Re: Concerns about the election process
- From: Davyd Madeley <davyd fugro-fsi com au>
- To: Behdad Esfahbod <behdad behdad org>
- Cc: Ryan Lortie <desrt desrt ca>, Gabriel Burt <gabriel burt gmail com>, foundation-list gnome org, elections gnome org
- Subject: Re: Concerns about the election process
- Date: Mon, 27 Nov 2006 14:59:17 +0800
On Mon, Nov 27, 2006 at 01:22:47AM -0500, Behdad Esfahbod wrote:
On Sun, 2006-11-26 at 20:18 -0600, Gabriel Burt wrote:
On 11/26/06, Behdad Esfahbod <behdad behdad org> wrote:
What he's saying is that, suppose you voted for me, Quim, Federico,
Dave, Bastien, Luis, and Jeff, and were given the anonymous token
0bhnyOzwLJ05jYV2phjusfe0jBYO3HZf. How do you make sure that no one else
who voted for the same seven candidates received the same anonymous
token?
I misunderstood. This could be solved by printing the token and the
date/time that the vote was received, couldn't it? Is this
information being logged so it could be used in this election?
Another way could be to publish a list of people who voted, and people
can check they are listed there, and compare the number of voters to
the number of votes listed.
No. It's not easy really. Just because the number of voters matches
the number of anon tokens listed, doesn't mean that unique tokens were
handed out to voters. The results can be perturbed by handing out the
same token to more than one voter, and insert phony tokens with
arbitrary votes attached to them.
There's nothing we should rush for this year. The point is /not/ that
the election committee cannot be trusted. The point is, if we want to
have a system in which the voters do not have to trust the election
committee, then our current system does not qualify, and for the least,
it should not be advertised like it does.
A few years ago I put together this proposal, but it was considered
to be too complex for GNOME:
http://oracle.bridgewayconsulting.com.au/~davyd/misc/gnome-voting/
It would require both a specialised GNOME voting client (well, we
are a desktop UI group..) and an anonymizing service like Tor. It
would also require public/private keypairs, for example the ssh keys
we use for CVS.
--d
--
Davyd Madeley Software Engineer
Fugro Seismic Imaging, Perth Australia
[
Date Prev][
Date Next] [
Thread Prev][
Thread Next]
[
Thread Index]
[
Date Index]
[
Author Index]