Verification of the GNOME Foundation 2003 Elections Results

To run the vote counting scripts, you need to download this archive: 2003-verif.tar.gz.

Please note that you need make, wget, perl and python to run the verification.

Warning

The authentication tokens sent in the ballots were calculated with an old version of the MD5 perl module. It seems there is a bug in this version which make it impossible to get the same authentication tokens without this buggy module.

Note that the authentication tokens did work as expected: they are used to identify the member so we're sure it's him/her who did vote. The only problem arises when counting the votes: to verify the identity of a voter, you need the buggy module.

We needed to work around this bug so everyone could verify the results. This is why the verification software contains bad-token.txt: this file contains all the miscalculated tokens and every information needed to associate them with tokens that everyone can verify.

We advise every member to download the verification software and to verify that his/her counted vote is indeed the vote he/she sent

Running the verification

Here are the steps to obtain the results:

$ tar zxvf 2003-verif.tar.gz

$ cd 2003-verif

$ make

The results should be in results.txt. A list of errors will be generated at the top of the output. The final tallies will be at the bottom.

The verification software

With this verification software, you should get the same results that the one posted by the GNOME Foundation Membership and Elections Committee. You may want to verify the validity of this software, so here are some hints to help you:

• look at bad-token.txt: this file contains the list of all the validation tokens that were calculated using a misbehaving perl module. The only way to get these tokens is to use the misbehaving perl module. This file is used as a reference so we can replace the miscalculated tokens with tokens that everyone can verify.
• look at fix-token.pl: this script use bad-token.txt to search for the miscalculated authentication tokens in the vote archives and replace them with authentication tokens that everyon can verify. You can look at the source code to be sure it does its job well and does nothing else.
• look at registered-voters.txt: this file contains the list of voters. You can match it with the official list.
• look at vote-archives.diff: this file contains all the modifications that are made to the original vote archives to make the script work without any problem. The main modifications are due to UTF-8 problems or some misplaced characters. Some spams are also removed from the archives.
• look at vote-counter.py: this script does the counting. You can read its code if you want to search for serious bugs that may alter the results.