Re: Vote for the Debian Project Leader Election 2005
* Wesley J Landaker [Thu, 24 Mar 2005 20:23:34 -0700]:
> On Thursday, 24 March 2005 20:15, Matthew Palmer wrote:
> > Since the voter gets a return e-mail, they'd likely know about it,
> > but if the attacker was clever and threw your ballot in right before
> > the deadline, you wouldn't have enough time to correct it, and would
> > need to bother Manoj to get it sorted out.
> Yeah, it seems this would be possible in the current system. One way to
> work around this would be to reject vote e-mails that are identical to
> ones seen before (say, save a md5sum of the signed portion of the
> e-mail, *including* the GPG signature block).
I've been told on IRC that devotee currently has such a replay-guard
mechanism. Perhaps Manoj can confirm, and comment a bit about the
implemented safeguards? (Or point to the relevant explanation pages,
of course.)
--
Adeodato Simó
EM: asp16 [ykwim] alu.ua.es | PK: DA6AE621
Algebraic symbols are used when you do not know what you are talking about.
-- Philippe Schnoebelen
Reply to: