From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from lists.gentoo.org (pigeon.gentoo.org [208.92.234.80]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by finch.gentoo.org (Postfix) with ESMTPS id 7851F138334 for ; Fri, 9 Aug 2019 06:02:38 +0000 (UTC) Received: from pigeon.gentoo.org (localhost [127.0.0.1]) by pigeon.gentoo.org (Postfix) with SMTP id E9E87E081E; Fri, 9 Aug 2019 06:02:36 +0000 (UTC) Received: from smtp.gentoo.org (smtp.gentoo.org [IPv6:2001:470:ea4a:1:5054:ff:fec7:86e4]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by pigeon.gentoo.org (Postfix) with ESMTPS id B65DDE0819 for ; Fri, 9 Aug 2019 06:02:36 +0000 (UTC) Received: from pomiot (d202-252.icpnet.pl [109.173.202.252]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) (Authenticated sender: mgorny) by smtp.gentoo.org (Postfix) with ESMTPSA id AE36A349718; Fri, 9 Aug 2019 06:02:33 +0000 (UTC) Message-ID: <27f3f126c9e90860a901e091b6052e0c8a38a6e5.camel@gentoo.org> Subject: Re: [gentoo-project] Re: [RFC] vote.gentoo.org - a new voting frontend for Gentoo Elections From: =?UTF-8?Q?Micha=C5=82_G=C3=B3rny?= To: gentoo-project@lists.gentoo.org Cc: Gentoo Elections , infrastructure , council , trustees Date: Fri, 09 Aug 2019 08:02:29 +0200 In-Reply-To: References: Organization: Gentoo Content-Type: multipart/signed; micalg="pgp-sha512"; protocol="application/pgp-signature"; boundary="=-ACqwCfP8sPe/KLQ52x4O" User-Agent: Evolution 3.30.5 Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Id: Gentoo Project discussion list X-BeenThere: gentoo-project@lists.gentoo.org Reply-To: gentoo-project@lists.gentoo.org X-Auto-Response-Suppress: DR, RN, NRN, OOF, AutoReply MIME-Version: 1.0 X-Archives-Salt: c72418a1-482b-46a9-a137-8b8ca1906bba X-Archives-Hash: f99f5ae65379a17b3baa16896d088bee --=-ACqwCfP8sPe/KLQ52x4O Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable On Fri, 2019-08-09 at 05:49 +0000, Robin H. Johnson wrote: > On Sat, Jul 27, 2019 at 11:40:12AM +0100, Roy Bamford wrote: > > On 2019.07.27 07:21, Micha=C5=82 G=C3=B3rny wrote: > > > Hi, > > >=20 > > > (CC-ing all parties interested in technicals, plus main consumers) > > >=20 > > > I'd like to work on providing new web-based frontend for voting > > > in Gentoo elections. It would replace votify in the pipeline but > > > generate countify-compatible data, so the votes would still be counte= d > > > using old tooling. > > >=20 > > >=20 > > > Goals > > > =3D=3D=3D=3D=3D > > > The goals for the new system would be to: > > >=20 > > > 1. Improve privacy of votes by removing connection between voters > > > and their confirmation IDs ASAP (not storing them unencrypted > > > on permanent storage at all). > > >=20 > > > 2. Unifying voting mechanism for developers and non-developers. > > > The latter currently vote by mail and get their votes manually hacked > > > into the system. > > >=20 > > > 3. Removing dependency on dev.gentoo.org shell access for voting.=20 > > > This > > > is implied by 2. but should also support any future efforts of > > > reducing > > > reliance on the single system in Infra. > > >=20 > > > 4. Make it possible to use the system for unofficial elections (e.g. > > > team lead votes). Currently setting a vote up requires root > > > privileges > > > on dev.g.o which is not really feasible. > > >=20 > >=20 > > 5. Election Officials shall have a means to determine the voter turmout > > from time to time while the election is in progress. >=20 > 6. The voting system must produce a list of voters who cast a valid > ballot. This is required to see which voters did not cast a ballot in > the Foundation elections, and could thus be struck off the member list > for failure to participate. >=20 > This might be implemented via two separate identifiers from the secret > per your ideas. Do I understand correctly that you want: 1. one derived identifier to be used to cast the vote and stored without association to developer, 2. another derived identifier to be used to confirm the vote, and stored with association to developer? I suppose this could work. However, it would weaken the privacy protection much. Any active watcher (say, Infra or election official) would be able to notice simultaneous appearance of the vote and the voter entry. Sure, they could also break the system by hacking the scripts over or adding voters manually rather via the script but the whole point is to limit privacy exposure to the minimum. Furthermore, I believe the fact whether one has voted or not is also a matter of privacy. Expecting people to explicitly indicate this is violating it, so it doesn't seem the correct solution to the problem at hand. Maybe Trustees should consider finding a better way of determining when to retire inactive members? The simplest solution that comes to my head is finally requiring all Foundation members to be active developers, or at least setting same rules for both groups (i.e. retiring Foundation members when they stop making new contributions to Gentoo). Given that there are only a few Foundation members who are not devs, either way shouldn't be a real issue. --=20 Best regards, Micha=C5=82 G=C3=B3rny --=-ACqwCfP8sPe/KLQ52x4O Content-Type: application/pgp-signature; name="signature.asc" Content-Description: This is a digitally signed message part Content-Transfer-Encoding: 7bit -----BEGIN PGP SIGNATURE----- iQGTBAABCgB9FiEEx2qEUJQJjSjMiybFY5ra4jKeJA4FAl1NDHVfFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEM3 NkE4NDUwOTQwOThEMjhDQzhCMjZDNTYzOUFEQUUyMzI5RTI0MEUACgkQY5ra4jKe JA797Qf9GFD45P5dBl1TYIihsq80Ohvg/K57X7v5WfsvgTZYuGgjzfT8SnCuHMoG JhjrWr0HkyHrIkbKOIvNM/bHR0EZNw1JmZkpUKa0cxPpLQrMizhpBDyvXMTR0iRv BsDJKnZ7Y5qQBKWrXy9cVrk4ZywKm6Lur6yz+zauBeV3wvqSllJ0X0S8DiUW1iRr haoH94DGVIemmEb6qQLbY4/e+6ky6F/5ZP2kNOVw34n9FflTWFXLZ67v6hJMpf4E VdeIL8IjaH57Hc96QeAbyDn6I+jIj4LbSpjGeT8TFF60M6tQC12VhtE7y9Yin2oC FKO9UaC3XoXFkFEGYXk+YQMil6Vf5g== =LEqz -----END PGP SIGNATURE----- --=-ACqwCfP8sPe/KLQ52x4O--