On Wed, May 03, 2006 at 02:11:35PM +0200, Christian.Iseli@xxxxxxxx wrote: > > jwboyer@xxxxxxxxxxxxxxxxxx said: > > Sure there is. In a script, verify the signature, record the results > > somewhere, record that person X voted (but not what his/her votes were), > > delete the email. > > Sure, that's fine with me. But the underlying question is: > will you trust me to run this on my machine ? > > (In the question, you can replace "you", "me", and "my" with many other person/ > company names) A fair point. One that I think is personally up to the individual. My plan would be to have the script running on a fedoraproject.org machine. They already provide the packages you install from Extras, so there is some level of trust implied :). I think it's obvious that the gpg-signed emails are intended only to track: 1) That the voter has completed the CLA and is in the cvsextras group 2) That ballot stuffing isn't occuring If there is another way that the above can be accomplished in a completely anonymous fashion, great. I haven't seen anything that won't take a significant amount of time. As a side note, I personally could care less whether the ballots were secret. However, it seems to be an important issue to others and we need to make sure everyone is comfortable with how this should work. josh -- fedora-extras-list mailing list fedora-extras-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-extras-list
