[ZF] re: electronic voting application

[Jim Fulton]

Tres Seaver wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
> 
> Jim Fulton wrote:
> 
>>Jens Vagelpohl wrote:
>>
>>
>>>-----BEGIN PGP SIGNED MESSAGE-----
>>>Hash: SHA1
>>>
>>>
>>>On 7 Apr 2006, at 11:25, Jim Fulton wrote:
>>>
>>>
>>>>So far, I haven't heard anyone volunteer to implement/run a
>>>>GPG/email-based system.
>>>
>>>
>>>
>>>You're right, because there is *nothing* to implement on the ZF side, 
>>>except fo the person who tallies up the vote ensuring there is only 
>>>one vote per voter, and the signature on the vote matches the pre-
>>>announced signature of that person (or the signature from that person 
>>>stored on a key server).
>>
>>
>>So will we use a personal address or set up a mailbox?
> 
> 
> I would guess that setting up a mailbox
> ('secretary at foundation.zope.org'?) would be trivial.

trivial != no effort

...

>>What is involved in validating the signatures?
> 
> 
> Looking for the "good signature" icon in a GPG-enabled mail client?
> Assuming that the keyring of that user has voters keys installed, this
> is literally "no work" -- for instance, Jens' amil shows in my client
> wih "UNTRUSTED Good signature from Jens Vagelpohl (Private)
> <jens at deataflake.org" at the top, and a graphic indicating the same status.
> 
> 
>>Who is going to coordinate the necessary web of trust?
> 
> 
> Web of trush is overkill for this use case.  Users will submit their key
> information (fingerprint, e-mail address, keyserver) with their
> application.  The secretary will fetch each key into his keyring, using
> the tools provided by his mailer (maybe he runs a separate Thunderbird
> profile for this account?)

Doesn't sound like no work to me.

If someone wants to volunteer to do all this, it's OK
with me.


Jim

-- 
Jim Fulton           mailto:jim at zope.com       Python Powered!
CTO                  (540) 361-1714            http://www.python.org
Zope Corporation     http://www.zope.com       http://www.zope.org