Re: readable source code [Re: OVC-discuss Digest, Vol 37, Issue 10]

From: Brian Behlendorf <brian_at_behlendorf_dot_com>
Date: Sun Nov 04 2007 - 19:32:02 CST

On Sun, 4 Nov 2007, Hamilton Richards wrote:
> No doubt you can, Fred, but the issue was whether it could be read by
> a significant fraction of the voting public. And the real issue is
> not how many people can read it, but how many could reason about it,
> well enough to construct a sound argument that it's correct.

In a properly run open source project, it's not only the code that is
publicly revealed - the methods of development are also public, as well as
all other artifacts such as requirements, test cases, architecture
documents, anything else essential to development. Furthermore, questions
by new users, asked publicly and answered publicly, form a knowlege base
that help grow the ecosystem and ensure the project can survive no matter
which developers move onto other endeavors, and no matter which companies
drop their involvement. I personally place much more trust in code around
which a healthy community exists, than even supposedly superior code built
in isolation.

Given this, whether the public can read or make judgements on the code by
itself matters far, far less than whether the public (or people they
trust) can see that the project involves a broad number of participants,
representing multiple interests, engaged at multiple levels, comprehending
the code and stewarding it onwards to new features and greater

Mere publishing of source code, however, does not create this kind of
community. It can even lead to confusion, as we've seen in this thread.
Faced with a mandate to reveal their source code, any existing voting
system vendor could simply release the end result of their development
efforts, and the public would not, IMHO, be that much better off in terms
of transparency, auditability, or giving precincts the freedom of choice
that open source software is supposed to bring.

> So I ask all of my fellow proponents of open-source election
> software: What would you do with it if you had it? Would you be able
> to construct such a convincing argument for its correctness that
> ballot printers could be dispensed with?

Heck no! The software should never be trusted to do the job correctly
without failsafes and auditing. There's no way any citizen can ensure
that the software running on the system is the software whose code they
know to be trustable, let alone the potential for missed bugs or hardware
issues. That shouldn't even be the goal of open source voting systems;
instead, it's about creating a flatter and more competitive environment
for the vendors, mitigating one source of distrust in the system, and
giving precincts more options to run the systems themselves.

Trust should come from designing a voting and counting process that uses
software to make it faster and easier to (optionally) mark and count paper
ballots, with mandated hand-checking of results and retaining all paper to
count in the event of a dispute later. Trust should not come from
thinking the computer stored and tallied the results correctly, with no
means to validate that result.

This is also why public disclosure of source code to voting systems is
*not* comparable to public disclosure of legal code. Legal code does not
implement a system, it is the definition of the system, for which the
concept of independent auditing doesn't apply.

> Because some readers of this list may misinterpret what I've just
> written as an attack on open source, let me reiterate that I am
> entirely in favor of making election software open-source. What I
> don't accept is the purported connection between open source and
> security, correctness, and validity.

We agree, and I doubt people would think I am likely to attack open
source, either. :)

I realize some people find these comments "unhelpful" to the cause -
sorry, folks. I think it's better to advocate for policies that are
highly defensible, like public funding for certification of open source
systems, rather than mandates to reveal source to systems.


OVC-discuss mailing list
By sending email to the OVC-discuss list, you thereby agree to release the content of your posts to the Public Domain--with the exception of copyrighted material quoted according to fair use, including publicly archiving at
= The content of this message, with the exception of any external
= quotations under fair use, are released to the Public Domain
Received on Fri Nov 30 23:17:10 2007

This archive was generated by hypermail 2.1.8 : Fri Nov 30 2007 - 23:17:31 CST