Fw: OVC Press Release about certification of open source voting system

From: Alan Dechert <dechert_at_gmail_dot_com>
Date: Tue Oct 17 2006 - 12:25:13 CDT

I am forwarding (with permission) to OVC-discuss this response from Ron

He adds,

   Another item I missed in my list was operational and
   instructional documentation, for the voter, for the
   pollworker, for the technician, for the election official,
   and for the auditor. (This material should be mandatory
   for the submission, I'd say...)

   Also: I think it is important to have documentation
   of all of the data formats used, for any data that
   is transmitted between machines...

----- Original Message -----
From: "Ronald L. Rivest" <rivest@mit.edu>
To: "Alan Dechert" <alan@openvotingconsortium.org>
Cc: "John P. Wack" <john.wack@nist.gov>
Sent: Monday, October 16, 2006 11:04 AM
Subject: Re: OVC Press Release about certification of open source voting

> Hi Alan --
> Thanks for passing this along. Congratulations
> to the OVC for getting some momentum now on this
> process of making software available for public
> viewing.
> -- Where is the URL for the submission process?
> -- What exactly has to be submitted?
> -- Are you taking source only, or binaries too?
> -- Are you publishing hash values for the binaries?
> -- Must the vendor submit updates/modifications/patches too?
> -- Are you accepting design documentation?
> -- What about "make files" or other associated
> programs or configuration files required to
> build and/or install the software?
> -- What rights does the vendor retain?
> -- May others submit comments / bug reports? Is
> there a standard procedure for handling discovered
> vulnerabilities?
> -- If there are hardware dependencies and/or requirements
> on the hardware, how are these documented/disclosed?
> -- What documentation is required for dependencies on
> other programs (e.g. COTS drivers for touch-screens,
> operating system dependencies, printer drivers, etc.)?
> -- Is what is publicly available only enough to review,
> or enough to build and test? If the latter, does the
> public have the rights to do so?
> -- Is the public allowed to run diagnostic tools on the
> published software? (e.g. new static analysis tools
> for finding buffer overflows?)
> -- What sort of licenses are required in order to
> submit to OVC?
> You have started on a very interesting path! I look
> forward to hearing more. A much greater degree of
> transparency and openness in voting systems is certainly
> a wonderful goal to work towards!
> Cheers,
> Ron Rivest
> At 02:33 AM 10/16/2006, you wrote:
>>Ron, I am passing this along FYI.
> Ronald L. Rivest
> Room 32-G692, Stata Center, MIT, Cambridge MA 02139
> Tel 617-253-5880, Email <rivest@mit.edu>

OVC-discuss mailing list
= The content of this message, with the exception of any external
= quotations under fair use, are released to the Public Domain
Received on Tue Oct 31 23:17:05 2006

This archive was generated by hypermail 2.1.8 : Tue Oct 31 2006 - 23:17:10 CST