From: "Michał Górny" <mgorny@gentoo.org>
To: gentoo-project@lists.gentoo.org
Cc: Gentoo Elections <elections@gentoo.org>,
infrastructure <infrastructure@gentoo.org>,
council <council@gentoo.org>, trustees <trustees@gentoo.org>
Subject: Re: [gentoo-project] Re: [RFC] vote.gentoo.org - a new voting frontend for Gentoo Elections
Date: Fri, 09 Aug 2019 08:02:29 +0200 [thread overview]
Message-ID: <27f3f126c9e90860a901e091b6052e0c8a38a6e5.camel@gentoo.org> (raw)
In-Reply-To: <robbat2-20190809T054620-801784171Z@orbis-terrarum.net>
[-- Attachment #1: Type: text/plain, Size: 3311 bytes --]
On Fri, 2019-08-09 at 05:49 +0000, Robin H. Johnson wrote:
> On Sat, Jul 27, 2019 at 11:40:12AM +0100, Roy Bamford wrote:
> > On 2019.07.27 07:21, Michał Górny wrote:
> > > Hi,
> > >
> > > (CC-ing all parties interested in technicals, plus main consumers)
> > >
> > > I'd like to work on providing new web-based frontend for voting
> > > in Gentoo elections. It would replace votify in the pipeline but
> > > generate countify-compatible data, so the votes would still be counted
> > > using old tooling.
> > >
> > >
> > > Goals
> > > =====
> > > The goals for the new system would be to:
> > >
> > > 1. Improve privacy of votes by removing connection between voters
> > > and their confirmation IDs ASAP (not storing them unencrypted
> > > on permanent storage at all).
> > >
> > > 2. Unifying voting mechanism for developers and non-developers.
> > > The latter currently vote by mail and get their votes manually hacked
> > > into the system.
> > >
> > > 3. Removing dependency on dev.gentoo.org shell access for voting.
> > > This
> > > is implied by 2. but should also support any future efforts of
> > > reducing
> > > reliance on the single system in Infra.
> > >
> > > 4. Make it possible to use the system for unofficial elections (e.g.
> > > team lead votes). Currently setting a vote up requires root
> > > privileges
> > > on dev.g.o which is not really feasible.
> > >
> >
> > 5. Election Officials shall have a means to determine the voter turmout
> > from time to time while the election is in progress.
>
> 6. The voting system must produce a list of voters who cast a valid
> ballot. This is required to see which voters did not cast a ballot in
> the Foundation elections, and could thus be struck off the member list
> for failure to participate.
>
> This might be implemented via two separate identifiers from the secret
> per your ideas.
Do I understand correctly that you want:
1. one derived identifier to be used to cast the vote and stored without
association to developer,
2. another derived identifier to be used to confirm the vote, and stored
with association to developer?
I suppose this could work. However, it would weaken the privacy
protection much. Any active watcher (say, Infra or election official)
would be able to notice simultaneous appearance of the vote
and the voter entry. Sure, they could also break the system by hacking
the scripts over or adding voters manually rather via the script
but the whole point is to limit privacy exposure to the minimum.
Furthermore, I believe the fact whether one has voted or not is also
a matter of privacy. Expecting people to explicitly indicate this is
violating it, so it doesn't seem the correct solution to the problem
at hand.
Maybe Trustees should consider finding a better way of determining when
to retire inactive members? The simplest solution that comes to my head
is finally requiring all Foundation members to be active developers, or
at least setting same rules for both groups (i.e. retiring Foundation
members when they stop making new contributions to Gentoo). Given that
there are only a few Foundation members who are not devs, either way
shouldn't be a real issue.
--
Best regards,
Michał Górny
[-- Attachment #2: This is a digitally signed message part --]
[-- Type: application/pgp-signature, Size: 618 bytes --]
prev parent reply other threads:[~2019-08-09 6:02 UTC|newest]
Thread overview: 5+ messages / expand[flat|nested] mbox.gz Atom feed top
2019-07-27 6:21 [gentoo-project] [RFC] vote.gentoo.org - a new voting frontend for Gentoo Elections Michał Górny
2019-07-27 10:40 ` [gentoo-project] " Roy Bamford
2019-07-27 11:18 ` Michał Górny
2019-08-09 5:49 ` Robin H. Johnson
2019-08-09 6:02 ` Michał Górny [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=27f3f126c9e90860a901e091b6052e0c8a38a6e5.camel@gentoo.org \
--to=mgorny@gentoo.org \
--cc=council@gentoo.org \
--cc=elections@gentoo.org \
--cc=gentoo-project@lists.gentoo.org \
--cc=infrastructure@gentoo.org \
--cc=trustees@gentoo.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox