Re: Informal Discussion: Identities of Voters Casting a Particular Ballot are No Longer Public

[Sam Hartman]

I hear where people are coming from, when they talk about not wanting to
bundle things, but do not plan to conduct multiple
votes.
Fortunately, especially under the constitutional amendment we just
passed, others who want us to act differently have the flexibility to
argue for that.

One of the things I've learned being in Debian for over 20 years is that
agreeing on the question is sometimes harder than agreeing on the
answer.
Whether something is "bundled" or not depends on how you view the
problem.  I think the best example of this was the init systems
discussion within the TC, although it was clear that during several GRs
we never did come to agreement on what question we were voting on.


IN this instance, I consider the secretary changes sufficiently related
to the secret vote changes that I don't consider them bundled.  Also,
given the DPL's concerns about the number of GRs that are queued, I'd
rather not have more votes than we need.  I also believe that what I'm
is consistent with what we've done in the past.
Russ's proposal, which we just passed, included changes both to the TC
voting process and to the GR voting process.
We chose to vote on them all at once because they were related.
In my mind the changes are related enough that  it might affect how I
rank them.


It's also a reasonable position to view the secretary changes
as seperable and even to argue about whether the secretary changes or
the secret ballot changes should happen first.  It's even reasonable to
argue about whether removing the requirement that votes be conducted via
email is a third separable option.  And you could even disagree on the
order of all three of these potentially independent votes.



If you would like to see things unbundled, you have a few options:
Once there is a formal GR on the table, you could:

1) propose and unbundled option.
For example, if you think we should vote on the secretary changes first
and you like them, you could propose an option that includes the
secretary changes without the secret ballot changes.
That option would also be appealing to people who like the secretary
changes but who never want to see the secret ballot changes pass.  You
might think that's great.  Or you might want to explicitly add text to
your option saying that you think  we should vote on secret ballots
later, so that if your option wins, people don't think we'vedecided
against secret ballots.


2) If you don't want to see things intermingled on the same ballot, you
could propose an option explaining what order you think we should vote
on.
Something like "The Debian project believes these issues should be
decided in separate votes.  We should first decide on whether to have a
mechanism for overriding the secretary and then decide on  whether to
have secret ballots."

Voters will then get to choose whether they want to get it all over with
at
wonce or whether they want to handle things separately.
I think that's the best way we can do given that we have historically
found it next to impossible to agree on what question we are asking or
what order to ask them in.

--Sam

Re: Informal Discussion: Identities of Voters Casting a Particular Ballot are No Longer Public

[Judit Foglszinger]

> > I've also got concerns about batching up unrelated changes, with
> > potentially controversial ones. And even if minor I'd prefer to see
> > those debundled, even at the cost of additional GRs.
> 
> If the only contentious point is the secrecy of votes, we could have an
> amendment that includes all the other proposed changes, minus that one.

I also agree with those, who speak against bundling.  I'd like to be able
to vote for something without needing to additionally vote for something else
that is unrelated and I might even not want.
If something is important enough to change the constitution for it,
it's also important enough to have a separate vote on it.


signature.asc
Description: This is a digitally signed message part.

Re: Informal Discussion: Identities of Voters Casting a Particular Ballot are No Longer Public

[Antonio Terceiro]

On Fri, Feb 18, 2022 at 01:13:50PM +0100, Guillem Jover wrote:
> On Sun, 2022-02-13 at 14:28:44 -0700, Sam Hartman wrote:
> > This starts informal discussion of a proposed general resolution to
> > amend the constitution.  I am not seeking sponsors at this time.
> > Comments including support or alternatives are welcome.  I think this is
> > mature enough to seek review from the secretary.
>
> Since the idea of general secret votes has started floating around
> I've felt a sense of uneasiness, but I've not been able to clearly
> put my finger on why. After some of the replies here, I think it's
> starting to become clear.

Thanks for this, you raise interesting points.

> I think the current secrecy for the DPL votes makes absolute sense,
> and I think there's no contention about that one, because these are
> about voting "for/against" people, which have clear and understood
> social dynamics when it applies to colleagues/friends or people we do
> work with etc. I think, thus, extending secrecy to any vote related
> to "people" would also be equally uncontroversial.
>
> Then, there's the secrecy for technical votes, which I think is where
> the push back might be coming from. There's been mentions of mailing
> lists being way more revealing than a vote in GR, and counters to that
> mentioning that you do not need to participate in mailing lists. Both
> true. The problem I think, is that to participate in Debian in any
> technical role, you most definitely need to eventually make your
> opinion on technical matters public, because we operate on the open.
> Be that on bug reports, on changelogs, on VCS commits, or even on
> mailing lists. It also feels like closing up technical votes would go
> counter to the general tenets of the project and how we operate.
>
> And then, there's the secrecy for "political" votes. I think this
> might also be problematic, depending on the subject at hand. Because
> as mentioned in the thread, it might make public positions that people
> otherwise would not need to make so on their daily routines in Debian.
>
> I think the RMS vote, was a mix of personal + political, which is what
> made people uncomfortable with. The problem I see is that this is now
> being lumped into a general direction to close everything up, which
> seems excessive, TBH.
>
> I also think the DPL votes are different to any other votes, because
> the DPL has limited power, and even though a DPL can certainly disrupt
> or damage the project, in the end it's bound by a time limit. Compared
> to a GR where the consequences might live long, and where once settled
> people do not tend to try to overturn these every subsequent year.

By the time something comes to a vote, be it about a technical issue or
anything else, all the relevant arguments were already made in public,
and sometimes to exhaustion. The voting itself at the end of the process
is "just" a poll to decide which side (if any) of the argument convinced
the most people. It doesn't seem to me that having the votes be secret
means we are hiding anything, or compromising on our principles of
transparency in any way.

> I've also got concerns about batching up unrelated changes, with
> potentially controversial ones. And even if minor I'd prefer to see
> those debundled, even at the cost of additional GRs.

If the only contentious point is the secrecy of votes, we could have an
amendment that includes all the other proposed changes, minus that one.


signature.asc
Description: PGP signature

Re: Informal Discussion: Identities of Voters Casting a Particular Ballot are No Longer Public

[Guillem Jover]

On Sun, 2022-02-13 at 14:28:44 -0700, Sam Hartman wrote:
> This starts informal discussion of a proposed general resolution to
> amend the constitution.  I am not seeking sponsors at this time.
> Comments including support or alternatives are welcome.  I think this is
> mature enough to seek review from the secretary.

Since the idea of general secret votes has started floating around
I've felt a sense of uneasiness, but I've not been able to clearly
put my finger on why. After some of the replies here, I think it's
starting to become clear.


I think the current secrecy for the DPL votes makes absolute sense,
and I think there's no contention about that one, because these are
about voting "for/against" people, which have clear and understood
social dynamics when it applies to colleagues/friends or people we do
work with etc. I think, thus, extending secrecy to any vote related
to "people" would also be equally uncontroversial.

Then, there's the secrecy for technical votes, which I think is where
the push back might be coming from. There's been mentions of mailing
lists being way more revealing than a vote in GR, and counters to that
mentioning that you do not need to participate in mailing lists. Both
true. The problem I think, is that to participate in Debian in any
technical role, you most definitely need to eventually make your
opinion on technical matters public, because we operate on the open.
Be that on bug reports, on changelogs, on VCS commits, or even on
mailing lists. It also feels like closing up technical votes would go
counter to the general tenets of the project and how we operate.

And then, there's the secrecy for "political" votes. I think this
might also be problematic, depending on the subject at hand. Because
as mentioned in the thread, it might make public positions that people
otherwise would not need to make so on their daily routines in Debian.


I think the RMS vote, was a mix of personal + political, which is what
made people uncomfortable with. The problem I see is that this is now
being lumped into a general direction to close everything up, which
seems excessive, TBH.


I also think the DPL votes are different to any other votes, because
the DPL has limited power, and even though a DPL can certainly disrupt
or damage the project, in the end it's bound by a time limit. Compared
to a GR where the consequences might live long, and where once settled
people do not tend to try to overturn these every subsequent year.


I've also got concerns about batching up unrelated changes, with
potentially controversial ones. And even if minor I'd prefer to see
those debundled, even at the cost of additional GRs.


Thanks,
Guillem

Re: Informal Discussion: Identities of Voters Casting a Particular Ballot are No Longer Public

[Enrico Zini]

On Thu, Feb 17, 2022 at 10:07:18AM +0100, Enrico Zini wrote:

> I support this effort, especially after the heat I've seen in the
> systemd and RMS GRs, were social dynamics went far beyond the democratic
> curiosity of polling where people stand, and strong peer pressure was
> considered a valid mean to an end.

Given a possible upcoming GR about firmware, I'm wondering if someone
working for a large hardware manufacturer might not have more chances to
feel free to vote according to their own personal opinions, if the votes
weren't publicly disclosed.

I'm thinking that Debian as a project might have has scaled up to a
level where the outcomes of votes have higher impact than when our
process was initially designed.


Enrico

-- 
GPG key: 4096R/634F4BD1E7AD5568 2009-05-08 Enrico Zini 


signature.asc
Description: PGP signature

Re: Informal Discussion: Identities of Voters Casting a Particular Ballot are No Longer Public

[Gunnar Wolf]

Jean-Philippe MENGUAL dijo [Mon, Feb 14, 2022 at 12:20:31PM +0100]:
> > > I don't actually care if our votes are readable by the general public,
> > > so would one way of addressing the concerns of attracting abuse would be
> > > to make the tally sheet only available to DDs behind authentication?
> > 
> > I very much agree with the above.
> 
> I don't. When I remember how the debates were stressful and painful, and
> with harasment to persons (I mean during the GR debate), I think some GHRs
> require secret votes. Neither I care other DDs to see my votes when it
> affects Debian (DPL, internal GRs, etc), or a technical debate, issue. But
> from the time Debian starts addressing non-technical topics, I want my vote
> to be secret.
> For reminde, even once the vote was started, pressures went on to influence
> vote. So...

While the vote itself could be secret, if you are affected or deeply
invovled with your issue in question, your participation in the
discussions leading to the vote would be public. I think there would
not be too much practical difference to a person willing to learn your
opinion.

I do agree, as I said on my previous post, that sometimes votes should
be secret due to their significance outside a purely technical
realm. Vote 2021-002 is a clear example of this. We should IMO pursue
having the possibility to request (and not make it too easy -- but I
think setting a minimum number of requesters could be enough, as I
said on my previous post) for a vote to be made secret, but default on
having it open.

Re: Informal Discussion: Identities of Voters Casting a Particular Ballot are No Longer Public

[Gunnar Wolf]

Philip Hands dijo [Mon, Feb 14, 2022 at 10:36:29AM +0100]:
> 
> Do we have any evidence that either thing happened?
> 
> Also, it seems to me that the problem we're considering is that toxic
> people who are not really interested in Debian at all, might stumble
> across Debian voting results, and then use what they find as a reason to
> persecute some of us on-line.  Is that about right?
> 
> I have used the results of votes in the past to start conversations with
> people that I disagree with in some issue in order to better understand
> how they came to the other view. One can generally find someone on the
> other side of the argument who you already know and respect, which makes
> it much harder to dismiss them as an idiot. I'd miss that in a properly
> secret ballot.
> 
> I don't actually care if our votes are readable by the general public,
> so would one way of addressing the concerns of attracting abuse would be
> to make the tally sheet only available to DDs behind authentication?

I completely agree with Phil here. sometimes I do spend some time
looking at different votes' tally sheets, not only to get the result,
but to understand who votes how. Of course, I might pay attention to a
dozen or so people -- but this project still has a size that allows
for that to be significative!

Possibly we could discuss on a way how to make specific votes private,
if a politically challenging topic is touched. Maybe if we were able
to have a mechanism similar to that of introducing amendments
(er... "ballot options"), where one developer proposes the vote to be
secret, and requires 5 DDs to second the request..?


signature.asc
Description: PGP signature

Re: Informal Discussion: Identities of Voters Casting a Particular Ballot are No Longer Public

[Sam Hartman]

> "Bill" == Bill Blough  writes:


Okay, this message spoke to me powerfully.
I'm now in the strongly supporting this proposal camp, rather than the
hey I think this is a good idea and I'll do the leg work because it's a
way I can help out promote a good idea.
For me, even one person saying that they couldn't vote as they wished is
strong enough to overcome the benefits of public voting I am aware of.

I know a number of people have been interested in some mechanism to
make votes sometimes public.
I'd encourage you to work together and be prepared with an amendment
(which will probably be its own ballot option) to do that.

I think we're still waiting on text to resolve Don's desire that voters
be able to verify ttheir vote.
(As a reminder they can today, but Don proposes making that a
requirement and no one has disagreed.)
If Don doesn't get to that I'll  propose text.

I also notice that I didn't update section 4.1 to indicate that
secretary decisions can be put on hold; that's currently limited to TC
decisions and DPL (delegate) decisions.
I'll make that change too.

So expect a revised version in a few days.

I expect a timeline like:

1) Revised version in 2-3 days

2) say 3-4 days of comment on that

3) Formally propose and ask for sponsors.  Once sponsors come in, that
starts the real clock.

--Sam


signature.asc
Description: PGP signature

Re: Informal Discussion: Identities of Voters Casting a Particular Ballot are No Longer Public

[Antonio Terceiro]

On Sun, Feb 13, 2022 at 02:28:44PM -0700, Sam Hartman wrote:
> Rationale
> =
> 
> During the vote for GR_2021_002o, several developers said they were
> uncomfortable voting because under the process at that time, their name
> and ballot ranking would be public.
> A number of participants in the discussion believe that we would get
> election results that more accurately reflect the will of the developers
> if we do not make the name associated with a particular vote on the
> tally sheet public.
> Several people believed that the ranked votes without names attached
> would still be valuable public information.
> 
> This proposal would treat all elections like DPL elections.
> At the same time it relaxes the requirement that the secretary must
> conduct a vote via email.  There are no current plans to move away from
> email, although some members of the project want to explore
> alternatives.  If this proposal passes, adopting such an alternative
> would require sufficient support in the project but would not require
> another constitutional amendment.
> 
> This proposal relies on the secretary's existing power to decide how
> votes are conducted.  During discussion we realized that there is no
> mechanism to override a specific decision of the secretary, and the
> language allowing the project to replace the secretary is ambiguous.
> 
> Summary of Changes
> ==
> 
> 
> 1) Do not make the identity of a voter casting a particular vote
> public.
> 
> 2) Do not require that votes be conducted by email.
> 
> 3) Clarify that the developers can replace the secretary at any time.
> 
> 4) Provide a procedure for overriding the decision of the project
> secretary or their delegate.  Overriding the decision of what super
> majority is required or overriding the determination of election
> outcome requires a 3:1 majority.  The chair of the technical committee
> decides who conducts such votes.

I think all of these are good improvements to the current state of
things and I am prepared to second the resulting GR. Thanks for working
on this.


signature.asc
Description: PGP signature

Re: Informal Discussion: Identities of Voters Casting a Particular Ballot are No Longer Public

[Steve McIntyre]

On Thu, Feb 17, 2022 at 10:07:18AM +0100, Enrico Zini wrote:
>
>I like that a number of options have been brainstormed in the
>discussion: secret ballots, ballots secret on request, ballots public on
>request, ballots disclosed only to Debian Members, public ballots. I
>like a GR with a range of options.

Absolutely - there are a lot of reasonable options here, and let's
hear them all.

>Thank you for driving this!

+1

-- 
Steve McIntyre, Cambridge, UK.st...@einval.com
Is there anybody out there?

Re: Informal Discussion: Identities of Voters Casting a Particular Ballot are No Longer Public

[Filippo Rusconi]

On Wed, Feb 16, 2022 at 11:07:12PM +, Stefano Rivera wrote:

Hi Sam (2022.02.13_21:28:44_+)

Comments including support or alternatives are welcome.


As you asked for a bit of a straw poll, I would support a move toward
secret ballots in all votes.

I've always felt slightly awkward about having my ballots be public. Not
enough to effect or suppress my vote. But I can imagine that it is
enough to stop other people from voting their mind. I would expect that
a secret ballot would encourage a few more project members to vote and
that's a good thing.

If we trust our secret ballot mechanism enough for the DPL elections, I
trust it for other GRs.


+1

Sincerely,
Filippo

--

⢀⣴⠾⠻⢶⣦⠀  Filippo Rusconi, PhD
⣾⠁⢠⠒⠀⣿⡁   Research scientist at CNRS
⢿⡄⠘⠷⠚⠋⠀   Debian Developer
⠈⠳⣄  http://msxpertsuite.org
  http://www.debian.org

Re: Informal Discussion: Identities of Voters Casting a Particular Ballot are No Longer Public

[Enrico Zini]

On Sun, Feb 13, 2022 at 02:28:44PM -0700, Sam Hartman wrote:

> This starts informal discussion of a proposed general resolution to
> amend the constitution.  I am not seeking sponsors at this time.
> Comments including support or alternatives are welcome.  I think this is
> mature enough to seek review from the secretary.

I support this effort, especially after the heat I've seen in the
systemd and RMS GRs, were social dynamics went far beyond the democratic
curiosity of polling where people stand, and strong peer pressure was
considered a valid mean to an end.

I am aware of instances where the vote being public was the major factor
that influenced the decision to vote, and the order of options in the
ballot, and I find it scary.

I am aware of people who for various reasons (that might not be the
usual reasons one thinks of) don't enjoy my level of privilege on their
online activities and reputation, and I do want their voice to be heard
in Debian votes, unfiltered from peer pressure.

I like that a number of options have been brainstormed in the
discussion: secret ballots, ballots secret on request, ballots public on
request, ballots disclosed only to Debian Members, public ballots. I
like a GR with a range of options.

Thank you for driving this!


Enrico

-- 
GPG key: 4096R/634F4BD1E7AD5568 2009-05-08 Enrico Zini 


signature.asc
Description: PGP signature

Re: Informal Discussion: Identities of Voters Casting a Particular Ballot are No Longer Public

[Stefano Zacchiroli]

On Wed, Feb 16, 2022 at 11:07:12PM +, Stefano Rivera wrote:
> As you asked for a bit of a straw poll, I would support a move toward
> secret ballots in all votes.

Same here. Ideally with a wording that allows having ballots secret by
default, with a mechanism for making them not secret---but that's just
an implementation detail. (I haven't yet read the details of what has
been proposed though, I'm just commenting on my stance on the general
idea, as requested.)

-- 
Stefano Zacchiroli . z...@upsilon.cc . upsilon.cc/zack  _. ^ ._
Full professor of Computer Science  o o   o \/|V|\/   
Télécom Paris, Polytechnic Institute of Paris o o o   <\>
Co-founder & CTO Software Heritageo o o o   /\|^|/\
Former Debian Project Leader & OSI Board Director   '" V "'


signature.asc
Description: PGP signature

Re: Informal Discussion: Identities of Voters Casting a Particular Ballot are No Longer Public

[Bill Blough]

Hi,

On Mon, Feb 14, 2022 at 08:53:23AM -0700, Sam Hartman wrote:
> view.  Right now, I haven't seen sufficient support for this proposal
> that I would propose it as a GR.  If some of the people who advocated
> for this during the rms GR don't step forward, I think we can avoid a
> vote.

While I did not publicly advocate for secret ballots during the RMS GR,
I do feel it would have been better if it was an option.

As such, I would sponsor such a proposal if it were proposed.


Also, I feel like a reasonable compromise might be to default votes to
public, with a process to change a vote to private if enough DDs desire
it.  This would allow most votes to happen as they currently do, and
still let votes deemed sensitive or otherwise problematic happen by
secret ballot.

(Apologies if this has already been suggested - I haven't read all of
the past messages).


Bill

-- 
GPG: 5CDD 0C9C F446 BC1B 2509  8791 1762 E022 7034 CF84

Re: Informal Discussion: Identities of Voters Casting a Particular Ballot are No Longer Public

[Bill Blough]

Hi,

On Sun, Feb 13, 2022 at 02:30:15PM -0800, Don Armstrong wrote:
> I'd also appreciate hearing more specific examples of where someone
> wasn't able to vote their true preference because the vote was public. I
> currently plan to offer (or second) an amendment to this proposal which
> strikes the section making all votes private and rank that higher than
> one which struck it, but I'm open to be convinced otherwise.

The RMS GR seemed like a very divisive issue, and I wasn't sure what
kind of backlash there might be in the larger F/LOSS community.  So I
ended up choosing what I deemed to be the "safe" option.  However, had
the vote been secret, I absolutely would have taken a stronger position.


-- 
GPG: 5CDD 0C9C F446 BC1B 2509  8791 1762 E022 7034 CF84

Re: Informal Discussion: Identities of Voters Casting a Particular Ballot are No Longer Public

[Stefano Rivera]

Hi Sam (2022.02.13_21:28:44_+)
> Comments including support or alternatives are welcome.

As you asked for a bit of a straw poll, I would support a move toward
secret ballots in all votes.

I've always felt slightly awkward about having my ballots be public. Not
enough to effect or suppress my vote. But I can imagine that it is
enough to stop other people from voting their mind. I would expect that
a secret ballot would encourage a few more project members to vote and
that's a good thing.

If we trust our secret ballot mechanism enough for the DPL elections, I
trust it for other GRs.

SR

-- 
Stefano Rivera
  http://tumbleweed.org.za/
  +1 415 683 3272

Re: Informal Discussion: Identities of Voters Casting a Particular Ballot are No Longer Public

[Russ Allbery]

Philip Hands  writes:

> The bit that was supposed to be the conclusion of that was that it might
> be good if we had some mechanism for collecting opinions related to
> mailing-list mails/threads that was private, and didn't involve making
> (often already long) mailing list threads longer in order to express an
> opinion, but I think that's going OT so should be discussed elsewhere,
> probably after setting up a prototype.

For the record, I like this, and in general I think there are multiple
areas of Debian where we could benefit from being able to take a quick
pulse of the mood of affected contributors without relying solely on what
people are willing to write in (sometimes contentious) email threads.

-- 
Russ Allbery (r...@debian.org)  

Re: Informal Discussion: Identities of Voters Casting a Particular Ballot are No Longer Public

[Philip Hands]

Russ Allbery  writes:

> Philip Hands  writes:
>
>> I was wondering if we could allow expressions of disdain
>> (anti-seconds?), such that a second would get cancelled out for every
>> two DDs (or maybe a larger multiple?) that respond to a call for seconds
>> with an anti-second. A proposal would then need to stay at above 6
>> seconds for some short period after the latest anti-second landed to be
>> considered to have a properly seconded proposal.
>
> This is a vote, though, just a kind of awkward one.  If we're going to
> hold a vote, I think we should do it with decent software designed to
> handle a vote, rather than asking some poor person to manually verify and
> count mailing list messages.

That mail was a bit stream-of-consciousness, and I had hoped that by the
end of it it was clear that I too thought the "anti-second" idea was not
actually that great ... oh well, never mind.  Sorry for not re-editing it.

The bit that was supposed to be the conclusion of that was that it might
be good if we had some mechanism for collecting opinions related to
mailing-list mails/threads that was private, and didn't involve making
(often already long) mailing list threads longer in order to express an
opinion, but I think that's going OT so should be discussed elsewhere,
probably after setting up a prototype.

Cheers, Phil.
-- 
|)|  Philip Hands  [+44 (0)20 8530 9560]  HANDS.COM Ltd.
|-|  http://www.hands.com/http://ftp.uk.debian.org/
|(|  Hugo-Klemm-Strasse 34,   21075 Hamburg,GERMANY


signature.asc
Description: PGP signature

Re: Informal Discussion: Identities of Voters Casting a Particular Ballot are No Longer Public

[Gard Spreemann]

Sorry for replying twice, I accidentally left out one reply.

Ansgar  writes:

> On Wed, 2022-02-16 at 13:27 +0100, Gard Spreemann wrote:
>> Ansgar  writes:
>> 
>> > On Mon, 2022-02-14 at 18:47 -0700, Sam Hartman wrote:
>> > > I think there are problematic uses of votes well beyond
>> > > harassment
>> > > though.
>> > > 
>> > > * After this, I think the next vote is going to be about
>> > > firmware.
>> > > Do we want companies like Nvidia who may have opinions about how
>> > > distributions should think about freedom looking at how people
>> > > vote
>> > > when they consider hiring DDs?
>> > 
>> > They can already do the same for mailing list communication. Do we
>> > want
>> > to avoid this by making mailing lists non-public (subscribers only,
>> > or
>> > project members only depending on the list)?
>> 
>> By this token, votes in democratic countries needn't be secret,
>> because there are channels in which people publicly express their
>> opinions.
>
> And indeed most votes are not secret such as:
>
>  - votes in parliament or similar,
>  - votes by shareholders of publically traded companies,
>  - votes in general meetings of associations (maybe comparable to 
>the idea of GRs in Debian?),
>  - votes in many decision bodies.
>
> Some votes in these groups may be secret.

True, but in the first two examples, we are talking about the votes of
people who are beholden to other (groups of) people. The public has a
vested interest in their parliament, and therefore also has a good
reason to demand to see the votes of the parliamentarians.

I don't think that we see Debian as beholden to outside interests that
can demand anything of us? (Although, I guess one can see the Social
Contract as this sort of relationship between Debian and the Outside
World).

> Sometimes individual votes are only visible to members (say for people
> present at association meetings); for Debian this might be comparable
> to having the tally sheet only visible to project members.

To me, an internally open, externally closed, tally sheet seems like a
very nice compromise. If such a proposal comes up during a voting
secrecy GR, there is a good chance I'll rank it highly :-)


 -- Gard
 


signature.asc
Description: PGP signature

Re: Informal Discussion: Identities of Voters Casting a Particular Ballot are No Longer Public

[Gard Spreemann]

Ansgar  writes:

> On Wed, 2022-02-16 at 13:27 +0100, Gard Spreemann wrote:
>> Ansgar  writes:
>> 
>> > On Mon, 2022-02-14 at 18:47 -0700, Sam Hartman wrote:
>> > > I think there are problematic uses of votes well beyond
>> > > harassment
>> > > though.
>> > > 
>> > > * After this, I think the next vote is going to be about
>> > > firmware.
>> > > Do we want companies like Nvidia who may have opinions about how
>> > > distributions should think about freedom looking at how people
>> > > vote
>> > > when they consider hiring DDs?
>> > 
>> > They can already do the same for mailing list communication. Do we
>> > want
>> > to avoid this by making mailing lists non-public (subscribers only,
>> > or
>> > project members only depending on the list)?
>> 
>> By this token, votes in democratic countries needn't be secret,
>> because there are channels in which people publicly express their
>> opinions.
>
> And indeed most votes are not secret such as:
>
>  - votes in parliament or similar,
>  - votes by shareholders of publically traded companies,
>  - votes in general meetings of associations (maybe comparable to 
>the idea of GRs in Debian?),
>  - votes in many decision bodies.
>
> Some votes in these groups may be secret.
>
> Sometimes individual votes are only visible to members (say for people
> present at association meetings); for Debian this might be comparable
> to having the tally sheet only visible to project members.
>
> But you misunderstand the question: I asked why we insist on public
> mailing lists if we are concerned about people possibly losing (or not
> obtaining) jobs if they make their opinion known in some archived form.
> There is no requirement to have lists such as -vote@ be a public list
> if people feel unsafe if their opinion is publically archived.

We don't insist on participation on those public mailing lists as a
prerequisite in order to exercise one's constitutional right to vote on
GRs or in leadership elections, though.


 -- Gard


signature.asc
Description: PGP signature

Re: Informal Discussion: Identities of Voters Casting a Particular Ballot are No Longer Public

[Ansgar]

On Wed, 2022-02-16 at 13:27 +0100, Gard Spreemann wrote:
> Ansgar  writes:
> 
> > On Mon, 2022-02-14 at 18:47 -0700, Sam Hartman wrote:
> > > I think there are problematic uses of votes well beyond
> > > harassment
> > > though.
> > > 
> > > * After this, I think the next vote is going to be about
> > > firmware.
> > > Do we want companies like Nvidia who may have opinions about how
> > > distributions should think about freedom looking at how people
> > > vote
> > > when they consider hiring DDs?
> > 
> > They can already do the same for mailing list communication. Do we
> > want
> > to avoid this by making mailing lists non-public (subscribers only,
> > or
> > project members only depending on the list)?
> 
> By this token, votes in democratic countries needn't be secret,
> because there are channels in which people publicly express their
> opinions.

And indeed most votes are not secret such as:

 - votes in parliament or similar,
 - votes by shareholders of publically traded companies,
 - votes in general meetings of associations (maybe comparable to 
   the idea of GRs in Debian?),
 - votes in many decision bodies.

Some votes in these groups may be secret.

Sometimes individual votes are only visible to members (say for people
present at association meetings); for Debian this might be comparable
to having the tally sheet only visible to project members.

But you misunderstand the question: I asked why we insist on public
mailing lists if we are concerned about people possibly losing (or not
obtaining) jobs if they make their opinion known in some archived form.
There is no requirement to have lists such as -vote@ be a public list
if people feel unsafe if their opinion is publically archived.

Ansgar

Re: Informal Discussion: Identities of Voters Casting a Particular Ballot are No Longer Public

[Felix Lechner]

Hi,

On Wed, Feb 16, 2022 at 12:12 AM Philip Hands  wrote:
>
> Also, if the declarations of disdain needed to be public, that would
> disenfranchise anyone that's only going to vote in secret ballots.

Let's create a warm and inclusive political culture. Compromise should
be our goal. It's not hard to work toward peace and understanding
among ourselves.

A great start would be to pay more attention to how we use the word
"you." Uttered in a rage, the word is a crime. Whispered in love, the
word is a blessing. Let's have more empathy for one another.

Last month, someone gave me a nice Android phone. I refuse to enter
credentials and cannot install software. I want Debian. How is that
going to happen if we shrink or break apart?

Kind regards
Felix Lechner

Re: Informal Discussion: Identities of Voters Casting a Particular Ballot are No Longer Public

[Bdale Garbee]

Russ Allbery  writes:

> This is a vote, though, just a kind of awkward one.  If we're going to
> hold a vote, I think we should do it with decent software designed to
> handle a vote, rather than asking some poor person to manually verify and
> count mailing list messages.

I agree.

I'd personally be happier if Debian had very few GRs in the future, but
if we're going to vote about anything at all, I'd rather it be done via
a GR process that's "efficient" enough to get us to an answer without
completely disrupting everything...

Bdale


signature.asc
Description: PGP signature

Re: Informal Discussion: Identities of Voters Casting a Particular Ballot are No Longer Public

[Russ Allbery]

Philip Hands  writes:

> I was wondering if we could allow expressions of disdain
> (anti-seconds?), such that a second would get cancelled out for every
> two DDs (or maybe a larger multiple?) that respond to a call for seconds
> with an anti-second. A proposal would then need to stay at above 6
> seconds for some short period after the latest anti-second landed to be
> considered to have a properly seconded proposal.

This is a vote, though, just a kind of awkward one.  If we're going to
hold a vote, I think we should do it with decent software designed to
handle a vote, rather than asking some poor person to manually verify and
count mailing list messages.

-- 
Russ Allbery (r...@debian.org)  

Re: Informal Discussion: Identities of Voters Casting a Particular Ballot are No Longer Public

[Gard Spreemann]

Ansgar  writes:

> On Mon, 2022-02-14 at 18:47 -0700, Sam Hartman wrote:
>> I think there are problematic uses of votes well beyond harassment
>> though.
>> 
>> * After this, I think the next vote is going to be about firmware.
>> Do we want companies like Nvidia who may have opinions about how
>> distributions should think about freedom looking at how people vote
>> when they consider hiring DDs?
>
> They can already do the same for mailing list communication. Do we want
> to avoid this by making mailing lists non-public (subscribers only, or
> project members only depending on the list)?

By this token, votes in democratic countries needn't be secret, because
there are channels in which people publicly express their opinions.

Re: Informal Discussion: Identities of Voters Casting a Particular Ballot are No Longer Public

[Jonathan Carter]

On 2022/02/14 20:42, Felix Lechner wrote:

Based on the way people with minority opinions are treated, you would
have to expel a lot of people.


Which people with minority opinions were mistreated? We're a group with 
a very, very large spectrum of opinions and so far it's only been in the 
extreme cases that there's been taken any action on them.


-Jonathan

Re: Informal Discussion: Identities of Voters Casting a Particular Ballot are No Longer Public

[Marc Haber]

On Wed, Feb 16, 2022 at 09:11:58AM +0100, Philip Hands wrote:
> I was wondering if we could allow expressions of disdain
> (anti-seconds?), such that a second would get cancelled out for every
> two DDs (or maybe a larger multiple?) that respond to a call for seconds
> with an anti-second. A proposal would then need to stay at above 6
> seconds for some short period after the latest anti-second landed to be
> considered to have a properly seconded proposal.

That would be basically a vote to find out whether we want to vote on
something. I don't think that's a splendid idea.

Greetings
Marc

-- 
-
Marc Haber | "I don't trust Computers. They | Mailadresse im Header
Leimen, Germany|  lose things."Winona Ryder | Fon: *49 6224 1600402
Nordisch by Nature |  How to make an American Quilt | Fax: *49 6224 1600421

Re: Informal Discussion: Identities of Voters Casting a Particular Ballot are No Longer Public

[Philip Hands]

Felix Lechner  writes:

> Hi,
>
> On Tue, Feb 15, 2022 at 12:31 PM Russ Allbery  wrote:
>>
>> Trying to be generous to one another and only tackle divisions when they
>> are of central importance to the project is a good principle, but I think
>> there are some divisions of central importance to the project, not
>> everyone is going to agree on which divisions are of central importance,
>> and six DDs have a right under the constitution to bring a GR to a vote.
>> I'm also leery of getting into another situation where a vote is going to
>> be worrisome but we have no framework to mitigate the effects because
>> we've been overly hopeful that we could avoid any such vote.
>
> Six DDs can force a vote, but not necessarily a decision. Would a
> higher quorum help to ensure that divisive issues remain moot unless
> there is broader interest?

I was wondering if we could allow expressions of disdain
(anti-seconds?), such that a second would get cancelled out for every
two DDs (or maybe a larger multiple?) that respond to a call for seconds
with an anti-second. A proposal would then need to stay at above 6
seconds for some short period after the latest anti-second landed to be
considered to have a properly seconded proposal.

I'm not sure what one would want to do if a hundred anti-seconds landed
just too late.

That might of course be somewhat divisive too, since people may feel like
they didn't get a fair hearing, but would allow the project to express a
"Let's not go there" without having to discuss it for ages.

Also, if the declarations of disdain needed to be public, that would
disenfranchise anyone that's only going to vote in secret ballots. I
suppose one could do the anti-seconding in secret, but in that case one
would also need to allow at least some of the seconds to be secret as
well, to have an even playing field, which all seems a bit complicated.

Alternatively, we could just have this as an informal thing, where
people get to somehow declare their reaction to a GR discussion, in a
secret, rolling, self-selecting poll, with simple options like "please
make this stop" or "feel free to continue" ... and the numbers get
published.

The proposer of something that's obviously unpopular then gets to decide
if they're willing to continue pushing their idea anyway, regardless of
the fact that it's got no chance of success, and is only going to get
them a reputation for wasting everyone's time. They would of course also
have the chance at that point of persuading a silent majority (on who's
behalf they may think they speak) to express support in the poll, which
may make the opposition realise that there is a wider spectrum of
opinion than they thought, which may lead to better debate.

Cheers, Phil.
-- 
|)|  Philip Hands  [+44 (0)20 8530 9560]  HANDS.COM Ltd.
|-|  http://www.hands.com/http://ftp.uk.debian.org/
|(|  Hugo-Klemm-Strasse 34,   21075 Hamburg,GERMANY


signature.asc
Description: PGP signature

Re: Informal Discussion: Identities of Voters Casting a Particular Ballot are No Longer Public

[Felix Lechner]

Hi,

On Tue, Feb 15, 2022 at 12:31 PM Russ Allbery  wrote:
>
> Trying to be generous to one another and only tackle divisions when they
> are of central importance to the project is a good principle, but I think
> there are some divisions of central importance to the project, not
> everyone is going to agree on which divisions are of central importance,
> and six DDs have a right under the constitution to bring a GR to a vote.
> I'm also leery of getting into another situation where a vote is going to
> be worrisome but we have no framework to mitigate the effects because
> we've been overly hopeful that we could avoid any such vote.

Six DDs can force a vote, but not necessarily a decision. Would a
higher quorum help to ensure that divisive issues remain moot unless
there is broader interest?

A quorum of 48 voters may satisfy a statistician, but 125 might ensure
in addition that the issue being decided is in fact "of central
importance."

Kind regards
Felix Lechner

Re: Informal Discussion: Identities of Voters Casting a Particular Ballot are No Longer Public

[Russ Allbery]

Philip Hands  writes:

> I find the idea that someone might be forced to reveal their previously
> undeclared political views in order to vote particularly persuasive as a
> reason to have as-secret-as-possible votes on at least those subjects.

> Alternatively, we could just reach a consensus not to even attempt these
> sorts of position statements in future, since all they do is highlight
> divisions.

While I agree with this [*], I don't think it's sufficient because I don't
think position statements are the only sort of votes that can be
politicized, and the level of politicization in the world surrounding us
is growing stronger.  I find it hard to escape the conclusion that we're
going to have some vote in the future that will pose similar risks.
Examples of lines of discussion that I think the project cannot (and
should not) entirely avoid but that could lead to such a problem include
Debconf venue selection, anything related to the project code of conduct
including whether we should have one, and membership actions and their
potential overrides under 4.1.3.  I'll also point out that even technical
issues have become heavily polarized and have led to at least borderline
harrassment based on publicly stated positions (see systemd).

Trying to be generous to one another and only tackle divisions when they
are of central importance to the project is a good principle, but I think
there are some divisions of central importance to the project, not
everyone is going to agree on which divisions are of central importance,
and six DDs have a right under the constitution to bring a GR to a vote.
I'm also leery of getting into another situation where a vote is going to
be worrisome but we have no framework to mitigate the effects because
we've been overly hopeful that we could avoid any such vote.

[*] Full disclosure: I publicly supported one of the ballot options and
voted several options above FD because I believed (possibly
incorrectly) that once the Pandora's box of a GR was opened, it
mattered what statement the project made, and, at that point, FD
itself was a statement, but I would have preferred not to have opened
the box in the first place.

-- 
Russ Allbery (r...@debian.org)  

Re: Informal Discussion: Identities of Voters Casting a Particular Ballot are No Longer Public

[Russ Allbery]

Ansgar  writes:

> They can already do the same for mailing list communication. Do we want
> to avoid this by making mailing lists non-public (subscribers only, or
> project members only depending on the list)?

Way more people vote than participate in a mailing list discussion about
the vote, which is to be expected.  I think everyone understands there's
not much to be done about participating in public discussions, and decide
to take the risk or not.  In Debian discussions, often someone will come
along and make a similar point that you were going to make, and there's
not much to be gained from repeating the same point, so it's easier to opt
out if participating in the public discussion makes you uncomfortable.

Voting is special because it matters that *you* vote, specifically.
Someone else voting the same way isn't a substitute.

-- 
Russ Allbery (r...@debian.org)  

Re: Informal Discussion: Identities of Voters Casting a Particular Ballot are No Longer Public

[Ansgar]

On Mon, 2022-02-14 at 18:47 -0700, Sam Hartman wrote:
> I think there are problematic uses of votes well beyond harassment
> though.
> 
> * After this, I think the next vote is going to be about firmware.
> Do we want companies like Nvidia who may have opinions about how
> distributions should think about freedom looking at how people vote
> when they consider hiring DDs?

They can already do the same for mailing list communication. Do we want
to avoid this by making mailing lists non-public (subscribers only, or
project members only depending on the list)?

> * Do we want ftpmaster members looking back at past votes on firmware
>   and DFSG interpretations before deciding someone is an appropriate
>   candidate?

Do we want ftpmaster to use mailing posts they are aware of from people
to decide this?

> * Would it be reasonable for the DPL to look back at votes to decide
>   whether to delegate to someone?

And the same here.

Mailing list posts seem way more problematic than voting behavior if
you are concerned about opinions being made public. It also covers way
more topics.


Regards,
Ansgar

Re: Informal Discussion: Identities of Voters Casting a Particular Ballot are No Longer Public

[Philip Hands]

Russ Allbery  writes:

> Don Armstrong  writes:
>
>> I'm likely biased because I'm in a privileged position and rarely have
>> to deal with concerted harassment directed specifically at me, so I
>> might be minimizing the real fear people have because I personally
>> haven't experienced it.
>
> This is almost exactly my concern.
>
> I'm not particularly worried about making all of my Debian votes public.
> I've been on the Internet for a long time, have the resources to defend
> myself against the sorts of reactions I think are likely, and am not the
> sort of person who tends to draw the most attention anyway.  Maybe I'm too
> optimistic since things seem to be getting worse, but I'm not very worried
> for myself.
>
> However, I think there's a bias implicit in that sort of analysis, and I
> don't want only the Debian Developers who are similarly situated to be
> able to vote.  If someone is more socially vulnerable than I am, I don't
> want them to have to do this calculus in order to vote their conscience.

This sums up my position as well, but I suppose I was concerned that we
might stumble into doing something to protect the vulnerable based on
several privileged people's imaginings of what it might be like to be
vulnerable.

Of course, one cannot really expect someone who feels vulnerable to say
so in public.

I've had one person point out in private that they did feel vulnerable,
but in the end, steeled themselves to vote anyway -- I would hope that
we could arrive at a place where people don't have to go through that.

> I agree with Sam's analysis that the point of Debian votes is to vote as
> individuals, not to vote as trustees on behalf of a constituency, and
> while I too have gotten valuable understanding and course correction from
> seeing people I respect in the project vote differently than me, I don't
> think public voting is a core project value.  I therefore find it hard to
> argue against people's perceived safety (even if it is only a perception).

I find the idea that someone might be forced to reveal their previously
undeclared political views in order to vote particularly persuasive as a
reason to have as-secret-as-possible votes on at least those subjects.

Alternatively, we could just reach a consensus not to even attempt these
sorts of position statements in future, since all they do is highlight
divisions.

Given that we generally want DDs to be drawn from as diverse a
population as possible, we should expect our views on pretty-much any
subject other than Free Software to represent the full spectrum of
opinion, so drawing an arbitrary line somewhere and then getting the
project to divide on which side we should stand as a group is not likely
to give a useful result, but will give people reasons to be upset with
one another.

I don't really see that the secrecy of the ballot helps in such a case,
since most of the damage is done in the pre-vote discussion.

Perhaps we need a mechanism for people to express a view that a proposed
GR is something that we shouldn't be deciding, to quickly kill the
discussion if a (perhaps super) majority would rather just leave it
alone.

>> Perhaps the compromise position is to default to secret ballots, but
>> allow people to automatically unmask their preference at the appropriate
>> time. [Totally not supported by devotee currently, but certainly
>> possible to enable.]
>
> That's an interesting thought.  My immediate reaction is that the social
> signaling of who reveals their votes and who doesn't is a bit complicated
> and I'm not sure what effect it would have.

In a divisive argument, one grouping might well be able to expose their
opposition's votes by revealing their own.

