas of expertise. Also could include confidential discussions about how to handle policy violations, on the grounds that the results will become public as soon as it is safe to do so. This way moderators could more easily ask for help from other moderators in addition to admins. And it's more auditable than a confidential moderator-to-admin email.

Added 88c53cd to propose questions for the web form. I can create the form itself when we agree to merge this PR.

We could include a table of metadata on moderators there: hours volunteered and areas of expertise.

Maybe we can avoid recording hours in a separate place? And track expertise and affiliations at https://r-multiverse.org/team.html?

Is there a code of conduct committee? Is the CoC also reinforced by moderators? There is a process for reinforcing the CoC? How do moderators know when someone violates the CoC more than once?

b3973ec references the enforcement policy in the code of conduct. Beyond that, I think CoC enforcement and general policy enforcement both need more planning. I will open an issue at https://github.com/r-multiverse/help/issues.

Posted r-multiverse/help#117