RFC: anonymous voting system
- From: Vincent Untz <vuntz gnome org>
- To: Foundation-List <foundation-list gnome org>
- Cc: elections gnome org
- Subject: RFC: anonymous voting system
- Date: Sun, 25 Sep 2005 17:07:58 +0200
Hi,
Last year, it was decided in a referendum that the Foundation will use
an anonymous voting system. There was some discussion on how to do it,
but in the end, nobody wrote anything.
As the next elections (and a possible referendum) are just around the
corner, we had to act. So I wrote some (most probably ugly) code.
You can test the system here: http://vuntz.net/tmp/voting/
You can download the code here: http://vuntz.net/tmp/anonvoting.tgz
Please have a look at it. If you think it's done the wrong way, send me
patches, or a good implementation of an anonymous voting system. I don't
want to be stuck in discussions for months since nothing has happened
for months and we need something really soon now.
This is a web-based system. I didn't want to work with e-mails again
since there are a lot of problems when we process them (the script used
in the current system to count the votes processes mail and it's been a
big pain in the past).
Here's a quick summary of how it works:
+ The membership & elections committee sends a mail to the members
containing an ID (the member's e-mail) and a token. This token
is not anonymous.
+ The member goes to the website, logs in, chooses her vote and
confirms her vote.
+ When the member confirms her vote, a new random token is generated.
This token is only used to save the vote and is displayed to the
member. There's no link between the member and this token.
+ The first non-anonymous token is removed so the member can not
vote twice.
Here's a quick summary of the limitations of this system:
+ Right now, users with access to the database can know who
didn't vote.
=> This is fixable and I'll do it if people think it has to be
fixed.
+ The initial token will be sent by mail to the members. Mail is not
secure and it could be intercepted by anyone.
=> This is not different from what we have right now. Anonymous does
not necessary means secure. While having something totally secure
would be great, I believe we can do this later.
+ We probably won't have SSL for this system, so there could be some
"attack" here too.
=> Same answer
+ You'll need to trust people with access to the database/code since
they can do a lot of bad things.
=> You already trust the membership & elections committee and the
gnome.org admins, don't you? :-) More seriously, this is again
something that is not different from the current system.
If there's no big complain about it, it will be the system that will be
used for the next vote.
Thanks,
Vincent
--
Les gens heureux ne sont pas press�
[
Date Prev][
Date Next] [
Thread Prev][
Thread Next]
[
Thread Index]
[
Date Index]
[
Author Index]