Re: DEP-16 Confidential votes

To: debian-project@lists.debian.org
Subject: Re: DEP-16 Confidential votes
From: Thomas Goirand <zigo@debian.org>
Date: Mon, 19 Apr 2021 00:11:56 +0200
Message-id: <[🔎] c71272ee-9dfe-08fa-f711-e0026d215736@debian.org>
In-reply-to: <[🔎] 20210418210136.zncczoahsyv6qfz7@mail.gaussglocke.de>
References: <[🔎] 20210413223159.6revqwltushn5t7x@mail.gaussglocke.de> <[🔎] 87k0p594ss.fsf@hope.eyrie.org> <[🔎] 20210414165708.6g33r3flj3kazydn@mail.gaussglocke.de> <[🔎] b3f7700f-4cd9-5166-4686-8f8f1a86860a@debian.org> <[🔎] 20210418210136.zncczoahsyv6qfz7@mail.gaussglocke.de>

On 4/18/21 11:01 PM, Timo Röhling wrote:
> * Stéphane Glondu <glondu@debian.org> [2021-04-16 17:12]:
>> I would be glad to help :-)
> Great!
> 
>>> With all that being said and having made my case, I am open for any
>>> reasonably secure solution (including Belenios) that we can agree on,
>>> and I will help implement it if I can.
>> And I am open to make changes in Belenios if needed.
> I'd like to raise two questions for debate:
> 
> 1. Do we want to retain the ability to vote openly?
> 
> Obviously, open votes are more transparent, which is nice and very
> appropriate for many technical issues that we might vote on. On the
> other hand, most votes in Debian are DPL elections anyway.

I'd be very much for leaving the decision of open/close to our
secretary, with most votes open, and the possibility for him to decide
when it should be closed. I trust Kurt to do the right thing whenever a
vote (like the RMS GR) needs to be closed. Otherwise, I very much prefer
if most votes were staying open.

> 2. How much are we committed to the current process that works
> exclusively via email?
> 
> Personally, I think that a structured HTML form is more accessible for
> screen readers than pure text ballots, and you can still make the web
> interface render nicely in a text browser such as Lynx or w3m.
> 
> On the other hand, some people might have considerably less trust in
> their web browser than their email client.

Exactly. Web browsers are nasty beasts, with CVEs every month.

I don't think the problem is the client though (even though I would
prefer a signed mail, for the reasons Andrew wrote). The issue is
probably more how the voting software is written, and it's general
principles (verifiability with optional anonymity comes to mind).

On 4/18/21 11:22 PM, Andrew M.A. Cater wrote:
> Just my 0.02 - but we're all probably getting well ahead of ourselves
> having just had two votes, maybe we should not be changing the system
> immediately.

I respectively don't agree. The process *will* be long until we can
change the voting system, so let's start the thinking now. It's fine for
most DDs not to be involved in at least the brain-storming phase. Maybe
we'll need another GR when we're ready, but that's probably far in the
future.

Cheers,

Thomas Goirand (zigo)

Reply to:

Follow-Ups:
- Re: DEP-16 Confidential votes
  - From: Olek Wojnar <olek@debian.org>

References:
- Re: Re: DEP-16 Confidential votes
  - From: Timo Röhling <timo@gaussglocke.de>
- Re: DEP-16 Confidential votes
  - From: Russ Allbery <rra@debian.org>
- Re: DEP-16 Confidential votes
  - From: Timo Röhling <timo@gaussglocke.de>
- Re: DEP-16 Confidential votes
  - From: Stéphane Glondu <glondu@debian.org>
- Re: DEP-16 Confidential votes
  - From: Timo Röhling <timo@gaussglocke.de>

Prev by Date: Re: DEP-16 Confidential votes
Next by Date: Re: DEP-16 Confidential votes
Previous by thread: Re: DEP-16 Confidential votes
Next by thread: Re: DEP-16 Confidential votes
Index(es):
- Date
- Thread