[csw-maintainers] GPG Key Vote -- INVALID ballot

Tue Mar 1 09:43:29 CET 2011

2011/3/1 Philip Brown <phil at bolthole.com>:
> I just tried to vote on this finally. Sadly, it seems the ballot is
> invalid. While the discussions on the list, and the "writeup" agreed
> that it should be possible to vote for "0 to 3" board positions to
> have the key, voting for 0, is not accepted.
>
> The wording around it, seems to imply that you "must" vote for at
> least one, which is bad enough.
> But the vote is configured to actually *REQUIRE* that you vote for at
> least one, in that "group" for the ballot.

Yes, that's a bug.  I didn't realize the consequences of picking a
required, grouped Yes/No multiple-answer vote.  Sorry about that.  I'm
preparing a new ballot, with four two-item radio button groups.  This
way, an independent yes/no answer will be possible for every question.

> Also, why is there not a link to the writeup, in the actual ballot?

Because ballotbin does not support adding any text directly to the
actual ballot.  The closest you can do, is adding a biographical note
to a specific answer on the ballot.  You cannot add anything on the
ballot level.  If answers are on the answer level, and you have a
single writeup, you cannot add the link to just one answer; because it
could be construed as suggesting a particular answer.  If not to just
one, you have to add the note to every answer.  As Peter F likes, to
say: consequently, I've added the link to each of the 8 answers.

> I thought that was at least agreed upon.

When discussing the dev/devel vote, we agreed[1] on sending the writeup.

2011/3/1 Philip Brown <phil at bolthole.com>:
> I also have to point out, that there was a "late entry" to this
> ballot, that was not properly investigated or written up.
> The issue of key escrow.
>
> (it was for this sort of reason exactly, that I requested that the
> exact ballot wording be made public before the vote was made active.
>  Not this shell game of, "well, we'll make a separate 'writeup'
> first, but the actual ballot will be separate, and out of view, until
> the actual vote is active)
>
> The specific problem, is that "escrow" may imply to some people, that
> it addresses the issue of "cannot take back a key, once it is handed
> out".
> Unfortunately, the proposed method (sssh, or whatever it was called),
> does not do that (to the best of my knowlege).
>
>  It splits up the key across (N) people. However, once their term of
> office is ended, the same people still have the same parts of the key.
> Nothing stops them from getting together and using it after their term
> has ended.

True.  The escrow option is not about revoking access; it's about
distributing access.  It is not worse not better than the other
options.  The threat that escrow protects against, is a single board
member using the key without the consent of other board members.
Using the key after the term of office ends, is another threat which
needs another solution.

> If my summary of the escrow is valid, please adjust the wording to
> make that clear (or preferably just remove the secondary question
> entirely), when the ballot is fixed and restarted.

Since the vote is not about key revocation, I see no reason to remove
the escrow question.

However, since there seems to be disagreement about what the ballot
should look like, I won't send out a new one before this issue is
settled.

Maciej

[1] http://lists.opencsw.org/pipermail/maintainers/2011-February/014221.html