From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from lists.gentoo.org (pigeon.gentoo.org [208.92.234.80]) by finch.gentoo.org (Postfix) with ESMTP id 37E721392EF for ; Fri, 18 Jul 2014 07:01:58 +0000 (UTC) Received: from pigeon.gentoo.org (localhost [127.0.0.1]) by pigeon.gentoo.org (Postfix) with SMTP id 4F318E092F; Fri, 18 Jul 2014 07:01:57 +0000 (UTC) Received: from qmta15.westchester.pa.mail.comcast.net (qmta15.westchester.pa.mail.comcast.net [76.96.59.228]) by pigeon.gentoo.org (Postfix) with ESMTP id 9D0E1E0928 for ; Fri, 18 Jul 2014 07:01:56 +0000 (UTC) Received: from omta14.westchester.pa.mail.comcast.net ([76.96.62.60]) by qmta15.westchester.pa.mail.comcast.net with comcast id Tj1w1o0011HzFnQ5Fj1w8q; Fri, 18 Jul 2014 07:01:56 +0000 Received: from [192.168.1.13] ([50.190.84.14]) by omta14.westchester.pa.mail.comcast.net with comcast id Tj1v1o00A0JZ7Re3aj1vtD; Fri, 18 Jul 2014 07:01:56 +0000 Message-ID: <53C8C653.60505@gentoo.org> Date: Fri, 18 Jul 2014 03:01:39 -0400 From: Joshua Kinard User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:24.0) Gecko/20100101 Thunderbird/24.6.0 Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Id: Gentoo Project discussion list X-BeenThere: gentoo-project@lists.gentoo.org Reply-To: gentoo-project@lists.gentoo.org MIME-Version: 1.0 To: gentoo-project@lists.gentoo.org Subject: Re: [gentoo-project] Gentoo Council Elections Results for term 2014-2015 References: <53C7202F.1050404@gentoo.org> <53C72B84.9050605@gentoo.org> <53C7B59A.8090605@gentoo.org> <53C7B852.8070708@gentoo.org> <53C7BE51.3040605@gentoo.org> <53C7CCC2.20002@gentoo.org> In-Reply-To: <53C7CCC2.20002@gentoo.org> X-Enigmail-Version: 1.6 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 7bit DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=comcast.net; s=q20140121; t=1405666916; bh=ZzMRa7HO43ilgAiZ/af2s8yl/D7Y0o5AmOe65o+vepQ=; h=Received:Received:Message-ID:Date:From:MIME-Version:To:Subject: Content-Type; b=Quamx0yGTawb7yWqkrQR2qKJKK/c3pItZ7pB/gEVK4oFS0hUgBblxRID0eNWvAEyG XRDYgJ0CBJVofiHR2ashqBsKIJqO8d/7PCFlx9vIB4tg9KrBp5XNZD4c0J3etp9dYF 5r93wlPdaM+DIuU5MoEoOUwml2mLKGM4tw2KbjpBJiWl9SwKzcHa+j6CUFBztHOnzK EtVxwjfmzj0AbZUgQiHvc+AC92rSZCig4uhs6wX+Um0xfGtOX5opvxlacyXG5updZc GaQ8xsbOiMflOIwGQcC3hmqlb6sgTjrLrdUu4c/jQMtsonZ0VXiEPDpuE2kDMn5z9D 1ax+sW2Aw9WZw== X-Archives-Salt: 9d5070e4-1a26-4c33-8c12-34b2d19447b9 X-Archives-Hash: 464888494dd0d45e71e4ef6530685c75 On 07/17/2014 09:16, hasufell wrote: > Rich Freeman: >> I think the only practical option is to try to prevent something like >> this from happening again > > The reason this happened is IMO not just the failure of an election > official, but the fact that it's technically even possible. > > Why is there any mapping between id and developer name (or why have the > election officials access to this mapping... by definition it's already > a non-anonymous election then)? > > I think it should be clear that this is also a technical issue and needs > to be improved. Maybe instead of developer name, the mapping should be between conf id and developer UID on woodpecker for purposes of uniquely validating the vote. Possibly even a dedicated and unique voting ID (VID), stored only in LDAP, visible only to the developer (I think this is possible, though I'll assume that infra can see everything anyways). When the votes are tallied, these VIDs are hashed and the election officials can only see the link between conf id and the hash, but the software can be granted some LDAP read permission to look the VID up and auto-generate an e-mail to that dev's mbox directly. Doesn't eliminate the possibility of someone sleuthing around to eventually link dev -> conf id, but in the event this happens in the future, the file containing the linkages will only show hashes -> conf id. -- Joshua Kinard Gentoo/MIPS kumba@gentoo.org 4096R/D25D95E3 2011-03-28 "The past tempts us, the present confuses us, the future frightens us. And our lives slip away, moment by moment, lost in that vast, terrible in-between." --Emperor Turhan, Centauri Republic