lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <87d09gljhj.fsf@intel.com>
Date:   Fri, 13 Mar 2020 10:58:00 +0200
From:   Jani Nikula <jani.nikula@...el.com>
To:     "Theodore Y. Ts'o" <tytso@....edu>,
        "Bird\, Tim" <Tim.Bird@...y.com>
Cc:     "tech-board-discuss\@lists.linuxfoundation.org" 
        <tech-board-discuss@...ts.linuxfoundation.org>,
        "ksummit-discuss\@lists.linuxfoundation.org" 
        <ksummit-discuss@...ts.linuxfoundation.org>,
        "linux-kernel\@vger.kernel.org" <linux-kernel@...r.kernel.org>
Subject: Re: [Ksummit-discuss] Linux Foundation Technical Advisory Board Elections -- Change to charter

On Thu, 12 Mar 2020, "Theodore Y. Ts'o" <tytso@....edu> wrote:
> So that means we need to be smart about how we pick the criteria.
> Using a kernel.org account might be a good approach, since it would be
> a lot harder for a huge number of sock puppet accounts to meet that
> criteria.

Per [1] and [2], kernel.org accounts "are usually reserved for subsystem
maintainers or high-profile developers", but apparently it's at the
kernel.org admins discretion to decide whether one is ultimately
eligible or not. Do we want the kernel.org admin to have the final say
on who gets to vote? Do we want to encourage people to have kernel.org
accounts for no other reason than to vote?

Furthermore, having a kernel.org account imposes the additional
requirement that you're part of the kernel developers web of trust,
i.e. that you've met other kernel developers in person. Which is a kind
of awkward requirement for enabling electronic voting to be inclusive to
people who can't attend in person.

Seems like having a kernel.org account is just a proxy for the criteria,
and one that also lacks transparency, and has problems of its own.

Not that I'm saying there's an easy solution, but obviously kernel.org
account is not as problem free as you might think.

BR,
Jani.


[1] https://www.kernel.org/faq.html
[2] https://korg.wiki.kernel.org/userdoc/accounts

-- 
Jani Nikula, Intel Open Source Graphics Center

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