From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from lists.gentoo.org (pigeon.gentoo.org [208.92.234.80]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by finch.gentoo.org (Postfix) with ESMTPS id D45DE138334 for ; Sat, 27 Jul 2019 10:40:35 +0000 (UTC) Received: from pigeon.gentoo.org (localhost [127.0.0.1]) by pigeon.gentoo.org (Postfix) with SMTP id AF9EFE0844; Sat, 27 Jul 2019 10:40:34 +0000 (UTC) Received: from smarthost01b.mail.zen.net.uk (smarthost01b.mail.zen.net.uk [212.23.1.3]) (using TLSv1.2 with cipher DHE-RSA-AES128-SHA256 (128/128 bits)) (No client certificate requested) by pigeon.gentoo.org (Postfix) with ESMTPS id 826FEE083B for ; Sat, 27 Jul 2019 10:40:34 +0000 (UTC) Received: from [62.3.120.142] (helo=NeddySeagoon_Static) by smarthost01b.mail.zen.net.uk with esmtpsa (TLS1.2:RSA_AES_256_CBC_SHA1:256) (Exim 4.80) (envelope-from ) id 1hrK7s-00054s-U1; Sat, 27 Jul 2019 10:40:33 +0000 Date: Sat, 27 Jul 2019 11:40:12 +0100 From: Roy Bamford Subject: [gentoo-project] Re: [RFC] vote.gentoo.org - a new voting frontend for Gentoo Elections To: =?UTF-8?b?TWljaGHFgiBHw7Nybnk=?= Cc: gentoo-project , Gentoo Elections , infrastructure , council , trustees In-Reply-To: (from mgorny@gentoo.org on Sat Jul 27 07:21:54 2019) X-Mailer: Balsa 2.5.6 Message-Id: Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Id: Gentoo Project discussion list X-BeenThere: gentoo-project@lists.gentoo.org Reply-To: gentoo-project@lists.gentoo.org X-Auto-Response-Suppress: DR, RN, NRN, OOF, AutoReply MIME-Version: 1.0 Content-Type: multipart/signed; micalg=PGP-SHA256; protocol="application/pgp-signature"; boundary="=-QhGSaUmYVt+/zoEIK9SI" X-Originating-smarthost01b-IP: [62.3.120.142] Feedback-ID: 62.3.120.142 X-Archives-Salt: 3ce5184e-7f03-4995-8f0e-2ee14ab2e3bc X-Archives-Hash: 3baa66990acd28e4255bd893a6ed7b49 --=-QhGSaUmYVt+/zoEIK9SI Content-Type: text/plain; charset=UTF-8 Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On 2019.07.27 07:21, Micha=C5=82 G=C3=B3rny wrote: > Hi, >=20 > (CC-ing all parties interested in technicals, plus main consumers) >=20 > I'd like to work on providing new web-based frontend for voting > in Gentoo elections. It would replace votify in the pipeline but > generate countify-compatible data, so the votes would still be counted > using old tooling. >=20 >=20 > Goals > =3D=3D=3D=3D=3D > The goals for the new system would be to: >=20 > 1. Improve privacy of votes by removing connection between voters > and their confirmation IDs ASAP (not storing them unencrypted > on permanent storage at all). >=20 > 2. Unifying voting mechanism for developers and non-developers. > The latter currently vote by mail and get their votes manually hacked > into the system. >=20 > 3. Removing dependency on dev.gentoo.org shell access for voting.=20 > This > is implied by 2. but should also support any future efforts of > reducing > reliance on the single system in Infra. >=20 > 4. Make it possible to use the system for unofficial elections (e.g. > team lead votes). Currently setting a vote up requires root > privileges > on dev.g.o which is not really feasible. >=20 5. Election Officials shall have a means to determine the voter turmout from time to time while the election is in progress. Today, its carried out by the -infra contact and publicised in reminders to vote, IRC channel topics etc [snip] > Before the election starts, election officials prepare a list of voters > containing their e-mail addresses and OpenPGP key fingerprints. They > run a script which creates tokens for all voters, encrypts them, then > mails them to voters. How do we deal with expired public keys? Devs get a warning at commit time before their key expires. Non devs will not be permitted (by gpg) to sign a ballot with an expired key. Here, the election officials script will be attempting to make use of=20 expired keys. I can see another requirement ... 6. At the record date for any election, voters public keys shall be=20 checked for validity until at least the end of the voting period. That will give election officials time to remind the electorate to fix their keys. [snip] =20 > Your comments > =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D > What are your thoughts? >=20 > --=20 > Best regards, > Micha=C5=82 G=C3=B3rny >=20 >=20 No showstopper comments from me. --=20 Regards, Roy Bamford (Neddyseagoon) a member of elections gentoo-ops forum-mods arm64= --=-QhGSaUmYVt+/zoEIK9SI Content-Type: application/pgp-signature -----BEGIN PGP SIGNATURE----- iQEzBAABCAAdFiEEsOrcx0gZrrCMwJzo/xJODTqpeT4FAl08Kg8ACgkQ/xJODTqp eT6Hgwf+Ka1Dr2LXIiYRQncgGT39kf7wL94Tv6xxSgA4PdhIqoP/dvPolWB8dYME /7IHPNJpkv3oxHjyLxh//8jFJy8jIrWrxTA4pVUCQEvsQppZfn9g7z4Bb529Z95U 2w8MeVF/aDt5r/1uh64mtB2YD1isQk4yksdTla7yLwG2QX656XyaaDovFBx/JgND OSiMhUpoCF1/U8XzMrrr54hB0ieymQiZD9ld0vmcEs67o6XCOYqFnq6qOYuvacZG rAaJ5M2JZRsyld9Y0L19y/UIMdes2UO7P1uSO74ko5VrVPd6cI3e9djmoTt9Oa0M Nt2ht9x2loMHRS03n9pnCn16tcByzA== =6vvg -----END PGP SIGNATURE----- --=-QhGSaUmYVt+/zoEIK9SI--