[Development] Formal voting procedure for Qt Project

Daniel Smith daniel.smith at qt.io
Mon Oct 4 12:08:12 CEST 2021

The results of the voting bot are stored in a Heroku postgres database, to which only three or four people have access to at the moment, including myself. Logging from the bot and database records IP address, timestamps, usernames, and which general action the user took such as voting, updating their vote, or retracting their vote. From this information alone there's a basic level of traceability without violating user's right to a private vote. The logs also have the same tightly restricted access as the database. These logs and the database will be deleted two weeks after closing the vote.

If anyone wishes to verify that their personal vote has been recorded correctly, they can email gerrit-admin at qt-project.org to have an independent party with database access verify their vote appears correctly in the system.

As far as discovery of voter fraud, I think we'll probably need to go with an independent arbiter with the logs and raw database if anyone contests the result or their vote. I believe any system that I could implement in short-order to provide the user with a vote-hash they can use as proof-of-vote, for example, would probably not be secure enough to guarantee it to be impossible to spoof, and would still require trust of the gerrit-admins or an independent arbiter to verify. It may just be better to avoid it altogether for the time being, revisiting this issue if we want to bake this system into the governance model. 


-----Original Message-----
From: Development <development-bounces at qt-project.org> On Behalf Of Lorn Potter
Sent: Monday, October 4, 2021 11:32 AM
To: development at qt-project.org
Subject: Re: [Development] Formal voting procedure for Qt Project

On 2/10/21 3:43 AM, Lars Knoll wrote:
> I’d like to propose that we implement a voting procedure using this voting bot. We need it for this one case, but would also benefit from having such a tool in other cases, where the lazy consensus model might not be the best solution.
> We wouldn’t be the first ones to do that, there are other open source communities out there that have secret voting procedures in place.
> Please let me know what you think.

Just brainstorming here... I have no idea if this is a good idea or not. :)

How about some 'audit' and/or 'certification' procedure? Or some way to discover if the system has been gamed or hacked in some way. 3rd party overseers or somesuch thing?

Lorn Potter
Freelance Qt Developer. Platform Maintainer Qt WebAssembly, Maintainer QtSensors Author, Hands-on Mobile and Embedded Development with Qt 5

Development mailing list
Development at qt-project.org

More information about the Development mailing list