[Development] Formal voting procedure for Qt Project

Daniel Smith daniel.smith at qt.io
Mon Oct 18 13:36:36 CEST 2021

Hi Alberto,

Thanks for the input. Though the vote needs to be secret while underway, I've come up with a solution that I hope satisfies. Please look at the staging bot at https://qt-cherry-pick-bot-staging.herokuapp.com/voting

Users will now be assigned an auto-generated, random moniker when they vote, and the list of anonymized voters will be shown to the left of the voting form. When voting is closed, the individual votes will be visible, but still only for the monikers. Real usernames should never be revealed, as doing so could be a disincentive to voting in the first place.
As an additional measure, there's now a "Retrieve my vote" button which will show your vote. Authentication is still required to show your vote, so only you can view it.
Retrieving your vote will also remind you of your moniker, so you can verify it's showing in the list of counted votes.

Of course, this does not cover the problem of a hack to insert additional votes, though one would need to either hijack an existing maintainer or approver account, or hack gerrit in order to inject a new user into the Approver or Maintainer group to gain a vote.- Something that we'd have a difficult time stopping if someone were that determined anyhow. If an audit is required in the end, we would have useful information on when gerrit accounts were created and would be able to hand-verify that all the users who voted are real people who should have the right to vote.


-----Original Message-----
From: Development <development-bounces at qt-project.org> On Behalf Of Alberto Mardegan
Sent: Sunday, October 17, 2021 12:10 PM
To: development at qt-project.org
Subject: Re: [Development] Formal voting procedure for Qt Project

  I know I'm coming too late with this, but maybe it's something that can be considered as for future developments of the voting bot:

On 04/10/21 13:08, Daniel Smith wrote:
> If anyone wishes to verify that their personal vote has been recorded correctly, they can email gerrit-admin at qt-project.org to have an independent party with database access verify their vote appears correctly in the system.

IMHO the bot should make the vote public: there should be a static page, visible to everybody (even non authenticated users), containing a list of names (or signatures) and their vote next to each signature.

The trick is that these names do not need to be real: once the voter authenticates him/herself into the system, he/she casts a vote and types in a signature, which of course does not need to be his/her real name, but anything that he/she will now know to be associated with the vote:
it can be a name like Napoleon, or a sentence like "The lazy fox jumped again".

In this way every voter would be able to independently verify that his/her vote was counted correctly by just looking at this static page ("is my signature there, and with the vote I casted next to it?"), and everyone interested can know (by seeing that no voter is protesting about his/her vote not being in the page) that no fraud occurred.

This still leaves the door open to hackers inserting more votes into the voting bot, but then this could also be tackled by showing at the top of the page the list of the usernames of the people who voted: if the total number of voting usernames is not equal to the total number of votes registered, again we know that the vote is not correct.


http://www.mardy.it - Geek in un lingua international _______________________________________________
Development mailing list
Development at qt-project.org

More information about the Development mailing list