[
Date Prev][
Date Next][
Thread Prev][
Thread Next][
Date Index][
Thread Index]
[
List Home]
Re: [eclipse.org-planning-council] Concern about the Helios+1 voting process ...
|
If we have proof of tampering then I do not see an alternative to having a re-vote.
Tom
David M Williams---04/30/2010 04:22:53 PM---Planning Council,
From: |
David M Williams/Raleigh/IBM@IBMUS |
To: |
"eclipse.org-planning-council" <eclipse.org-planning-council@xxxxxxxxxxx> |
Date: |
04/30/2010 04:22 PM |
Subject: |
[eclipse.org-planning-council] Concern about the Helios+1 voting process ... |
Planning Council,
I don't know if any of you watch the naming votes on a regular basis, ...
http://www.eclipse.org/helios/planning/poll2011name.php
But I became suspicious, asked our webmasters if there were unusual request patterns, and it turns out there have been many http requests made from just a few IP addresses, that have some obvious non-browser user-agent headers ... strongly suggesting some "ballot stuffing" with some kiddie scripts. While this voting system and process was always meant to be informal (and not especially secure) I'm afraid I was naive and it has just been too tempting for some not to play with it, to the point of manipulation. And, the problem is, there's no way to tell how extensive the problem is. There's not that much tracing or logging done ... and it'd be pretty easy for someone to write scripts that were just a little bit more sophisticated, spoof the user agent, and we'd not be able to detect those as fake.
So, what to do? Denis said he could (probably on Monday) add some logic to the polling mechanism to require a bugzilla login, so we'd be a little more confident that people voted just once. And I don't think it'd be bad restrict to only those with bugzilla accounts. But, if we did that, should we start over? Just give a few days for re-voting or extend the period for a few more weeks? Or, should we, the planning council, just ignore the votes and decide a good name ourselves? I don't think moving to doodle is much help, if I understand doodle's system, since that just required the user to enter a name, and we never did check that those names are "real" in any way.
I don't much like any of the alteratives, so I'm hoping some of you have a clear idea or opinion of what the best course of action would be.
Thanks,
_______________________________________________
eclipse.org-planning-council mailing list
eclipse.org-planning-council@xxxxxxxxxxx
https://dev.eclipse.org/mailman/listinfo/eclipse.org-planning-council
IMPORTANT: Membership in this list is generated by processes internal to the Eclipse Foundation. To be permanently removed from this list, you must contact emo@xxxxxxxxxxx to request removal.