GPG



Uggh.  I'm sure that this is the way to have the most secure voting
system, and maybe it's the *only* way to have really secure elections,
but I think it is absolutely and totally too cumbersome a process.

My understanding is that there will be two types of elections:
- elections for the board of the foundation
- elections to fire the board of the foundation

I'm willing to tolerate some insecurity in these elections.  Let's come
up with a system that has some baseline security but that still allows
people to vote from their desks all over the world to vote in a fairly
straightforward fashion.  I've participated in a number of online
elections - most of them have been plain email elections with no security
whatsoever and we somehow managed to survive.  If it turns out that Bill
Gates gets elected as Chairman of our board, then we can always take a
closer look at what happened, make sure that's what people wanted and
deal with security if there was tampering of some sort.

Bart

Havoc Pennington wrote:

> Unfortunately, we almost certainly need a member database with GPG
> public keys such as the one Debian has. This is the only way I know of
> to do secure voting. This leads to some unpleasantness; basically you
> have to meet all members in person or call them on the phone and do
> the fingerprint-exchange deal to get their key signed, and people have
> to not lose their secret keys.





[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]