public inbox for gentoo-project@lists.gentoo.org
 help / color / mirror / Atom feed
From: "Michał Górny" <mgorny@gentoo.org>
To: gentoo-project@lists.gentoo.org
Cc: Gentoo Elections <elections@gentoo.org>,
	infrastructure <infrastructure@gentoo.org>,
	council <council@gentoo.org>, trustees <trustees@gentoo.org>
Subject: Re: [gentoo-project] Re: [RFC] vote.gentoo.org - a new voting frontend for Gentoo Elections
Date: Sat, 27 Jul 2019 13:18:49 +0200	[thread overview]
Message-ID: <b0672a6f0ae409c1b82caed11dd2d77f30a7c369.camel@gentoo.org> (raw)
In-Reply-To: <IVJWTX3Z.ONQLCJ2P.H6HOYBYA@VOYN4NAJ.RTHOZEQV.J3JUG5JJ>

[-- Attachment #1: Type: text/plain, Size: 3020 bytes --]

On Sat, 2019-07-27 at 11:40 +0100, Roy Bamford wrote:
> On 2019.07.27 07:21, Michał Górny wrote:
> > Hi,
> > 
> > (CC-ing all parties interested in technicals, plus main consumers)
> > 
> > I'd like to work on providing new web-based frontend for voting
> > in Gentoo elections.  It would replace votify in the pipeline but
> > generate countify-compatible data, so the votes would still be counted
> > using old tooling.
> > 
> > 
> > Goals
> > =====
> > The goals for the new system would be to:
> > 
> > 1. Improve privacy of votes by removing connection between voters
> > and their confirmation IDs ASAP (not storing them unencrypted
> > on permanent storage at all).
> > 
> > 2. Unifying voting mechanism for developers and non-developers.
> > The latter currently vote by mail and get their votes manually hacked
> > into the system.
> > 
> > 3. Removing dependency on dev.gentoo.org shell access for voting. 
> > This
> > is implied by 2. but should also support any future efforts of
> > reducing
> > reliance on the single system in Infra.
> > 
> > 4. Make it possible to use the system for unofficial elections (e.g.
> > team lead votes).  Currently setting a vote up requires root
> > privileges
> > on dev.g.o which is not really feasible.
> > 
> 
> 5. Election Officials shall have a means to determine the voter turmout
> from time to time while the election is in progress.
> 
> Today, its carried out by the -infra contact and publicised in reminders
> to vote, IRC channel topics etc

Oh, I though those mails are directed to all listed officials
for an election and assumed this is nothing new to solve.  Sure, this is
entirely feasible.

> 
> [snip]
> 
> > Before the election starts, election officials prepare a list of voters
> > containing their e-mail addresses and OpenPGP key fingerprints.  They
> > run a script which creates tokens for all voters, encrypts them, then
> > mails them to voters.
> 
> How do we deal with expired public keys?

When token mails are generated GPG automatically verifies whether keys
are usable.  As a result, if someone has an expired key, the script
explicitly notes it and returns an error.

> 
> Devs get a warning at commit time before their key expires. Non devs
> will not be permitted (by gpg) to sign a ballot with an expired key.
> Here, the election officials script will be attempting to make use of 
> expired keys.
> 
> I can see another requirement ...
> 6. At the record date for any election, voters public keys shall be 
> checked for validity until at least the end of the voting period.
> 
> That will give election officials time to remind the electorate to fix
> their keys.

You can't sign votes using your key, as this kills the privacy
requirement.  Instead, we rely on secret token mails being encrypted
using voter's key.  Key only needs to be valid at encryption time,
as you can decrypt messages from the past ;-).

-- 
Best regards,
Michał Górny


[-- Attachment #2: This is a digitally signed message part --]
[-- Type: application/pgp-signature, Size: 618 bytes --]

  reply	other threads:[~2019-07-27 11:18 UTC|newest]

Thread overview: 5+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2019-07-27  6:21 [gentoo-project] [RFC] vote.gentoo.org - a new voting frontend for Gentoo Elections Michał Górny
2019-07-27 10:40 ` [gentoo-project] " Roy Bamford
2019-07-27 11:18   ` Michał Górny [this message]
2019-08-09  5:49   ` Robin H. Johnson
2019-08-09  6:02     ` Michał Górny

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=b0672a6f0ae409c1b82caed11dd2d77f30a7c369.camel@gentoo.org \
    --to=mgorny@gentoo.org \
    --cc=council@gentoo.org \
    --cc=elections@gentoo.org \
    --cc=gentoo-project@lists.gentoo.org \
    --cc=infrastructure@gentoo.org \
    --cc=trustees@gentoo.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox