Re: many rejects (Re: Second call for votes for the debian project leader election 2007)

To: debian-devel@lists.debian.org
Subject: Re: many rejects (Re: Second call for votes for the debian project leader election 2007)
From: Manoj Srivastava <srivasta@debian.org>
Date: Sun, 01 Apr 2007 13:04:12 -0500
Message-id: <[🔎] 87ps6oq8df.fsf@glaurung.internal.golden-gryphon.com>
In-reply-to: <[🔎] 20070401181138.2a8c14c5@localhost> ("Michal Čihař"'s message of "Sun\, 1 Apr 2007 18\:11\:38 +0200")
References: <87fy7rclpc.fsf@glaurung.internal.golden-gryphon.com> <Pine.LNX.4.62.0703280739010.29424@wr-linux02> <1175061383.4086.27.camel@localhost> <20070328093110.163ae03c@localhost> <873b3pa5t5.fsf@glaurung.internal.golden-gryphon.com> <20070329100019.324dd431@localhost> <20070329192328.GA16156@roeckx.be> <20070330092338.60f7bb56@localhost> <873b3mius6.fsf@glaurung.internal.golden-gryphon.com> <[🔎] 20070401181138.2a8c14c5@localhost>

On Sun, 1 Apr 2007 18:11:38 +0200, Michal Čihař <michal@cihar.com> said: 

> Hello On Fri, 30 Mar 2007 11:02:49 -0500
> Manoj Srivastava <srivasta@debian.org> wrote:

>> It turns out that it was indeed encrypted, but the message was not
>> signed; which means there is no information about who is sending
>> the ballot. This is a legitimate addition to the ballot; I'll point
>> it out in the next CFV.

> It of course was signed,

        No, it was not. The body of the encrypted but not signed email
 contained a signed vote, but the email itself was not signed.

> I simply don't know what went wrong, but it seems that something
> fooled script which is handling votes (signature won't verify,
> because I deleted the votes):

        I do know what went wrong.

        This is the most creative and weird action I have seen in the
 last few elections.

        You send an encrypted mail, which was not itself signed. This
 caused the vote to be rejected. Now, the body of the mail, once you
 decrypted it, did contain a signed vote -- but this is too late,
 since the outer mail was not signed, nothing processed the decrypted
 body.

        And no, you do not need to send in inline PGP when encrypting
 ballots;  you can send a signed *AND* encrypted RFC 3156 mail
 message.

        manoj
-- 
Successful and fortunate crime is called virtue. Seneca
Manoj Srivastava <srivasta@debian.org> <http://www.debian.org/~srivasta/>
1024D/BF24424C print 4966 F272 D093 B493 410B  924B 21BA DABB BF24 424C

Reply to:

Follow-Ups:
- Re: many rejects (Re: Second call for votes for the debian project leader election 2007)
  - From: Michal Čihař <michal@cihar.com>
- Re: many rejects (Re: Second call for votes for the debian project leader election 2007)
  - From: Steve Langasek <vorlon@debian.org>

References:
- Re: many rejects (Re: Second call for votes for the debian project leader election 2007)
  - From: Michal Čihař <michal@cihar.com>

Prev by Date: Re: many rejects (Re: Second call for votes for the debian project leader election 2007)
Next by Date: Re: many rejects (Re: Second call for votes for the debian project leader election 2007)
Previous by thread: Re: many rejects (Re: Second call for votes for the debian project leader election 2007)
Next by thread: Re: many rejects (Re: Second call for votes for the debian project leader election 2007)
Index(es):
- Date
- Thread