evmpl license

From: Clay Lenhart <clay_at_lenharts_dot_net>
Date: Tue Sep 09 2003 - 21:31:41 CDT

Hey everyone, I'm new to the group. I'm mostly interested in the
electronic safeguards of the application, and I have some ideas I'll
propose soon. My second interest is making sure that they voting
methods are flexible for a varity of purposes. I think there are better
voting methods than plurality voting. First I have a couple of
suggestions about the license.

Technically speeking, if I use the evm application for voting, I am not
required to release the source code -- depending on your view of what
distribution means. All I have to do it keep a diff of the changes and
not release those diffs, and I'm complying with the license.

I think the real issue is that the code used in the election must be
publically auditable. Lets change the license to require the Gov agency
to release the source code used in the election.

The revision tracking clause will create extra burdon on the gov agency
--- when we really are not interested in their development process. If
they release the complete source code, we can run the diffs to see what
changed. Is the revision tracking clause neccessary?

I propose that we change the license to:

<same>The EVMPL is identical to the GPL, with the exception of the
following additional clause:</same>

<changed>Using the software for voting purposes is considered
"distribution of software" under this agreement. All rights and
restrictions must be obeyed as if the software were actually
distributed.</changed>

<same>The purpose of this additional clause is to assure that the
special audit requirements for voting machine certification are met (or
at least meet-able) by revisions to EVM.</same>

Or something like that. Perhaps the wording can be cleaned up. If we
agree to this direction, I can ask a friend to review it to make sure we
are using the right legal catch phrases.

I went back and read the reasoning to the revision tracking in the
mailing list archives, and although revision tracking will make an
auditor's job easier, it is not strictly necessary. The clause assumes
that we did not make the mistake. In reality, we might make the
mistake, but to an auditor, it will not matter. All that matters is,
under what conditions were the elections conducted. Only the voting
conditions must be documented.

Secondly, if I were auditing the software in an election, I would not
trust the revision history. People mess up, especially if there is time
pressure. I could see someone modifying the code before putting it
under revision control. When they do put it under revsion control, the
first posting looks like is not modified from the original.

-Clay
==================================================================
= The content of this message, with the exception of any external
= quotations under fair use, are released to the Public Domain
==================================================================
Received on Tue Sep 30 23:17:02 2003

This archive was generated by hypermail 2.1.8 : Tue Sep 30 2003 - 23:17:09 CDT