Cheers, Phil.
-- 
|)|  Philip Hands  [+44 (0)20 8530 9560]  HANDS.COM Ltd.
|-|  http://www.hands.com/http://ftp.uk.debian.org/
|(|  Hugo-Klemm-Strasse 34,   21075 Hamburg,GERMANY


signature.asc
Description: PGP signature

Re: Informal Discussion: Identities of Voters Casting a Particular Ballot are No Longer Public

[Sam Hartman]

> "Don" == Don Armstrong  writes:

Don> Without minimizing the totally unacceptable harassment that
Don> occurred, all three of you seconded the proposals and were
Don> significantly more visible than a voter listed on the tally
Don> page.

My suspicion is that if Debian had made a statement in either direction,
this would have expanded well beyond people who seconded the proposals.
I also recall people who became aware of the harassment people who
seconded faced and concluded they were uncomfortable voting.
Which in and of itself is a problem.

But yes, I do understand the point you've been making.


I think there are problematic uses of votes well beyond harassment
though.

* After this, I think the next vote is going to be about firmware.
Do we want companies like Nvidia who may have opinions about how
distributions should think about freedom looking at how people vote when
they consider hiring DDs?

* Do we want ftpmaster members looking back at past votes on firmware
  and DFSG interpretations before deciding someone is an appropriate
  candidate?

* Would it be reasonable for the DPL to look back at votes to decide
  whether to delegate to someone?

* I personally think some of the options on the systemd ballot were
  really bad ideas.  Not just that I disagreed with them, but I think
  that going down that route would have been amazingly bad for teh
  project.
  Is it reasonable for me to  go around holding it against people who
  ranked those options above FD?

I think that if we continue to have public ballots we accept that all
these sorts of things will happen, even if we wish they wouldn't.
The more I think about it, the more I think it would be reasonable to be
concerned about this sort of history building up and to be reluctant to
vote in some cases.
I think for a number of reasons it would be better if we discourage all
the use of voting data I hypothesize above.
I think the best way to do that is not to make the data public and not
to retain it for a long period of time at all.

Personally, I don't think that restricting voting data to DDs solves
many of the issues above.  We could attach a strong policy for how the
data would be used, but by the time we got done figuring out such a
policy, I think we'd just be better off not making the data available in
the first place.

--Sam

Re: Informal Discussion: Identities of Voters Casting a Particular Ballot are No Longer Public

[Russ Allbery]

Don Armstrong  writes:

> I'm likely biased because I'm in a privileged position and rarely have
> to deal with concerted harassment directed specifically at me, so I
> might be minimizing the real fear people have because I personally
> haven't experienced it.

This is almost exactly my concern.

I'm not particularly worried about making all of my Debian votes public.
I've been on the Internet for a long time, have the resources to defend
myself against the sorts of reactions I think are likely, and am not the
sort of person who tends to draw the most attention anyway.  Maybe I'm too
optimistic since things seem to be getting worse, but I'm not very worried
for myself.

However, I think there's a bias implicit in that sort of analysis, and I
don't want only the Debian Developers who are similarly situated to be
able to vote.  If someone is more socially vulnerable than I am, I don't
want them to have to do this calculus in order to vote their conscience.

I agree with Sam's analysis that the point of Debian votes is to vote as
individuals, not to vote as trustees on behalf of a constituency, and
while I too have gotten valuable understanding and course correction from
seeing people I respect in the project vote differently than me, I don't
think public voting is a core project value.  I therefore find it hard to
argue against people's perceived safety (even if it is only a perception).

> Perhaps the compromise position is to default to secret ballots, but
> allow people to automatically unmask their preference at the appropriate
> time. [Totally not supported by devotee currently, but certainly
> possible to enable.]

That's an interesting thought.  My immediate reaction is that the social
signaling of who reveals their votes and who doesn't is a bit complicated
and I'm not sure what effect it would have.

-- 
Russ Allbery (r...@debian.org)  

Re: Informal Discussion: Identities of Voters Casting a Particular Ballot are No Longer Public

[Don Armstrong]

On Mon, 14 Feb 2022, Richard Laager wrote:
> On 2/14/22 09:53, Sam Hartman wrote:
> > Steve certainly found feedback he got to be harassment.
> > I did as well.
> 
> I received some harassment (not a lot, but some) over this too. My
> recollection is this was coming from non-DDs.

Without minimizing the totally unacceptable harassment that occurred,
all three of you seconded the proposals and were significantly more
visible than a voter listed on the tally page.

[...]

> Secret ballots are certainly not a panacea that solves all harassment,
> but they may be a risk reduction measure.

I see this as a possibility. I'm personally most concerned about someone
who isn't able/willing to vote because they feared harassment.

I'm likely biased because I'm in a privileged position and rarely have
to deal with concerted harassment directed specifically at me, so I
might be minimizing the real fear people have because I personally
haven't experienced it.

Perhaps the compromise position is to default to secret ballots, but
allow people to automatically unmask their preference at the appropriate
time. [Totally not supported by devotee currently, but certainly
possible to enable.]

-- 
Don Armstrong  https://www.donarmstrong.com

The solution to a problem changes the problem.
 -- Peer's Law

Re: Informal Discussion: Identities of Voters Casting a Particular Ballot are No Longer Public

[Richard Laager]

On 2/14/22 09:53, Sam Hartman wrote:

Steve certainly found feedback he got to be harassment.
I did as well.


I received some harassment (not a lot, but some) over this too. My 
recollection is this was coming from non-DDs.


Given the levels of harassment that others were talking about at the 
time, I did put serious thought into to what extent I needed to loop my 
employer in on this. That was the first time I've ever had to consider 
such action for volunteer work, Debian, FOSS, or otherwise.



On Mon, Feb 14, 2022 at 5:56 AM Philip Hands  wrote:

If we are assuming that some DDs might start attacking people based on
the way they voted, then I'd suggest that it's more important to eject
such toxic people from Debian than it is to try to mitigate their
toxicity using measures that have negative side-effects.


I agree that we should expel toxic DDs. Nobody wants to work with jerks.

But secret ballots may be useful for other reasons, not least of which 
is that the harassment may come from outsiders, for which expulsion is 
not an available remedy. And even expulsion doesn't prevent a then 
former-DD from harassing people in the future, which we've seen happen; 
though of course this is not limited to voted positions.


Secret ballots are certainly not a panacea that solves all harassment, 
but they may be a risk reduction measure.



On 2/14/22 15:36 (later than the email below), Felix Lechner wrote:
[the above bit from Philip Hands quoted]
 > I see no way to expel people reliably based on what they might do.

I don't see anything in there suggesting we should expel people based on 
what they _might_ do.



On 2/14/22 12:42, Felix Lechner wrote:
[the above bit from Philip Hands quoted]
...

All of them were condemned by later generations: the Salem witch hunt;
McCartyism; the cultural revolution in China; collectivisation under
Pol Pot in Cambodia; and perhaps most infamously the many attempts
over time to expel or eradicate the Jews from various territories.


Expelling people (from a volunteer software project) who are acting in 
toxic ways is not remotely the same as any of those things, and even if 
you're against doing that, comparing it to the Holocaust is frankly 
disgusting.


This is a perfect example of behavior where the action is a problem 
regardless of the cause/intention. Either you are so lacking in 
experience, perspective, and/or judgement that you cannot see why this 
comment is inappropriate, or you know exactly what you are doing and are 
intentionally choosing to (act in bad faith to) wind people up.


If it's the former, then while your intentions may be good, you really 
need to understand that this is not okay, even if you don't/can't 
understand why. Stop posting such things. Moving forward, if you wish to 
participate in these discussions, maybe try having a friend privately 
review your email before posting publicly.


--
Richard




OpenPGP_signature
Description: OpenPGP digital signature

Re: Informal Discussion: Identities of Voters Casting a Particular Ballot are No Longer Public

[Don Armstrong]

On Sun, 13 Feb 2022, Sam Hartman wrote:
> > "Don" == Don Armstrong  writes:
> Don> If we make all votes secret we should require that the voting
> Don> system used enables voters to validate that their vote was
> Don> correctly recorded and tabulated in the final vote count.
>
> Note that our current constitution does not require this for DPL votes.
> Do you think this is important enough to require in the constitution?
> I'm guessing yes since you bring it up, but I want to ask explicitly.

Yes. [If there wasn't discussion of replacing e-mail and devotee, I
wouldn't bother, since devotee already has this property.]

> Don> We should also enable independent tabulation,[1] which you get
> Don> automatically when votes are not secret. [Devotee enables this
> Don> currently as well, but future non-devotee systems might not.]
>
> Would you be willing to propose a merge request for these two properties
> if you think it is important that we require them in the constitution?

I missed that §4.2.3 already requires this, though it probably needs to
be clarified. Let me work up a merge this.

-- 
Don Armstrong  https://www.donarmstrong.com

Vimes hated and despised the privileges of rank, but they had this to
be said for them: At least they meant that you could hate and despise
them in comfort.
 -- Terry Pratchett _The Fifth Elephant_ p111

Re: Informal Discussion: Identities of Voters Casting a Particular Ballot are No Longer Public

[Steve McIntyre]

Felix...

On Mon, Feb 14, 2022 at 10:42:43AM -0800, Felix Lechner wrote:
>
>All of them were condemned by later generations: the Salem witch hunt;
>McCartyism; the cultural revolution in China; collectivisation under
>Pol Pot in Cambodia; and perhaps most infamously the many attempts
>over time to expel or eradicate the Jews from various territories.
>
>The collective condition that leads to such madness is now well
>understood. It is a group form of splitting and projection [1] that
>affects entire societies. The phenomenon is easily recognized once you
>understand it. Because of the extreme danger, Orthodox Jews teach it.
>[2]
>
>One of Germany's great insights after World War II was that all calls
>for social upheaval are in themselves barbaric. The country now has
>special local and federal police agencies to monitor such corrosive
>speech (Verfassungsschutz).
>
>In 1949, Arthur Miller wrote the play "The Crucible" about it. He won
>a Pulitzer and many other accolades. In 1954, William Golding dealt
>with similar group dynamics in the novel "The Lord of the Flies." He
>received the Nobel Prize for Literature.
>
>I am embarrassed to read the statements above on a Debian mailing
>list. It is hate speech, pure and simple—and should be grounds for
>expulsion from the project.

Please, for everybody's sake, calm the fuck down. This kind of
inflammatory rhetoric isn't helping anything. It does not belong here.

-- 
Steve McIntyre, Cambridge, UK.st...@einval.com
Dance like no one's watching. Encrypt like everyone is.
 - @torproject

Re: Informal Discussion: Identities of Voters Casting a Particular Ballot are No Longer Public

[Felix Lechner]

Hi,

Please allow me to clarify three things for casual readers of my earlier post.

On Mon, Feb 14, 2022 at 5:56 AM Philip Hands  wrote:
>
> If we are assuming that some DDs might start attacking people based on
> the way they voted, then I'd suggest that it's more important to eject
> such toxic people from Debian than it is to try to mitigate their
> toxicity using measures that have negative side-effects.

I see no way to expel people reliably based on what they might do. It
violates basic tenets of justice to punish people for something they
have not done yet—and may never do.

> On Mon, Feb 14, 2022 at 7:12 AM Jean-Philippe MENGUAL
>  wrote:
> >
> > This point is right. But I am not sure Debian is robust enough, today,
> > to expell easily, quickly and without the victims to be disappointed to
> > make part of the project, someone. recent examples show how such
> > decisions are difficult, controversial, and while CT + DAM + DPL work on
> > this, I think it is a long-term thought, given the original culture of
> > Debian and the current society state of mind.

Equipped with special investigative authority, members of the
community team should be careful to recognize the due process concerns
above. It also does not reflect well on their office to arouse public
opinion in favor of even easier or quicker prosecutions.

> It is hate speech, pure and simple—and should be grounds for
> expulsion from the project.

That was meant in the context of the debate and not a call for
expulsion at this time.

Kind regards
Felix Lechner

Re: Informal Discussion: Identities of Voters Casting a Particular Ballot are No Longer Public

[Louis-Philippe Véronneau]

On 2022-02-13 16 h 28, Sam Hartman wrote:
> 2) Do not require that votes be conducted by email.

I see the general value in such a GR and wouldn't be against secret
votes if people can iron-out the feasibility problems.

I'm not sure removing the line about voting by email is relevant to this
GR though. DDs already have to interact with a lot of different systems
via email and although it's not always the most user-friendly UX, it
mostly works.

If there is indeed people working on this issue, let it be changed in a
separate GR. This way, we'll have a proper debate on the options proposed.

Cheers,

-- 
  ⢀⣴⠾⠻⢶⣦⠀
  ⣾⠁⢠⠒⠀⣿⡁  Louis-Philippe Véronneau
  ⢿⡄⠘⠷⠚⠋   po...@debian.org / veronneau.org
  ⠈⠳⣄

Re: Informal Discussion: Identities of Voters Casting a Particular Ballot are No Longer Public

[Felix Lechner]

Hi,

On Mon, Feb 14, 2022 at 5:56 AM Philip Hands  wrote:
>
> If we are assuming that some DDs might start attacking people based on
> the way they voted, then I'd suggest that it's more important to eject
> such toxic people from Debian than it is to try to mitigate their
> toxicity using measures that have negative side-effects.

On Mon, Feb 14, 2022 at 7:12 AM Jean-Philippe MENGUAL
 wrote:
>
> This point is right. But I am not sure Debian is robust enough, today,
> to expell easily, quickly and without the victims to be disappointed to
> make part of the project, someone. recent examples show how such
> decisions are difficult, controversial, and while CT + DAM + DPL work on
> this, I think it is a long-term thought, given the original culture of
> Debian and the current society state of mind.

Based on the way people with minority opinions are treated, you would
have to expel a lot of people.

Moreover, the community cleansing effort being proposed here—which was
also proffered in private channels—is a sure way to destroy Debian as
we know it. It would not be the first time that a society attempts to
exorcise a perceived evil from their midst. There are many precedents
in history.

All of them were condemned by later generations: the Salem witch hunt;
McCartyism; the cultural revolution in China; collectivisation under
Pol Pot in Cambodia; and perhaps most infamously the many attempts
over time to expel or eradicate the Jews from various territories.

The collective condition that leads to such madness is now well
understood. It is a group form of splitting and projection [1] that
affects entire societies. The phenomenon is easily recognized once you
understand it. Because of the extreme danger, Orthodox Jews teach it.
[2]

One of Germany's great insights after World War II was that all calls
for social upheaval are in themselves barbaric. The country now has
special local and federal police agencies to monitor such corrosive
speech (Verfassungsschutz).

In 1949, Arthur Miller wrote the play "The Crucible" about it. He won
a Pulitzer and many other accolades. In 1954, William Golding dealt
with similar group dynamics in the novel "The Lord of the Flies." He
received the Nobel Prize for Literature.

I am embarrassed to read the statements above on a Debian mailing
list. It is hate speech, pure and simple—and should be grounds for
expulsion from the project.

Kind regards
Felix Lechner

[1] https://en.wikipedia.org/wiki/Splitting_(psychology)
[2] Sixth paragraph,
https://www.rabbisacks.org/covenant-conversation/korach/how-not-to-argue/

Re: Informal Discussion: Identities of Voters Casting a Particular Ballot are No Longer Public

[Russ Allbery]

Philip Hands  writes:

> I can imagine being fearful of that too, but what I'm interested in is
> whether we have any evidence of that fear being justified.

> If it is actually the case that any of our votes have been followed by
> people giving one-another grief over their vote, that is one thing, and
> I think we need to ensure that we have mechanisms for dealing with such
> an eventuality.

> On the other hand, if that does not actually happen, then I'd suggest
> that it's better to establish that as a well known fact than to allow
> people to continue being fearful that it might be something they should
> expect.

I think it's very difficult to fight the chilling effect of worrying that
you will suffer consequences for your vote by gathering evidence that
there is no documented case of this happening.  For one thing, such
consequences can be subtle and difficult to trace (this happens all the
time in workplaces, for example, where someone with power decides they
don't like you and then your job assignments and the like get subtlely
worse).  And for another, we're all part of a larger world and safety in
expressing controversial opinions is very much not the trend of things in
the larger world of which we're a part, particularly on the Internet.

People daily are seeing rather memorable examples of social media
pile-ons, people being doxxed, people having the police sent to their
house with lies about emergencies, loud protestors outside people's
houses, people being confronted and harassed in public spaces, people
subjected to long-term concerted harassment and libel campaigns, and so
forth.  It's quite reasonable to believe that Debian activities do not
have any magical shield against this, and it's very hard to tell what
activity might set off this sort of political reaction.  Sometimes it's
apparently quite innocuous and just happens to slot into a conspiracy
theory.

And we also know for certain that Debian is not immune to this.  I don't
know of a case where it's happened specifically with votes, but it has
certainly happened to our members over other parts of Debian work, and
with a level of maliciousness and persistence that's quite staggering.

I do think it's reasonable for people to be worried about this.

-- 
Russ Allbery (r...@debian.org)  

Re: Informal Discussion: Identities of Voters Casting a Particular Ballot are No Longer Public

[Sam Hartman]

> "Don" == Don Armstrong  writes:
Don> We should also enable independent tabulation,[1] which you get
Don> automatically when votes are not secret. [Devotee enables this
Don> currently as well, but future non-devotee systems might not.]

I think the following text already in the constitution is sufficient to
get you independent tabulation; am I missing something?
>Votes, tallies, and
>   results are not revealed during the voting period; after the vote
>   the Project Secretary lists all the votes cast. 

Don> I'd also appreciate hearing more specific examples of where
Don> someone wasn't able to vote their true preference because the
Don> vote was public. I currently plan to offer (or second) an
Don> amendment to this proposal which strikes the section making all
Don> votes private and rank that higher than one which struck it,
Don> but I'm open to be convinced otherwise.

Don> My personal reasoning is that I see my role as a voting project
Don> member as more of a stewardship role where I'm trying to decide
Don> what is best for the project, rather than what is best for me
Don> personally, and I want to be seen as being a good steward for
Don> the project.

First, it looks like many participants in the discussion support your
view.  Right now, I haven't seen sufficient support for this proposal
that I would propose it as a GR.  If some of the people who advocated
for this during the rms GR don't step forward, I think we can avoid a
vote.

So, I think the key question is the one you raise above.
Are we acting as steward or are we acting on behalf of ourselves when we
vote in Debian?

In elections in my country, we have secret ballots.
One of the main reasons for that is that we don't want to be held to
account for our vote say either by our employers, or by a group of thugs
with baseball bats unhappy about how we voted.
That is, when we are making our own decisions as voters, we don't want
to have to explain our vote to anyone, and we don't want people to be
able to change their behavior toward us based on our vote.

In contrast, we typically demand that our elected representatives vote
publicly because we do want to hold them accountable: we want them to
account for ttheir votes to us when we decide whether to return them at
the next election.

If we are steward as Debian Developers, who are we stewards for?
Who should be able to hold us accountable?
I don't think we are representatives in the traditional sense of a
representative democracy.
Developers are not elected, and the same body that could potentially
remove us also has the franchise.
We have made a commitment that our goals are our users and the free
software community.
But I think the question is whether we will make better judgments  in
respecting those goals if we  need to be worried about how our votes
will be seen years later or how they will be used by people who disagree
with us.

Let's take the rms GR.

First, as a sponsor of one of the ballot options, I can definitely say I
got a lot more feedback both from within Debian and outside of Debian
than on any other thing I've sponsored.
Steve certainly found feedback he got to be harassment.
I did as well.

My understanding is that people on the other side of the issue got
feedback they believe was inappropriate as well.

My skin is fairly thick, but I absolutely can understand why people
aware of that harassment and contemplating voting would choose not to.
I think it is realistic to imagine that if Debian had made a statement
one way or another, someone who disagreed with that statement would have
done the leg work to make it easy for the Internet to express their
feelings at a set of voters.

Remember that the election was very close; one or two votes absolutely
would have changed the results.

But let's take some concrete examples.
I am not sure there were any FSF staff members who were DDs at the time
of the election.
(There have been FSF staff members who are developers in the past, but
there were a number of staffing changes at the FSF around then).
I think it entirely reasonable that a staff member might be worried
about how their employer would view a vote  critical of the president of
the organization.

Similarly, imagine a prominant developer at one of the organizations who
signed one of the letters and who was a DD.
It seems they might be uncomfortable voting against the position their
organization had taken.

I think these are both cases where our users and the free software
community would be better served by allowing people to vote what they
thought was best independent of pressure from outside employers or from
the Internet at large.
I think the concern about employers is significant enough that only
making votes available to other developers would be insufficient.

For me, I can't think of good reasons to actually know how someone else
voted.  I've been tempted to use that data over the years (and have

Re: Informal Discussion: Identities of Voters Casting a Particular Ballot are No Longer Public

[Philip Hands]

Stefano Rivera  writes:

> Hi Philip (2022.02.14_13:55:45_+)
>> Under what circumstances are we expecting people to think that letting
>> other DDs know how they voted is going to be against their interests?
>
> From the discussions around recent GRs, I saw that there were community
> members who were uncomfortable making their views on an particular
> decisions public. Not because of fear of attack from a single toxic
> person, but rather that there'd be many people who disagreed with their
> vote.
>
> I can imagine this if you are voting for the unpopular option, or an
> option perceived as not being politically correct.

I can imagine being fearful of that too, but what I'm interested in is
whether we have any evidence of that fear being justified.

If it is actually the case that any of our votes have been followed by
people giving one-another grief over their vote, that is one thing, and
I think we need to ensure that we have mechanisms for dealing with such
an eventuality.

On the other hand, if that does not actually happen, then I'd suggest
that it's better to establish that as a well known fact than to allow
people to continue being fearful that it might be something they should
expect.

I think going to a lot of effort to decide that ballots should be secret
strongly implies that we currently have such a problem, whether we do or
not, which seems only likely to amplify those fears regardless of
whether they are well founded.

