Re: Democracy in Debian
- To: debian-vote@lists.debian.org
- Subject: Re: Democracy in Debian
- From: Manoj Srivastava <srivasta@debian.org>
- Date: Sun, 05 Mar 2006 07:26:34 -0600
- Message-id: <[🔎] 87irqtvx85.fsf@glaurung.internal.golden-gryphon.com>
- Mail-followup-to: debian-vote@lists.debian.org
- In-reply-to: <20060208223215.GC31437@capsaicin.mamane.lu> (Lionel Elie Mamane's message of "Wed, 8 Feb 2006 23:32:15 +0100")
- References: <pan.2006.02.02.18.33.57.202993@doganov.org> <871wylshqb.fsf@glaurung.internal.golden-gryphon.com> <86slr092r0.fsf_-_@alhambra.kuesterei.ch> <87psm4vj6d.fsf@kaylee.killeri.net> <20060207093407.GA18515@capsaicin.mamane.lu> <20060207105040.GN21366@p12n.org> <20060207154722.GA20385@capsaicin.mamane.lu> <87u0ba3bxc.fsf@glaurung.internal.golden-gryphon.com> <20060208093418.GA27064@capsaicin.mamane.lu> <874q393o29.fsf@glaurung.internal.golden-gryphon.com> <20060208223215.GC31437@capsaicin.mamane.lu>
On 8 Feb 2006, Lionel Elie Mamane verbalised:
> On Wed, Feb 08, 2006 at 08:47:10AM -0600, Manoj Srivastava wrote:
>> On 8 Feb 2006, Lionel Elie Mamane said:
>>> On Tue, Feb 07, 2006 at 06:57:03PM -0600, Manoj Srivastava wrote:
>>>> On 7 Feb 2006, Lionel Elie Mamane spake thusly:
>
>>>>> Should the situation arise with the current constitution, the
>>>>> secretary can use 7.1.4 to avoid impropriety
>
>>>> Additionally, there are already means of doing an audit that
>>>> can check any results after the fact;
>
>>> Only if the secretary hands over the ballots. Which I don't see
>>> him being forced to do by constitutional rule. I'm not intimate
>>> with all the commas of the constitution; can the secretary make a
>>> vote "secret ballot" like the DPL election?
>
>> Which only goes to show that you really do not understand
>> how Debian works. Are you not aware that vote have already been
>> audited before? That anyone with root on master already has access
>> to all ballots? That the DPL's can ask an audot to be poerformed
>> anyway?
>
> I didn't see such a specific DPL power in the constitution. Would it
> fall under the general phrasing of 5.1.4?
I would think so. That is a general catch all.
>> You think the Secretary hides ballots on machines not
>> accessible to the DSA?
>
> I don't think you currently do, nor that you ever did, nor that any
> of your predecessors did. But the constitution says:
>
> Votes are cast by email in a manner suitable to the Secretary.
>
> So if the Secretary deems it suitable to send them to an address out
> of control of DSA, what happens?
Then, if there is a question of auditing the vote, and if such
an audit can't be conducted with any degree of assurance, the
project, or the DPL, could determine that the voting was void, and
set up a revote.
> There is a difference between what the constitution requires to
> happen and what happens in practice. People can do things _better_
> than required by the constitution and seem to do so.
If you want to make the constitution complete, and absolutely
cover all possible corner cases (in advance of a reasonable
probability of such cases actually occurring), then we need something
like a the penal code of the US. An exhaustive and complete
constitution, even if it were possible, would be too large to be
useful in practice to meet changing needs of the project. In other
words, it would lead to a rigid system, incapable of adapting and
changing, and tedious to get familiar with.
>> I really think you need to familiarize yourself with the
>> constitution if you want to start talking about how the secretary
>> can hijack elections, and thus must be restrained.
>
> I thought about this a while ago (to decide whether the Debian
> system could be used in another context) and what I remember from my
> conclusions was:
>
> - Votes were ballots get revealed seem safe; one would have to break
> the OpenPGP signature system to "hijack" them. This assumes that
> "many" people can get access to the actual signed ballots.
Certainly true for all votes that have ever been held in
Debian.
> - The secretary acts as a trusted person for secret ballot
> elections. Unless someone else sees the actual signed ballots
> (which the constitution doesn't require), he can "stuff" the vote
> with fake ballots of people that haven't voted at all (I presume
> that people that didn't make the effort to vote are quite unlikely
> to make the effort to check that they are not on the voter's list)
> or are unlikely to check their entry in the tally sheet.
The constitution does not require everything needed to conduct
a secure vote. The constitution does not require ballots to be signed
either.
I personally feel that bloating the constitution to provide
for a secure votes is, err, not the right thing to do. If you find a
major flaw in actual mechanisms, please bring forth your concerns to
me, or the DPL.
manoj
--
We secure our friends not by accepting favors but by doing
them. Thucydides
Manoj Srivastava <srivasta@debian.org> <http://www.debian.org/%7Esrivasta/>
1024D/BF24424C print 4966 F272 D093 B493 410B 924B 21BA DABB BF24 424C
Reply to: