Governance Documents

• Steward Code of Conduct
• Responsibilities and Processes for Website League Keyholders

Steward Code of Conduct

Ported from the original document on Feb. 9, 2025.

Our Pledge

We as members, contributors, and leaders pledge to make participation in our community a harassment-free experience for everyone, regardless of age, body size, visible or invisible disability, ethnicity, sex characteristics, gender identity and expression, level of experience, education, socio-economic status, nationality, personal appearance, race, caste, color, religion, sexual identity and orientation, any other born or inherent characteristics.

We pledge to act and interact in ways that contribute to an open, welcoming, diverse, inclusive, and healthy community.

Scope

The Steward Code of Conduct applies within all League governance spaces, and also applies when an individual is officially representing the community in public spaces. Examples of representing our community include communications in open League infrastructure (including but not limited to Coordination, Consensus, and Broadcast), and in publicly visible conversations relating to matters of League governance. Behaviour outside of League governance is covered by the League Community Code, not this document.

Our Standards

Examples of behavior that contributes to a positive environment for our community include:

• Demonstrating empathy and kindness toward other people.
• Being respectful of differing opinions, viewpoints, and experiences.
• Giving and gracefully accepting constructive feedback.
• Accepting responsibility and apologizing to those affected by our mistakes, and learning from the experience.
• Assume good faith in evaluating reasonable critique, unless that assumption is proven to be unwarranted.
• Focusing on what is best not just for us as individuals, but for the overall community.
• Responding in a timely and just fashion to reports of bad conduct, in order to ensure our compliance with these standards.

Examples of unacceptable behavior include:

• The use of sexualized language or imagery, and sexual attention or advances of any kind.
• The use of any language commonly considered to be derogatory toward any member of the aforementioned minority groups, including slurs and stereotyping.
• Trolling, insulting or derogatory comments, and personal attacks of any kind, directed at anyone.
• Public or private harassment.
• Publishing others' private information, such as a physical or email address, without their explicit permission.
• Other conduct which could reasonably be considered inappropriate in a professional setting.
• Conduct which violates the consent or boundaries of others.
• Serious violations of the League Community Code.
• Extraordinarily egregious conduct inside or outside the League that is prima facie incompatible with a Steward’s continued collaboration with other Stewards, their ability to deal with other League users, or their ability to perform their responsibilities as a Steward in a fair and just fashion. (This is the broken stair clause.)

These standards apply to any use of League centralized governance communications infrastructure, and to publicly accessible words and actions related to League governance concerns. Publicly accessible, in this case, means in avenues that may be viewed by any given person without permission or prior notice, and with or without login in venues that allow account approval for the general public.

Enforcement Responsibilities

The Conduct Working Group is a body of Stewards who have demonstrated the ability to approach and resolve conflict in a professional fashion, without lashing out or acting in anger. Approval of members of the Conduct Working Group is by consensus vote of active Stewards, given the responsibility placed upon them. The CWG must consist of 3 or more Stewards, preferably an odd number; in the event of a tie due to an unfilled position or recusal, decision responsibility will fall to the Stewards as a whole, excluding any directly involved parties.

The Stewards as a whole, and the Conduct Working Group in specific, are responsible for clarifying and enforcing our standards of acceptable behavior and will take appropriate and fair corrective action in response to any behavior that they deem inappropriate, threatening, offensive, or harmful.

The Stewards and Conduct Working Group have the right and responsibility to remove, edit, or reject comments, commits, code, wiki edits, issues, and other contributions that are not aligned to the Steward Code of Conduct, and will communicate reasons for moderation decisions when appropriate.

As with the League Community Code, this document is to be interpreted by the rules laid out in the League Interpretation Code. To stress, this includes interpreting it based on the following, in descending order of priority:

1. The spirit of its contents and the underlying values which produced said contents, considered in light of how those values and that spirit have evolved during the League’s existence.

2. Avoiding blatantly unreasonable conclusions and outcomes.

3. The plain and ordinary meaning of the text of the Referring Document, in light of the differing backgrounds from which its drafters and editors have come and not in a manner which enables pedantry, obfuscation, or obstructionism.

4. The above bases of interpretation as applied to all other Binding Documents to the extent that such is necessary to unambiguously interpret this document.

Enforcement

Instances of abusive, harassing, or otherwise unacceptable behavior may be reported to the Conduct Working Group responsible for enforcement at conduct@websiteleague.org. All complaints will be reviewed and investigated promptly and fairly.

All community leaders are obligated to respect the privacy and security of the reporter of any incident. Discussion of a report is to be conducted in a limited-access Coordination channel.

Members of the Conduct Working Group must ensure they investigate reports with the goal of ensuring that League collaborative spaces remain a safe and healthy environment. Any investigation must be conducted with a goal of conflict resolution and mutual understanding, and approached with as much kindness and respect toward all involved parties as possible, except in the case of clear and obvious malice.

Any member of the Conduct Working Group who finds they cannot maintain a calm and levelheaded approach must recuse themselves from the case at hand. Members of the Conduct Working Group may force a recusal of another party via a simple majority vote.

Anyone in the Conduct Working Group involved in a conflict under investigation, or with close personal ties to parties in a conduct under investigation that may affect their impartiality, must recuse themselves. In the event a conflict involves a majority of the Conduct Working Group, responsibility falls upon the body of active Stewards as a whole.

The Stewards as a whole are to make the best effort possible in appointing minorities to the CWG. In the event that a conflict involves a minority issue where no members of the Conduct Working Group are a member of that minority, the Conduct Working Group must seek outside advice.

Enforcement Guidelines

Community leaders will follow these Community Impact Guidelines in determining the consequences for any action they deem in violation of the Steward Code of Conduct:

1. Correction

Community Impact: Use of inappropriate language or other behavior deemed unprofessional or unwelcome in the community.

Consequence: A private, written warning from the Conduct Working Group, providing clarity around the nature of the violation and an explanation of why the behavior was inappropriate. A public apology may be requested. In the event of a conflict within the body of Stewards, involved parties may be requested to take part in a mediation or conflict resolution procedure.

2. Warning

Community Impact: A violation through a single incident or series of actions.

Consequence: A warning with consequences for continued behavior. No interaction with the people involved, including unsolicited interaction with those enforcing the Steward Code of Conduct, for a specified period of time. This includes avoiding interactions in community spaces as well as external channels like social media. Violating these terms may lead to a temporary or permanent ban.

3. Cooling-off period

Community impact: A single incident or series of incidents that show that a Steward is either under extreme stress, or is suffering extreme stress due to their role as a Steward, in a way that impacts their own or others' ability to healthily and productively accomplish their work as a Steward.

Consequence: An enforced break from the responsibilities of Stewardship. This should be utilized in cases where someone has demonstrated a track record of useful work, but whose condition has changed in such a way as to be unhealthy for them or others should their participation continue in that fashion. The Steward is placed on the roll of inactive Stewards for a period ranging from days to months, at CWG discretion, and is expected to adhere to this. In the event the Steward in question has assumed responsibility for a critical task or role, they must make this clear and that responsibility must be passed to others for the duration.

This must be approved by a two-thirds vote from the body of active Stewards.

Call it an enforced vacation.

4. Dismissal from Stewardship

Community Impact: An egregious incident or a pattern of behavior which demonstrates an inability or unwillingness to productively and calmly resolve interpersonal conflict in their role as a Steward, or which interferes with the ability of the Stewards to run the Website League in a healthy and productive fashion.

Consequence: The steward is removed from League stewardship, without prejudice; if they wish to rejoin the Stewards in the future, the ordinary Stewardship nomination and vote process applies. The responsibilities of the removed Steward must be assigned to other Stewards.

This must be approved by a two-thirds vote from the body of active Stewards.

5. Temporary Ban

Community Impact: A serious violation of community standards, including sustained inappropriate behavior.

Consequence: A temporary ban from any sort of interaction or public communication with the community for a specified period of time. No public or private interaction with the people involved, including unsolicited interaction with those enforcing the Steward Code of Conduct, is allowed during this period. Violating these terms may lead to a permanent ban.

This may be applied as an emergency measure to halt extreme and obvious misbehavior while the Conduct Working Group (or other responsible group) conducts an investigation.

6. Permanent Ban

Community Impact: Demonstrating a pattern of violation of community standards, including sustained inappropriate behavior, harassment of an individual, or aggression toward or disparagement of minority groups and members of same.

Consequence: A permanent ban from any sort of public interaction with League governance, including all infrastructure. This may also be accompanied by a League-wide ban, as implemented by individual site staff. This must be approved by consensus vote of active Stewards.

Attribution

This Code of Conduct is a modified version of the Contributor Covenant, version 2.1, available at https://www.contributor-covenant.org/version/2/1/code_of_conduct.html.

Community Impact Guidelines were inspired by Mozilla's code of conduct enforcement ladder.

For answers to common questions about this code of conduct, see the FAQ at https://www.contributor-covenant.org/faq. Translations are available at https://www.contributor-covenant.org/translations.

Responsibilities and Processes for Website League Keyholders

Ported from the original document on Dec. 13, 2024.

Last updated: 2024-12-13

Rationale

To facilitate collaboration between Stewards, as well as to ensure all users have visibility into the workings of the Website League, the League operates a set of central, self-hosted services. The nature of these services requires a heightened level of trust in people that are given full administrative access to them, as a bad actor could use that access for a variety of malicious purposes (changing access permissions for various users, exfiltrating user data stored on central infrastructure such as emails, messages (both public and private), etc.).

In mitigating this risk, we introduce the concept of a “Keyholder” role. Keyholders are designated Stewards who have full administrative access to central infrastructure services, and are tasked with ensuring that infrastructure remains operational, secured, and up to date. The set of Keyholders should ideally remain limited to minimize the attack surface of central infrastructure, and Keyholder status should only be granted to people who can be trusted with its sensitive nature.

While Keyholders are trusted with access to more of the Website League’s infrastructure, this should not elevate them beyond the status of any other Steward in governance. The purpose of the Keyholder role is to ensure smooth operation of central League services, and to minimize the attack surface of those services by granting access to as few people as possible. Keyholders are not to be viewed as “above” Stewards in any sense, and Keyholders must not abuse their elevated access to attempt to subvert, disrupt, or overrule League governance processes.

Current Keyholders

This list reflects the current state of who is granted Keyholder status. If, at any time, Keyholder status has been granted or revoked from any person, this section of the proposal is to be amended to reflect those changes.

The current list of people granted Keyholder status is as follows:

• srxl (Ruby)
• atomicthumbs
• sirocyl

Audit Log

Any changes made to the list of Keyholders must be logged here, as an amendment to this proposal, for transparency.

• 2024-12-13 - srxl, atomicthumbs and sirocyl formalized as initial Keyholders

Duties

Keyholders have a set of duties and expectations that they must follow as part of their role. These duties are as follows:

• Perform various system administration tasks on central League infrastructure as required. This includes, but is not limited to:
  • Configuring central services and ensuring they function as required by League members
  • Fixing any bugs/issues in central infrastructure identified by League members
  • Assigning/revoking roles that grant Stewards access to services needed to perform their duties
• Providing technical support for central infrastructure services to League members on a best-effort basis
  • This is not exclusively the domain of Keyholders - however sometimes a Keyholder is required to modify central infrastructure to fix an issue
  • Keyholders should, within reason, try to respond to support queries at their earliest convenience
• Perform regular maintenance on central infrastructure to keep services up to date
• Onboard new Keyholders, and offboard former Keyholders as Keyholder status is granted to/revoked from League members
• Send out announcements on the Buttondown newsletter and Broadcast as necessary
• Refrain from accessing any data stored on central infrastructure services, particularly user information or private messages, unless required to carry out any other Keyholder duties

Processes

To ensure central infrastructure operates smoothly, and Keyholders remain aware of how to carry out their duties, there are a set of processes that Keyholders should follow.