Cheers, Phil.
-- 
|)|  Philip Hands  [+44 (0)20 8530 9560]  HANDS.COM Ltd.
|-|  http://www.hands.com/http://ftp.uk.debian.org/
|(|  Hugo-Klemm-Strasse 34,   21075 Hamburg,GERMANY


signature.asc
Description: PGP signature

Re: Informal Discussion: Identities of Voters Casting a Particular Ballot are No Longer Public

[Stefano Rivera]

Hi Philip (2022.02.14_13:55:45_+)
> Under what circumstances are we expecting people to think that letting
> other DDs know how they voted is going to be against their interests?

From the discussions around recent GRs, I saw that there were community
members who were uncomfortable making their views on an particular
decisions public. Not because of fear of attack from a single toxic
person, but rather that there'd be many people who disagreed with their
vote.

I can imagine this if you are voting for the unpopular option, or an
option perceived as not being politically correct.

SR

-- 
Stefano Rivera
  http://tumbleweed.org.za/
  +1 415 683 3272

Re: Informal Discussion: Identities of Voters Casting a Particular Ballot are No Longer Public

[Andrey Rahmatullin]

On Mon, Feb 14, 2022 at 02:55:45PM +0100, Philip Hands wrote:
> >> > I don't actually care if our votes are readable by the general public,
> >> > so would one way of addressing the concerns of attracting abuse would be
> >> > to make the tally sheet only available to DDs behind authentication?
> >> 
> >> I very much agree with the above.
> >> I don't see why I would want to hide my opinion from the other DDs.
> >
> > Making the ballot secret makes it possible for one to not do so if they
> > feel that is against their best interests, but does not stop you from
> > stating your opiniion publicly.
> 
> Under what circumstances are we expecting people to think that letting
> other DDs know how they voted is going to be against their interests?
"Call for experiences of <>"

> If we are assuming that some DDs might start attacking people based on
> the way they voted, then I'd suggest that it's more important to eject
> such toxic people from Debian than it is to try to mitigate their
> toxicity using measures that have negative side-effects.
That would indeed be good, ideally.

-- 
WBR, wRAR


signature.asc
Description: PGP signature

Re: Informal Discussion: Identities of Voters Casting a Particular Ballot are No Longer Public

[Jean-Philippe MENGUAL]

Le 14/02/2022 à 14:55, Philip Hands a écrit :

Antonio Terceiro  writes:


On Mon, Feb 14, 2022 at 12:01:43PM +0100, Thomas Goirand wrote:

On 2/14/22 10:36, Philip Hands wrote:

I don't actually care if our votes are readable by the general public,
so would one way of addressing the concerns of attracting abuse would be
to make the tally sheet only available to DDs behind authentication?


I very much agree with the above.
I don't see why I would want to hide my opinion from the other DDs.


Making the ballot secret makes it possible for one to not do so if they
feel that is against their best interests, but does not stop you from
stating your opiniion publicly.


Under what circumstances are we expecting people to think that letting
other DDs know how they voted is going to be against their interests?


Well, again, see the thread about RMS GR. I remember there wer some 
really strong attacks between DDs or outside. Debian is a mulcicultural 
aned international project, with different cultures of democracy. It is 
a strength, but also really hard when addressing political topics.




If we are assuming that some DDs might start attacking people based on
the way they voted, then I'd suggest that it's more important to eject
such toxic people from Debian than it is to try to mitigate their
toxicity using measures that have negative side-effects.


This point is right. But I am not sure Debian is robust enough, today, 
to expell easily, quickly and without the victims to be disappointed to 
make part of the project, someone. recent examples show how such 
decisions are difficult, controversial, and while CT + DAM + DPL work on 
this, I think it is a long-term thought, given the original culture of 
Debian and the current society state of mind.


regards



Cheers, Phil.

Re: Informal Discussion: Identities of Voters Casting a Particular Ballot are No Longer Public

[Antonio Terceiro]

On Mon, Feb 14, 2022 at 02:55:45PM +0100, Philip Hands wrote:
> Antonio Terceiro  writes:
> 
> > On Mon, Feb 14, 2022 at 12:01:43PM +0100, Thomas Goirand wrote:
> >> On 2/14/22 10:36, Philip Hands wrote:
> >> > I don't actually care if our votes are readable by the general public,
> >> > so would one way of addressing the concerns of attracting abuse would be
> >> > to make the tally sheet only available to DDs behind authentication?
> >> 
> >> I very much agree with the above.
> >> I don't see why I would want to hide my opinion from the other DDs.
> >
> > Making the ballot secret makes it possible for one to not do so if they
> > feel that is against their best interests, but does not stop you from
> > stating your opiniion publicly.
> 
> Under what circumstances are we expecting people to think that letting
> other DDs know how they voted is going to be against their interests?
> 
> If we are assuming that some DDs might start attacking people based on
> the way they voted, then I'd suggest that it's more important to eject
> such toxic people from Debian than it is to try to mitigate their
> toxicity using measures that have negative side-effects.

Hm, I think I missed the bit where Thomas was replying specifically to
the suggestion of the list being only available to project members. I
think that is probably OK.

On the other hand, in elections in general, vote secrecy is one way of
discouraging an external party from coercing voters into voting a
certain way.  For this they need proof of how each voter voted.

In such a scenario, someone wanting to mess with Debian would be able to
to this by compromising (in one way or another) a single DD to have
access to the tally, and then be able to verify whether the votes they
expected to get via coercion are in place.

Maybe it is too far fetched to imagine Debian is at any risk of being
attacked like this, but I think making votes secret is easy enough that
the burden of doing it is minimal.


signature.asc
Description: PGP signature

Re: Informal Discussion: Identities of Voters Casting a Particular Ballot are No Longer Public

[Philip Hands]

Antonio Terceiro  writes:

> On Mon, Feb 14, 2022 at 12:01:43PM +0100, Thomas Goirand wrote:
>> On 2/14/22 10:36, Philip Hands wrote:
>> > I don't actually care if our votes are readable by the general public,
>> > so would one way of addressing the concerns of attracting abuse would be
>> > to make the tally sheet only available to DDs behind authentication?
>> 
>> I very much agree with the above.
>> I don't see why I would want to hide my opinion from the other DDs.
>
> Making the ballot secret makes it possible for one to not do so if they
> feel that is against their best interests, but does not stop you from
> stating your opiniion publicly.

Under what circumstances are we expecting people to think that letting
other DDs know how they voted is going to be against their interests?

If we are assuming that some DDs might start attacking people based on
the way they voted, then I'd suggest that it's more important to eject
such toxic people from Debian than it is to try to mitigate their
toxicity using measures that have negative side-effects.

Cheers, Phil.
-- 
|)|  Philip Hands  [+44 (0)20 8530 9560]  HANDS.COM Ltd.
|-|  http://www.hands.com/http://ftp.uk.debian.org/
|(|  Hugo-Klemm-Strasse 34,   21075 Hamburg,GERMANY


signature.asc
Description: PGP signature

Re: Informal Discussion: Identities of Voters Casting a Particular Ballot are No Longer Public

[Antonio Terceiro]

On Mon, Feb 14, 2022 at 12:01:43PM +0100, Thomas Goirand wrote:
> On 2/14/22 10:36, Philip Hands wrote:
> > I don't actually care if our votes are readable by the general public,
> > so would one way of addressing the concerns of attracting abuse would be
> > to make the tally sheet only available to DDs behind authentication?
> 
> I very much agree with the above.
> I don't see why I would want to hide my opinion from the other DDs.

Making the ballot secret makes it possible for one to not do so if they
feel that is against their best interests, but does not stop you from
stating your opiniion publicly.


signature.asc
Description: PGP signature

Re: Informal Discussion: Identities of Voters Casting a Particular Ballot are No Longer Public

[Jean-Philippe MENGUAL]

Hi,


Jean-Philippe MENGUAL
Debian Developer non uploading
Community team member
Accessibility team member
debian-l10n-french team member
President of Debian France non-profit organization

Le 14/02/2022 à 12:01, Thomas Goirand a écrit :

On 2/14/22 10:36, Philip Hands wrote:

I don't actually care if our votes are readable by the general public,
so would one way of addressing the concerns of attracting abuse would be
to make the tally sheet only available to DDs behind authentication?


I very much agree with the above.


I don't. When I remember how the debates were stressful and painful, and 
with harasment to persons (I mean during the GR debate), I think some 
GHRs require secret votes. Neither I care other DDs to see my votes when 
it affects Debian (DPL, internal GRs, etc), or a technical debate, 
issue. But from the time Debian starts addressing non-technical topics, 
I want my vote to be secret.
For reminde, even once the vote was started, pressures went on to 
influence vote. So...




I don't see why I would want to hide my opinion from the other DDs.

Going this path, I don't think we would need to vote on it. Please, if 
possible, avoid too much voting if we have other ways to fix the issue: 
this is exhausting everyone.


hmm I agree with this. Votes would not need to be secret if Debian would 
not start taking political decisions. I hope the project will not need 
it often. Anyway this situation needs to be addressed in our processes.


regards



Cheers,

Thomas Goirand (zigo)

Re: Informal Discussion: Identities of Voters Casting a Particular Ballot are No Longer Public

[Thomas Goirand]

On 2/14/22 10:36, Philip Hands wrote:

I don't actually care if our votes are readable by the general public,
so would one way of addressing the concerns of attracting abuse would be
to make the tally sheet only available to DDs behind authentication?


I very much agree with the above.
I don't see why I would want to hide my opinion from the other DDs.

Going this path, I don't think we would need to vote on it. Please, if 
possible, avoid too much voting if we have other ways to fix the issue: 
this is exhausting everyone.


Cheers,

Thomas Goirand (zigo)

Re: Informal Discussion: Identities of Voters Casting a Particular Ballot are No Longer Public

[Philip Hands]

Sam Hartman  writes:

> Rationale
> =
>
> During the vote for GR_2021_002o, several developers said they were
> uncomfortable voting because under the process at that time, their name
> and ballot ranking would be public.

I know that was said in the discussion at the time, but I wonder to what
extent people either subsequently received any abuse about it, or
modified their voting behaviour in response to that fear.

Do we have any evidence that either thing happened?

Also, it seems to me that the problem we're considering is that toxic
people who are not really interested in Debian at all, might stumble
across Debian voting results, and then use what they find as a reason to
persecute some of us on-line.  Is that about right?

I have used the results of votes in the past to start conversations with
people that I disagree with in some issue in order to better understand
how they came to the other view. One can generally find someone on the
other side of the argument who you already know and respect, which makes
it much harder to dismiss them as an idiot. I'd miss that in a properly
secret ballot.

I don't actually care if our votes are readable by the general public,
so would one way of addressing the concerns of attracting abuse would be
to make the tally sheet only available to DDs behind authentication?

Cheers, Phil.
-- 
|)|  Philip Hands  [+44 (0)20 8530 9560]  HANDS.COM Ltd.
|-|  http://www.hands.com/http://ftp.uk.debian.org/
|(|  Hugo-Klemm-Strasse 34,   21075 Hamburg,GERMANY


signature.asc
Description: PGP signature

Re: Informal Discussion: Identities of Voters Casting a Particular Ballot are No Longer Public

[Russ Allbery]

Felix Lechner  writes:

> People expecting (or maybe hoping for?) more political controversy may
> feel differently; see below.

