[ZF] re: electronic voting application

Tres Seaver tseaver at palladion.com
Fri Apr 7 08:25:54 EDT 2006 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Jim Fulton wrote:
> Jens Vagelpohl wrote:
> 
>> -----BEGIN PGP SIGNED MESSAGE-----
>> Hash: SHA1
>>
>>
>> On 7 Apr 2006, at 11:25, Jim Fulton wrote:
>>
>>> So far, I haven't heard anyone volunteer to implement/run a
>>> GPG/email-based system.
>>
>>
>>
>> You're right, because there is *nothing* to implement on the ZF side, 
>> except fo the person who tallies up the vote ensuring there is only 
>> one vote per voter, and the signature on the vote matches the pre-
>> announced signature of that person (or the signature from that person 
>> stored on a key server).
> 
> 
> So will we use a personal address or set up a mailbox?

I would guess that setting up a mailbox
('secretary at foundation.zope.org'?) would be trivial.

>  Who is going
> to validate the GPG signatures and count the votes?

For board votes, the secretary:  in fact, the e-mails themselves would
be part of the electronic record.

For membership-wide votes (typically only to elect the board and amend
by-laws), the secretary and a "tellers" group, drawn from the existing
board.

> What is involved in validating the signatures?

Looking for the "good signature" icon in a GPG-enabled mail client?
Assuming that the keyring of that user has voters keys installed, this
is literally "no work" -- for instance, Jens' amil shows in my client
wih "UNTRUSTED Good signature from Jens Vagelpohl (Private)
<jens at deataflake.org" at the top, and a graphic indicating the same status.

> Who is going to coordinate the necessary web of trust?

Web of trush is overkill for this use case.  Users will submit their key
information (fingerprint, e-mail address, keyserver) with their
application.  The secretary will fetch each key into his keyring, using
the tools provided by his mailer (maybe he runs a separate Thunderbird
profile for this account?)

>  I don't know a lot about GPG,
> but I know enough to be skeptical that it will require
> no work for the people tallying the votes.  But as long as
> it isn't me, whatever.

Tres.
- --
===================================================================
Tres Seaver          +1 202-558-7113          tseaver at palladion.com
Palladion Software   "Excellence by Design"    http://palladion.com
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.1 (GNU/Linux)
Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org

iD8DBQFENlpS+gerLs4ltQ4RAk2vAKDYkM7M7kdZxBl2LzdSGWqn046gXgCg2vTQ
/eJP0c2R/TSa8R3r/+wyQMU=
=AbGZ
-----END PGP SIGNATURE-----

More information about the Foundation mailing list