1 |
On 07/17/2014 09:16, hasufell wrote: |
2 |
> Rich Freeman: |
3 |
>> I think the only practical option is to try to prevent something like |
4 |
>> this from happening again |
5 |
> |
6 |
> The reason this happened is IMO not just the failure of an election |
7 |
> official, but the fact that it's technically even possible. |
8 |
> |
9 |
> Why is there any mapping between id and developer name (or why have the |
10 |
> election officials access to this mapping... by definition it's already |
11 |
> a non-anonymous election then)? |
12 |
> |
13 |
> I think it should be clear that this is also a technical issue and needs |
14 |
> to be improved. |
15 |
|
16 |
Maybe instead of developer name, the mapping should be between conf id and |
17 |
developer UID on woodpecker for purposes of uniquely validating the vote. |
18 |
Possibly even a dedicated and unique voting ID (VID), stored only in LDAP, |
19 |
visible only to the developer (I think this is possible, though I'll assume |
20 |
that infra can see everything anyways). |
21 |
|
22 |
When the votes are tallied, these VIDs are hashed and the election officials |
23 |
can only see the link between conf id and the hash, but the software can be |
24 |
granted some LDAP read permission to look the VID up and auto-generate an |
25 |
e-mail to that dev's mbox directly. |
26 |
|
27 |
Doesn't eliminate the possibility of someone sleuthing around to eventually |
28 |
link dev -> conf id, but in the event this happens in the future, the file |
29 |
containing the linkages will only show hashes -> conf id. |
30 |
|
31 |
</brainstorm> |
32 |
|
33 |
-- |
34 |
Joshua Kinard |
35 |
Gentoo/MIPS |
36 |
kumba@g.o |
37 |
4096R/D25D95E3 2011-03-28 |
38 |
|
39 |
"The past tempts us, the present confuses us, the future frightens us. And |
40 |
our lives slip away, moment by moment, lost in that vast, terrible in-between." |
41 |
|
42 |
--Emperor Turhan, Centauri Republic |