headers
Stephen Waters | 15 May 2002 17:17
Favicon

Re: [atlarge-discuss] online voting

On Tue, 2002-05-14 at 16:00, Eray Ozkural wrote:
>
> Last time the debian organization (www.debian.org) used a quite satisfactory 
> election system. It may be worthwhile.

I wish they would package the software tabulation software (probably
some Perl scripts) they use. If I understand the procedure correctly:

Every Debian developer has:
1) an  <at> debian.org address
2) an OpenPGP key

For the voting process: 
1) The Project Secretary emails out a ballot
http://www.debian.org/vote/howto_vote

2) Each developer PGP signs the mail and sends it to the proper address
3) Software tabulates the votes according to the Constitution
4) Project Secretary certifies the results

-sw
Permalink | Reply | 16 comments |
headers
Josip Rodin | 15 May 2002 18:45
Picon

Re: [atlarge-discuss] online voting

On Wed, May 15, 2002 at 10:17:01AM -0500, Stephen Waters wrote:
> Every Debian developer has:
> 1) an  <at> debian.org address

Well, this isn't true for some corner cases, and isn't relevant to voting.
The developers' identities are recognized using the keys with which they
sign the voting ballot, regardless of which email address they use.

-- 
     2. That which causes joy or happiness.

--

-- 
To UNSUBSCRIBE, email to debian-vote-request <at> lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster <at> lists.debian.org
Permalink | Reply | 0 comments |
headers
Eray Ozkural | 15 May 2002 19:42
Picon
Favicon

Re: [atlarge-discuss] online voting

On Wednesday 15 May 2002 18:17, Stephen Waters wrote:
> For the voting process:
> 1) The Project Secretary emails out a ballot
> http://www.debian.org/vote/howto_vote
>
> 2) Each developer PGP signs the mail and sends it to the proper address
> 3) Software tabulates the votes according to the Constitution
> 4) Project Secretary certifies the results

Yes. I think it also has the kind of cryptographic secrecy and openness that 
would be useful for you. I'm sure the person(s) who have designed and written 
the code will be of assistance.

Regards,

-- 
Eray Ozkural (exa) <erayo <at> cs.bilkent.edu.tr>
Comp. Sci. Dept., Bilkent University, Ankara
www: http://www.cs.bilkent.edu.tr/~erayo  Malfunction: http://mp3.com/ariza
GPG public key fingerprint: 360C 852F 88B0 A745 F31B  EA0F 7C07 AE16 874D 539C

--

-- 
To UNSUBSCRIBE, email to debian-vote-request <at> lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster <at> lists.debian.org
Permalink | Reply | 0 comments |
headers
Manoj Srivastava | 15 May 2002 20:27
X-Face
Picon
Favicon

Re: [atlarge-discuss] online voting

Hi,

        The current voting system is slowly getting packaged; the name
 of the package is going to be devotee (DEbian VOTE Engine). It is,
 unfortunately, not really high on my list of things to do.

	manoj
-- 
 Never buy from a rich salesman. Goldenstern
Manoj Srivastava   <srivasta <at> debian.org>  <http://www.debian.org/%7Esrivasta/>
1024R/C7261095 print CB D9 F4 12 68 07 E4 05  CC 2D 27 12 1D F5 E8 6E
1024D/BF24424C print 4966 F272 D093 B493 410B  924B 21BA DABB BF24 424C

--

-- 
To UNSUBSCRIBE, email to debian-vote-request <at> lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster <at> lists.debian.org
Permalink | Reply | 13 comments |
headers
Vittorio Bertola | 16 May 2002 10:27

Re: [atlarge-discuss] online voting

On Wed, 15 May 2002 13:27:07 -0500, you wrote:

>Hi,
>
>        The current voting system is slowly getting packaged; the name
> of the package is going to be devotee (DEbian VOTE Engine). It is,
> unfortunately, not really high on my list of things to do.

In your process, how do you distribute the PGP keys? Once voters have
a key, you can be sure that the vote is theirs, but how do you
identify a new person who has to be given a key, and how do you verify
his/her identity?
(And thanks for your help)
-- 
.oOo.oOo.oOo.oOo vb.
Vittorio Bertola     <vb <at> vitaminic.net>    Ph. +39 011 23381220
Vitaminic [The Music Evolution] - Vice President for Technology

DISCLAIMER, PLEASE NOTE: This communication is intended only for use by the
addressee. It may contain confidential or privileged information. 
Transmission, distribution and/or copy cannot be permitted. Please notify
immediately the sender by replying if you are not the intended recipient.

--

-- 
To UNSUBSCRIBE, email to debian-vote-request <at> lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster <at> lists.debian.org
Permalink | Reply | 12 comments |
headers
Joost van Baal | 16 May 2002 11:31

Re: [atlarge-discuss] online voting

On Thu, May 16, 2002 at 10:27:06AM +0200, Vittorio Bertola wrote:
> 
> In your process, how do you distribute the PGP keys? Once voters have
> a key, you can be sure that the vote is theirs, but how do you
> identify a new person who has to be given a key, and how do you verify
> his/her identity?

This is documented on http://www.debian.org/devel/join/nm-step2 .

Bye,

Joost

--

-- 
                               . .                  http://mdcc.cx/
Joost van Baal                .   .
                              .   .
                               . .            http://logreport.org/
Permalink | Reply | 0 comments |
headers
Federico Di Gregorio | 16 May 2002 12:02
Favicon
Gravatar

Re: [atlarge-discuss] online voting

Il gio, 2002-05-16 alle 10:27, Vittorio Bertola ha scritto:
> On Wed, 15 May 2002 13:27:07 -0500, you wrote:
> 
> >Hi,
> >
> >        The current voting system is slowly getting packaged; the name
> > of the package is going to be devotee (DEbian VOTE Engine). It is,
> > unfortunately, not really high on my list of things to do.
> 
> In your process, how do you distribute the PGP keys? Once voters have
> a key, you can be sure that the vote is theirs, but how do you
> identify a new person who has to be given a key, and how do you verify
> his/her identity?

a requirement for a new debian developer is to have his gpg key signed
by a full developer. we have quite a big web of trust in debian.

--

-- 
Federico Di Gregorio
Debian GNU/Linux Developer & Italian Press Contact        fog <at> debian.org
INIT.D Developer                                           fog <at> initd.org
                           Don't dream it. Be it. -- Dr. Frank'n'further
Permalink | Reply | 10 comments |
headers
Vittorio Bertola | 16 May 2002 15:01

Re: [atlarge-discuss] online voting

On 16 May 2002 12:02:15 +0200, you wrote:

>> In your process, how do you distribute the PGP keys? Once voters have
>> a key, you can be sure that the vote is theirs, but how do you
>> identify a new person who has to be given a key, and how do you verify
>> his/her identity?
>
>a requirement for a new debian developer is to have his gpg key signed
>by a full developer. we have quite a big web of trust in debian.

So, to apply this system to ICANN, we would have to build the At Large
membership by cooptation, ie each new member would have to be
introduced by another one. This could be somewhat interesting, but I
guess it could be not open enough for our scale and purposes.

--

-- 
To UNSUBSCRIBE, email to debian-vote-request <at> lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster <at> lists.debian.org
Permalink | Reply | 9 comments |
headers
Steve Langasek | 16 May 2002 18:11
Favicon

Re: [atlarge-discuss] online voting

On Thu, May 16, 2002 at 03:01:38PM +0200, Vittorio Bertola wrote:
> On 16 May 2002 12:02:15 +0200, you wrote:

> >> In your process, how do you distribute the PGP keys? Once voters have
> >> a key, you can be sure that the vote is theirs, but how do you
> >> identify a new person who has to be given a key, and how do you verify
> >> his/her identity?

> >a requirement for a new debian developer is to have his gpg key signed
> >by a full developer. we have quite a big web of trust in debian.

> So, to apply this system to ICANN, we would have to build the At Large
> membership by cooptation, ie each new member would have to be
> introduced by another one. This could be somewhat interesting, but I
> guess it could be not open enough for our scale and purposes.

Debian has chosen this particular method because it's consistent with
our goals as a community: a PGP web of trust maps closely onto the
relationships that have to exist among us as developers of an operating
system.  For ICANN, I'm pretty sure that this does not apply; so
requiring all PGP keys to be signed by someone already in ICANN is
probably not the way to go about it.  You can choose a different method
that provides the right balance of security and convenience for your
organization.  You might accept PGP keys with only email verification,
you might accept them printed out and sent by normal mail, you might
accept keys that have been signed into the global web of trust.  Each
approach offers a different degree of authenticity, and carries with it
a different degree of overhead.

Steve Langasek
(Continue reading)

Permalink | Reply | 6 comments |
headers
Manoj Srivastava | 17 May 2002 04:18
X-Face
Picon
Favicon

Re: [atlarge-discuss] online voting

>>"Vittorio" == Vittorio Bertola <vb <at> vitaminic.net> writes:

 Vittorio> So, to apply this system to ICANN, we would have to build
 Vittorio> the At Large membership by cooptation, ie each new member
 Vittorio> would have to be introduced by another one. This could be
 Vittorio> somewhat interesting, but I guess it could be not open
 Vittorio> enough for our scale and purposes.

	Not necessarily. You could have members send in the key
 fingerprint signed by a notary, or snail mailed with corporate letter
 head. How _do_ you authenticate members now? 

	manoj
-- 
 The likelihood of anything happening is in direct proportion to the
 amount of trouble it will cause if it does happen.  -- Sam W. Warren
Manoj Srivastava   <srivasta <at> debian.org>  <http://www.debian.org/%7Esrivasta/>
1024R/C7261095 print CB D9 F4 12 68 07 E4 05  CC 2D 27 12 1D F5 E8 6E
1024D/BF24424C print 4966 F272 D093 B493 410B  924B 21BA DABB BF24 424C

--

-- 
To UNSUBSCRIBE, email to debian-vote-request <at> lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster <at> lists.debian.org
Permalink | Reply | 1 comment |

Gmane