While trying to find the definition of the multi-winner SPI method for Antti-Juhani Kaijanaho, I spotted this little gem in Article Five of http://www.spi-inc.org/corporate/by-laws which relates to comments I made elsewhere:
"Ballots concerning election or removal of officers shall be secret ballots." At present, ballots are (correctly IMO) described as confidential, not secret, on the voting pages like https://members.spi-inc.org/vote/election.php?ref=6 One way they are not secret is that votes seem to be stored on that server indefinitely. Any webmaster of members.spi-inc could see all of our past votes back to at least 2004, right? I don't want to change the by-laws, so can the election system be changed to offer a secret ballot instead of a confidential one? One possibility is to require the secret cookie to change one's vote. That does mean if the secret cookie is lost after voting, a vote can't be changed (has-voted would need to be tracked seperately). Also, I don't know whether recent developments in MD5 hash collisions make this unsafe. Comments? Any other ways to fix this? Thanks, -- MJ Ray - see/vidu http://mjr.towers.org.uk/email.html Experienced webmaster-developers for hire http://www.ttllp.co.uk/ Also: statistician, sysadmin, online shop builder, workers co-op. Writing on koha, debian, sat TV, Kewstoke http://mjr.towers.org.uk/ _______________________________________________ Spi-general mailing list [email protected] http://lists.spi-inc.org/listinfo/spi-general
