[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Vote for the Debian Project Leader Election 2005

* Wesley J Landaker [Thu, 24 Mar 2005 20:23:34 -0700]:
> On Thursday, 24 March 2005 20:15, Matthew Palmer wrote:

> > Since the voter gets a return e-mail, they'd likely know about it,
> > but if the attacker was clever and threw your ballot in right before
> > the deadline, you wouldn't have enough time to correct it, and would
> > need to bother Manoj to get it sorted out.

> Yeah, it seems this would be possible in the current system. One way to 
> work around this would be to reject vote e-mails that are identical to 
> ones seen before (say, save a md5sum of the signed portion of the 
> e-mail, *including* the GPG signature block).

  I've been told on IRC that devotee currently has such a replay-guard
  mechanism. Perhaps Manoj can confirm, and comment a bit about the
  implemented safeguards? (Or point to the relevant explanation pages,
  of course.)

-- 
Adeodato Simó
    EM: asp16 [ykwim] alu.ua.es | PK: DA6AE621
 
Algebraic symbols are used when you do not know what you are talking about.
                -- Philippe Schnoebelen
Reply to: