Assuming that there's going to be a real source code review, that will also mean that COMELEC defines "any interested party" as any party who'd like to charge COMELEC P70M. Money sure smells good.
On Wed, Oct 14, 2009 at 2:45 PM, Danny Ching <[email protected]> wrote: > http://computerworld.com.ph/comelec-awards-source-code-review-to-us-lab-after-public-uproar/ > > Seems like SysTest will be reviewing the source as well. I seem to have > gotten the impression that they would not be doing that. Anyone know the > real score? > > On Wed, Oct 14, 2009 at 2:33 PM, Danny Ching <[email protected]> wrote: >> >> Doc Manalastas, I think the COMELEC announced that they will make the >> source code available on Feb 6, 2010 after the SysTest is done. Is this >> true? Is this acceptable: (1) to satisfy the law and (2) to satisfy the time >> requirements for a proper review. >> >> Two to three months, right? But Feb 6, 2010 is a Saturday, so we'll get >> the code Feb 8, 2010 (Monday). If we allot exactly three months, that means >> review will be done May 8, 2010 (also a Saturday). Isn't the election on May >> 10, 2010? Is this deliberate, so that the review process will either be moot >> and academic or it will be used to declare a failure of elections? >> >> On Wed, Oct 14, 2009 at 2:21 PM, Pablo Manalastas <[email protected]> >> wrote: >>> >>> --- On Tue, 10/13/09, Michael Mondragon <[email protected]> >>> wrote: >>> > Given the fact >>> > that we are petitioning Comelec and take a source code >>> > review, this would take us so much time >>> > and now the petition or case (some sort if >>> > ever) needs to be filed in court >>> >>> I am sorry, but a petition for mandamus has already been filed at the >>> Supreme Court by CenPEG, to force COMELEC to release the source code of the >>> election programs to interested political parties and groups. PLUG does not >>> need to file a case anymore, because the necessary case is already at the >>> Supreme Court. >>> >>> > and source code >>> > review be done by the US will be postpone, >>> >>> Again, I am sorry, but SysTest, a U.S. based company contracted by >>> COMELEC will not do a source code review, but instead will do a user >>> acceptance testing. If we go by what the newspaper reports are saying, then >>> user acceptance testing will not be delayed, because SysTest will be paid >>> PHP70 million, and for that amount SysTest will do a UAT on time. >>> >>> > this will >>> > definitely won't take source code review at all. >>> > I'm not sure if my calculation is correct, because again >>> > enough time is needed in this case and its >>> > critical. What I am thinking guys is to think what >>> > other things we can offer to be of help instead of pushing >>> > this review. >>> >>> I am not asking PLUG, as an organization, to do a source code review. My >>> original post was to tell the group that CenPEG has already brought the >>> request for the source code to the Supreme Court, since COMELEC does not >>> want to do its duty under RA-9369 section 12. Also the reason that I am >>> informing PLUG that CenPEG has brought the case to the Supreme Court is that >>> a number of PLUG members, on an individual basis (not as PLUG the >>> organization) have volunteered to help CenPEG do a source code review, and >>> it seems only proper to tell them what we at CenPEG are doing to help make >>> source code review a reality. >>> >>> ~Pablo Manalastas~ >>> >>> >>> > I don't know maybe you can help us >>> > out here and shed some light. >>> > >>> > >>> > >>> > >>> > Thanks, >>> > Michael >>> > >>> > >>> > >>> > >>> > From: Dennis >>> > Legaspi <[email protected]> >>> > To: Michael >>> > Mondragon <[email protected]>; Philippine Linux >>> > Users' Group (PLUG) Technical Discussion List >>> > <[email protected]>; Drexx Laggui [personal] >>> > <[email protected]> >>> > Sent: Tue, >>> > October 13, 2009 11:46:53 AM >>> > Subject: Re: >>> > [plug] COMELEC SUED (Was: The Death of Election 2010 Source >>> > Code Review) >>> > >>> > >>> > >>> > >>> > >>> > Not the kind of task you can completely >>> > divide into chunks. You're right. If you >>> > have 20 auditors it doesn't mean you can reduce audit >>> > time to X/20. >>> > >>> > --- On Tue, 10/13/09, Drexx Laggui [personal] >>> > <[email protected]> wrote: >>> > >>> > >>> > From: Drexx Laggui [personal] <[email protected]> >>> > Subject: Re: [plug] COMELEC SUED (Was: The Death of >>> > Election 2010 Source Code Review) >>> > To: "Michael Mondragon" >>> > <[email protected]>, "Philippine Linux >>> > Users' Group (PLUG) Technical Discussion List" >>> > <[email protected]> >>> > Date: Tuesday, October 13, 2009, 1:48 AM >>> > >>> > >>> > 12Oct2009 (UTC +8) >>> > >>> > On Mon, Oct 12, 2009 at 18:08, Michael Mondragon >>> > <[email protected]> >>> > wrote: >>> > > I am just wondering, given the fact, let's >>> > say, we got some TRO of some sort, do we still have >>> > > time to do it? How many of us here, can go with >>> > source code review then if Comelec will allow >>> > > us to review source code publicly? Though I >>> > believe in our capability as Filipinos and most of >>> > > the people here are best of breed, I'm just >>> > checking since we are running out of time. How long >>> > > can Supreme Court can interfere with this? >>> > Let's say, 2 mos. from now, can we still have much >>> > > time? >>> > >>> > Very good questions. Depends on how many people do you have >>> > behind the >>> > word "we" as well as how skilled are the >>> > "we" people. If >>> > many >>> > volunteered but are there just to learn from the exercise, >>> > then your >>> > "we" is just a mob. >>> > >>> > A proper evaluation and assurance project typically runs >>> > from 6 months >>> > to 2 years. What you'd need now is an army of highly >>> > skilled >>> > evaluators / auditors to do that. Less than that, >>> > you'll get lower >>> > assurance levels, and much less audit evidence to give the >>> > Filipinos >>> > the confidence they require in the 2010 national >>> > elections. >>> > >>> > >>> > Drexx Laggui -- CISA, CISSP, CFE Associate, ISO27001 >>> > LA, CCSI, CSA >>> > http://www.laggui.com >>> > ( Singapore / Manila / California ) >>> > Computer forensics; Penetration testing; QMS & ISMS >>> > developers; K-Transfer >>> > PGP fingerprint = 6E62 A089 E3EA 1B93 BFB4 8363 FFEC >>> > 3976 FF31 8A4E >>> > >>> > >>> > >>> > >>> > >>> > >>> > -----Inline Attachment Follows----- >>> > >>> > _________________________________________________ >>> > Philippine Linux Users' Group (PLUG) Mailing List >>> > http://lists.linux.org.ph/mailman/listinfo/plug >>> > Searchable Archives: http://archives.free.net.ph >>> _________________________________________________ >>> Philippine Linux Users' Group (PLUG) Mailing List >>> http://lists.linux.org.ph/mailman/listinfo/plug >>> Searchable Archives: http://archives.free.net.ph >> >> >> >> -- >> Regards, >> Danny Ching > > > > -- > Regards, > Danny Ching > > _________________________________________________ > Philippine Linux Users' Group (PLUG) Mailing List > http://lists.linux.org.ph/mailman/listinfo/plug > Searchable Archives: http://archives.free.net.ph > -- Paolo _________________________________________________ Philippine Linux Users' Group (PLUG) Mailing List http://lists.linux.org.ph/mailman/listinfo/plug Searchable Archives: http://archives.free.net.ph
