[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Vote for the Debian Project Leader Election 2005



On Tue, 5 Apr 2005 19:44:08 -0600, Wesley J Landaker <wjl@icecavern.net> said: 

> On Tuesday 05 April 2005 19:29, Manoj Srivastava wrote:
>> On Tue, 5 Apr 2005 21:38:51 +0200, David Schmitt
>> david@schmitt.edv-bus.at> said:
>> > On Tuesday 05 April 2005 19:29, Manoj Srivastava wrote:
>> >> On Mon, 4 Apr 2005 10:18:26 +0100, Matthew Garrett
>> >>
>> >> mgarrett@chiark.greenend.org.uk> said:
>> >> > If I sign three votes over the course of a day and then send
>> >> > them in reverse order, will the votes that were signed earlier
>> >> > be accepted even if they were sent later?
>> >>
>> >> Sure. As far as devotee is concerned, the ordering when the
>> >> ballots were received is the only one that matters.  Since email
>> >> ordering is not guaranteed, you may wish to wait for devotee's
>> >> ack is you are firing off multiple ballots.
>> >
>> > So any signed vote made public can be used to override any later
>> > decision by the voter in question by replaying the publicised
>> > mail and signature.
>> 
>> No, that would be stupid. This is why we have a guard against
>> replay attacks.

> But if the original vote that was signed and posted publicly was
> never sent in, then there wouldn't be any record of the vote--so if
> it was sent in at the last minute, devotee would be seeing it for
> the first time...

	Sure. If people are gonna make signed votes public and not
 send them in before changing their minds, that can be used to
 override their decision. So don't do that.

	manoj
-- 
I have a TINY BOWL in my HEAD
Manoj Srivastava   <srivasta@debian.org>  <http://www.debian.org/%7Esrivasta/>
1024D/BF24424C print 4966 F272 D093 B493 410B  924B 21BA DABB BF24 424C



Reply to: