Skip to main content

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [List Home]
Re: [] Concern about the Helios+1 voting process ...

 It is true that doodle did require a name, but did not check it.

  I could argue that requesting a name helps a little with fraud, in that the "fraud bot" would have to come up with
reasonable names so it doesn't look suspicious.

  (Insert humorous references to recent florida elections or choose some other bogus election,
there are too many to count).

  I suggest that the PC use what we have and then decide.  It really isn't that important to churn on.


David M Williams wrote:

Planning Council,

I don't know if any of you watch the naming votes on a regular basis, ...  

But I became suspicious,  asked our webmasters if there were unusual request patterns, and it turns out there have been many http requests made from just a few IP addresses, that have some obvious non-browser user-agent headers ... strongly suggesting some "ballot stuffing" with some kiddie scripts. While this voting system and process was always meant to be informal (and not especially secure) I'm afraid I was naive and it has just been too tempting for some not to play with it, to the point of manipulation. And, the problem is, there's no way to tell how extensive the problem is. There's not that much tracing or logging done ... and it'd be pretty easy for someone to write scripts that were just a little bit more sophisticated,  spoof the user agent, and we'd not be able to detect those as fake.

So, what to do? Denis said he could (probably on Monday) add some logic to the polling mechanism to require a bugzilla login, so we'd be a little more confident that people voted just once. And I don't think it'd be bad restrict to only those with bugzilla accounts. But, if we did that, should we start over? Just give a few days for re-voting or extend the period for a few more weeks? Or, should we, the planning council, just ignore the votes and decide a good name ourselves? I don't think moving to doodle is much help, if I understand doodle's system, since that just required the user to enter a name, and we never did check that those names are "real" in any way.

I don't much like any of the alteratives, so I'm hoping some of you have a clear idea or opinion of what the best course of action would be.


_______________________________________________ mailing list IMPORTANT: Membership in this list is generated by processes internal to the Eclipse Foundation. To be permanently removed from this list, you must contact emo@xxxxxxxxxxx to request removal.

Oliver E Cole                                  oec@xxxxxxxxxxxxx
OC Systems                           
9990 Fairfax Blvd, Suite 270                   (v) 703.359.8160 x160
Fairfax, VA, 22030                             (f) 703.359.8161 

Back to the top