• If changes are made to any central infrastructure, ensure that change is documented somewhere. This can include:
  • Bookstack
  • The “Infrastructure Operations” channel in Coordination
  • Consensus, if relevant to a discussion held there
• In the event of central infrastructure downtime (planned or unexpected), League members should be notified through at least one of the following channels, where available/necessary:
  • The Announcements channel in Coordination
  • Broadcast
  • The #announcements channel in the Website League Discord server
• If downtime is planned, an announcement should be made prior to the downtime occurring. The advance notice period is determined by Keyholders on a case-by-case basis, with longer downtimes requiring further advance notice.
• A regular update of all central Infrastructure services should be performed at least once every 3 months.
  • This should be conducted by one Keyholder, who is nominated to perform that specific update by all Keyholders.
  • Unless an update to a service would cause that service to stop working without significant work to mitigate the breakage, all services should be updated to their latest versions during these runs.
  • Any services that are not updated during a regular update should be logged with a ticket in Planning to ensure the update is eventually performed.
• To onboard a new Keyholder, the following tasks must be performed:
  • Create a new user on the central infrastructure VPS, and add an SSH key to that user
  • Add their Authentication account to the following groups:
    • Infrastructure Operators
    • Information Admins
  • Create a login with the requested username and password for Observation
  • Send out an invite to Vaultwarden and grant access to the credential vault
• To offboard a former Keyholder, the above tasks must be undone by removing accounts/keys as necessary.
• When a newsletter issue or a Broadcast announcement has been drafted, one Keyholder should be nominated to send out that announcement.

Access

Keyholders require elevated permissions and access to various central infrastructure services to perform their duties. The additional access granted to Keyholders is as follows:

• Administrator (full) rights on the following services:
  • Coordination
  • Consensus
  • Broadcast
  • Information
  • Authentication
  • Planning
  • The website-league organization on GitLab
  • The Website League Discord server
• Individual accounts on the following services:
  • Observation
  • Vaultwarden
  • SSH to the central infrastructure VPS
• Credentials for the following accounts:
  • @league@websiteleague.org on Broadcast
  • Buttondown account for the newsletter
  • The infrastructure@websiteleague.org email inbox
  • The Google account managing our shared Google Drive
  • The SMTP service provider account
• Entry into the private “Infrastructure Operations” channel in Coordination

Membership

Any Steward can be nominated to be a Keyholder through a proposal on Consensus. The process for nominating a Keyholder is the same as our process for nominating Stewards. Keep in mind that a very high level of trust is required for Keyholders, and as such, Keyholders should only be nominated if more Keyholders are desired, and if the nominee has demonstrated a high level of trustworthiness within the Website League already. Only existing Stewards are eligible to be nominated as Keyholders, to ensure that Keyholders are held accountable to the Stewardship body through the same mechanisms as all other Stewards.

At any time, a Keyholder may decide to temporarily relieve themselves of their duties for whatever reason, such as changes in personal circumstances leading them to be unable to adequately perform their duties as a Keyholder. In this event, access to all services listed under the Access section must be temporarily disabled, and a note is to be recorded in the Audit Log section of this document. At any time, they may choose to return to Keyholder duties, in which case an active Keyholder should re-enable all their Keyholder access and record another note in the Audit log.

Keyholders can also be removed from the role for the following reasons:

• If a Keyholder decides to voluntarily step down from their role, for whatever reason
• If a Keyholder has been inactive and unreachable in an official League capacity for at least 1 month
• If a Consensus vote is held to relieve a Keyholder from their duties for whatever reason, such as abuse of their elevated access or lack of trust by the community