| 1 |
On 07/17/2014 09:16, hasufell wrote: |
| 2 |
> Rich Freeman: |
| 3 |
>> I think the only practical option is to try to prevent something like |
| 4 |
>> this from happening again |
| 5 |
> |
| 6 |
> The reason this happened is IMO not just the failure of an election |
| 7 |
> official, but the fact that it's technically even possible. |
| 8 |
> |
| 9 |
> Why is there any mapping between id and developer name (or why have the |
| 10 |
> election officials access to this mapping... by definition it's already |
| 11 |
> a non-anonymous election then)? |
| 12 |
> |
| 13 |
> I think it should be clear that this is also a technical issue and needs |
| 14 |
> to be improved. |
| 15 |
|
| 16 |
Maybe instead of developer name, the mapping should be between conf id and |
| 17 |
developer UID on woodpecker for purposes of uniquely validating the vote. |
| 18 |
Possibly even a dedicated and unique voting ID (VID), stored only in LDAP, |
| 19 |
visible only to the developer (I think this is possible, though I'll assume |
| 20 |
that infra can see everything anyways). |
| 21 |
|
| 22 |
When the votes are tallied, these VIDs are hashed and the election officials |
| 23 |
can only see the link between conf id and the hash, but the software can be |
| 24 |
granted some LDAP read permission to look the VID up and auto-generate an |
| 25 |
e-mail to that dev's mbox directly. |
| 26 |
|
| 27 |
Doesn't eliminate the possibility of someone sleuthing around to eventually |
| 28 |
link dev -> conf id, but in the event this happens in the future, the file |
| 29 |
containing the linkages will only show hashes -> conf id. |
| 30 |
|
| 31 |
</brainstorm> |
| 32 |
|
| 33 |
-- |
| 34 |
Joshua Kinard |
| 35 |
Gentoo/MIPS |
| 36 |
kumba@g.o |
| 37 |
4096R/D25D95E3 2011-03-28 |
| 38 |
|
| 39 |
"The past tempts us, the present confuses us, the future frightens us. And |
| 40 |
our lives slip away, moment by moment, lost in that vast, terrible in-between." |
| 41 |
|
| 42 |
--Emperor Turhan, Centauri Republic |
Archives