[FFmpeg-devel] [ANNOUNCE] Repeat vote: GA voters list updates

Tomas Härdin git at haerdin.se
Tue Nov 14 17:56:24 EET 2023


tis 2023-11-14 klockan 13:49 +0100 skrev Thilo Borgmann via ffmpeg-
devel:
> Am 14.11.23 um 10:28 schrieb Tomas Härdin:
> > lör 2023-11-11 klockan 10:42 +0100 skrev Jean-Baptiste Kempf:
> > > 
> > > You have been told, now, several times, that a list of email is a
> > > collection of Private Information,  according to a GDPR and that
> > > you
> > > are a process of this PI, and therefore liable to the law.
> > 
> > Everyone with a copy of the git repository already has this
> > information, and it has been willingly given by all contributors.
> > Is
> > further processing of already extant PI really not permissible
> > according to the GDPR? Do we have to seek permission from all
> > contributors to publish our git repositories containing PI that
> > they
> > have already given implicit permission to publish?
> 
> +1 that it is no problem to reshare public information.
> A problem would arise if we connect this information with other
> information - new unknown information or an unknown link between the
> two.

Makes sense to me.

> > That said, this part strikes me as far more relevant wrt the GDPR:
> > 
> > > I patched the voting system to log all authorized voters in the
> > > future to prevent this situation in the future.
> 
> The logfile before:
> 
> Sun Nov  5 11:04:32 2023 127.0.0.1 Sending mail to a voter for poll
> E_af2d343f39602862
> Sun Nov  5 11:04:32 2023 127.0.0.1 Sending mail to a voter for poll
> E_af2d343f39602862
> 
> The logfile afterwards:
> 
> Sun Nov  5 11:04:32 2023 127.0.0.1 Sending mail to a voter for poll
> E_af2d343f39602862 something at somewhere.com
> Sun Nov  5 11:04:32 2023 127.0.0.1 Sending mail to a voter for poll
> E_af2d343f39602862 somethingelse at somewhereelse.com
> 
> The other outputs are unchanged.
> This does not break any privacy about the ballots - it is still
> unknown what ballots voted if at all neither what that ballot
> eventually voted for.

Ballot secrecy cannot actually be guaranteed. While I'm not versed in
the specifics of CIVS, I doubt it has solved problems like evil
sysadmin. Ballots should be public IMO, secret voting is cowardice.
That way duplicate ballots are easily filtered out ex-post and
scrutable to all.

/Tomas


More information about the ffmpeg-devel mailing list