> I personally would rather avoid the controversies, and the votes, that
> lead to such fears.

I'm not quite in agreement in that I think some controversies shouldn't be
avoided, but I largely feel similarly.  However, given that six members of
the project can force a vote on basically any topic, I don't think it's
realistic to assume that we will always be able to avoid political votes.
The bar to bringing a GR to a vote is (intentionally) not high.

-- 
Russ Allbery (r...@debian.org)  

Re: Informal Discussion: Identities of Voters Casting a Particular Ballot are No Longer Public

[Russ Allbery]

Sam Hartman  writes:

> In general I'm proposing that the chair of the TC make the decision of
> who acts as secretary for that vote.  The rationale there is that they
> are the backup secretary for a number of constitutional functions
> already.

This works for me.  Thank you!

-- 
Russ Allbery (r...@debian.org)  

Re: Informal Discussion: Identities of Voters Casting a Particular Ballot are No Longer Public

[Felix Lechner]

Hi,

On Sun, Feb 13, 2022 at 2:30 PM Don Armstrong  wrote:
>
> I'd also appreciate hearing more specific examples of where someone
> wasn't able to vote their true preference because the vote was public.

People expecting (or maybe hoping for?) more political controversy may
feel differently; see below.

I personally would rather avoid the controversies, and the votes, that
lead to such fears.

> Recently posted here in another recent thread:
>
> This matter is extremely important for me, as soon as Debian starts
> voting political/social GRs and not only technical ones.

Kind regards
Felix Lechner

Re: Informal Discussion: Identities of Voters Casting a Particular Ballot are No Longer Public

[Sam Hartman]

> "Don" == Don Armstrong  writes:
Don> If we make all votes secret we should require that the voting
Don> system used enables voters to validate that their vote was
Don> correctly recorded and tabulated in the final vote count.
Note that our current constitution does not require this for DPL votes.
Do you think this is important enough to require in the constitution?
I'm guessing yes since you bring it up, but I want to ask explicitly.




Don> We should also enable independent tabulation,[1] which you get
Don> automatically when votes are not secret. [Devotee enables this
Don> currently as well, but future non-devotee systems might not.]


Don> 1: Where someone can take each individual vote and calculate
Don> the results themselves.

Same question for this.

Would you be willing to propose a merge request for these two properties
if you think it is important that we require them in the constitution?

Do people like Pierre-Elliott who favor cryptographic approaches have
comments on these two properties?
I want to make sure that if we're ruling out some anonymous voting
system someone favors, we do so explicitly.



signature.asc
Description: PGP signature

Re: Informal Discussion: Identities of Voters Casting a Particular Ballot are No Longer Public

[Don Armstrong]

On Sun, 13 Feb 2022, Sam Hartman wrote:
> 1) Do not make the identity of a voter casting a particular vote
> public.

If we make all votes secret we should require that the voting system
used enables voters to validate that their vote was correctly recorded
and tabulated in the final vote count.

The existing system for DPL votes has this property, but future systems
might not.

We should also enable independent tabulation,[1] which you get
automatically when votes are not secret. [Devotee enables this currently
as well, but future non-devotee systems might not.]

I'd also appreciate hearing more specific examples of where someone
wasn't able to vote their true preference because the vote was public. I
currently plan to offer (or second) an amendment to this proposal which
strikes the section making all votes private and rank that higher than
one which struck it, but I'm open to be convinced otherwise.

My personal reasoning is that I see my role as a voting project member
as more of a stewardship role where I'm trying to decide what is best
for the project, rather than what is best for me personally, and I want
to be seen as being a good steward for the project. I also think the
large number of voters masks the impact of a single individual vote.
[But maybe this is a personal safety issue? Perhaps people should be
able to optionally mask their identity when voting? Not sure.]


1: Where someone can take each individual vote and calculate the results
themselves.

-- 
Don Armstrong  https://www.donarmstrong.com

You could say to the Universe this is not /fair/. And the Universe
would say: Oh it isn't? Sorry.
 -- Terry Pratchett _Soul Music_ p357

Re: Informal Discussion: Identities of Voters Casting a Particular Ballot are No Longer Public

[Sam Hartman]

Russ, and others who cared about the issue.  I wanted to draw your
attention to how I'm proposing to approach who runs the vote for
secretary overrides.

In general I'm proposing that the chair of the TC make the decision of
who acts as secretary for that vote.
The rationale there is that they are the backup secretary for a number
of constitutional functions already.

I explicitly say that it is fine for them to conduct the vote if it's
not a vote to override their decision.
First, note if they are acting as secretary for some other reason
(secretary is absent without a delegation), it might be their decision
subject to override.

However, in many cases it will not be their decision, and since they are
the backup secretary it seems reasonable for them to conduct the vote.

I do not forbid the chair of the TC from decising that the secretary
conduct a vote to override the secretary's decision.
I actually think there may be some cases where it's generally agreed
that the secretary made a decision but doesn't have huge skin in the
game.


I also do not provide a way to override the decision of who conducts the
vote--not even when the TC chair is deciding who handles a vote to
override their own decision.
It can't be turtles all the way down or five developers could bring
everything to a grinding halt  proposing to override the person
overriding the override of the overriden override.
My hope is that especially in a situation where they are involved, the
TC Chair will seek input and wait until the project comes up with
someone very well respected who hasn't been involved.
If they fail to do that, I think replacing the secretary (and/or the TC
chair) is a better fix than overriding a single decision.

Here's my thinking on the entire matrix of issues here.

1) We could just fall back on being able to replace the secretary.  If
we don't like what they doing, remove them.
I think that's the wrong answer because:

2) The secretary already has a lot of power regarding how votes are
conducted.  This proposal emphasizes that.  It is already clear project
members want a clear voice on that.  So I want to give them a mechanism
to have that voice.  (There have been a couple of what to me appeared
controversial decisions of the secretary in the past: the decision
around the policy delegation and the decision on how the TC doesn't
interact with DPL delegated decisions, even when those decisions are
technical.)  I'll admit I've always been a bit uncomfortable that the
project had little recourse if it disagreed with the secretary there.

3) But I'm mostly imagining this mechanism to be used in cases where we
have a secretary who is working well, but a single decision needs review
by the project.
I think it is reasonable to trust everyone involved to be acting in what
they see as the project's best interest.
If there are doubts of that nature, I think changing staff is best.
So, I don't want to go over board with the paranoia.
That said, recent world politics have reminded me that sometimes these
corner cases around change of power matter.


Here are other options I could support:

* Explicitly say that you can never conduct a vote regarding overriding
  a decision you made.

* Introducing some mechanism to choose who conducts a vote to override a
  decision of the TC chair acting as secretary.  I don't know who to
  pick though; DPL is a bad choice because of their power to introduce a
  GR.

* Give up on the whole thing and fall back to replacing the secretary if
  there is a problem.  I'd rank that above FD, but I'd prefer the
  current proposal.

I'd appreciate any thoughts on this.


signature.asc
Description: PGP signature

Informal Discussion: Identities of Voters Casting a Particular Ballot are No Longer Public

[Sam Hartman]

This starts informal discussion of a proposed general resolution to
amend the constitution.  I am not seeking sponsors at this time.
Comments including support or alternatives are welcome.  I think this is
mature enough to seek review from the secretary.

Rationale
=

During the vote for GR_2021_002o, several developers said they were
uncomfortable voting because under the process at that time, their name
and ballot ranking would be public.
A number of participants in the discussion believe that we would get
election results that more accurately reflect the will of the developers
if we do not make the name associated with a particular vote on the
tally sheet public.
Several people believed that the ranked votes without names attached
would still be valuable public information.

This proposal would treat all elections like DPL elections.
At the same time it relaxes the requirement that the secretary must
conduct a vote via email.  There are no current plans to move away from
email, although some members of the project want to explore
alternatives.  If this proposal passes, adopting such an alternative
would require sufficient support in the project but would not require
another constitutional amendment.

This proposal relies on the secretary's existing power to decide how
votes are conducted.  During discussion we realized that there is no
mechanism to override a specific decision of the secretary, and the
language allowing the project to replace the secretary is ambiguous.

Summary of Changes
==


1) Do not make the identity of a voter casting a particular vote
public.

2) Do not require that votes be conducted by email.

3) Clarify that the developers can replace the secretary at any time.

4) Provide a procedure for overriding the decision of the project
secretary or their delegate.  Overriding the decision of what super
majority is required or overriding the determination of election
outcome requires a 3:1 majority.  The chair of the technical committee
decides who conducts such votes.


General Resolution==

The developers resolve to make the changes to the Debian Constitution
embodied in git commit 030405434d040e14bbebebaeda64555b5c1ee16a.
As of February 13, 2022, this commit can be found at
https://salsa.debian.org/hartmans/webwml/-/commit/030405434d040e14bbebebaeda64555b5c1ee16a




For convenience a word-diff of the changes is included below.  In case
the diff differs from the commit, the commit governs.  @@ -179,9 +179,27
@@ earlier can overrule everyone listed later. 

  
[-In case of-]{+Appoint+} a [-disagreement between-]{+new secretary. 
In the normal case ( 7.2) where+} the project
leader and {+secretary agree on+} the [-incumbent-]{+next+} secretary, 
[-appoint a new secretary.-]{+this power of+}
{+the developers is not used.+}
  
  {++}
{+Override a decision of the project secretary or their+}
{+delegate.+}

{+Overriding the determination of what super majority is required+}
{+for a particular ballot option or overriding the determination of+}
{+the outcome of an election requires the developers to agree by a+}
{+3:1 majority.  The determination of the majority required to+}
{+override a decision of the secretary is not subject to+}
{+override.+}

{+The chair of the technical committee decides who acts as+}
{+secretary for a general resolution to override a decision of the+}
{+project secretary or their delegate. If the decision was not made+}
{+by the chair of the technical committee, the committee chair may+}
{+themselves act as secretary. The decision of who acts as secretary+}
{+for such a general resolution is not subject to override.+}


4.2. Procedure
@@ -228,9 +246,10 @@ earlier can overrule everyone listed later.

   Votes are taken by the Project Secretary. Votes, tallies, and
   results are not revealed during the voting period; after the
   vote the Project Secretary lists all the votes cast. The
   {+identity of a developer casting a particular vote is not made+}
{+   public. The+} voting period is 2 weeks, but may be varied by up
   to 1 week by the Project Leader. 

  

@@ -247,7 +266,7 @@ earlier can overrule everyone listed later.
  

  
Votes are cast[-by email-] in a manner suitable to the Secretary.
The Secretary determines for each poll whether voters can change
their votes.
  
@@ -371,8 +390,7 @@ earlier can overrule everyone listed later.
  necessary.

  The next two weeks are the polling period during which
  Developers may cast their votes. [-Votes in leadership elections are-]
[-  kept secret, even after the election is finished.-]{++}

  The options on the ballot will be those candidates who have
  nominated themselves and have not yet withdrawn, plus None Of The


The diff does a completely horrid job of capturing the