<html>
<head>
<meta content="text/html; charset=utf-8" http-equiv="Content-Type">
</head>
<body bgcolor="#FFFFFF" text="#000000">
When we release, we will post our source code. <br>
<br>
<br>
Thanks,<br>
<br>
<br>
<div class="moz-cite-prefix">On 8/31/15 11:26 AM, David RR Webber
(XML) wrote:<br>
</div>
<blockquote
cite="mid:20150831082634.dc066b1d4d2e0a1a65719ae85a8071e6.4b2277eff6.wbe@email03.secureserver.net"
type="cite"><span style="font-family:Verdana; color:#000000;
font-size:10pt;">
<div>The folks actually have their source code up on GitHub:</div>
<div><br>
</div>
<div><a moz-do-not-send="true"
href="https://vote.heliosvoting.org/about">https://vote.heliosvoting.org/about</a><br>
</div>
<div><br>
</div>
<div><a moz-do-not-send="true"
href="https://github.com/benadida/helios-server">https://github.com/benadida/helios-server</a><br>
</div>
<div><br>
</div>
<div>I'm not a big fan of encryption and shuffling mechanisms
WRT voting - as its a barrier to transparency and
verification. However - having source code on GitHub clearly
is a good thing. Not sure how much documentation and design
detail is also there - but its a start for sure.</div>
<div><br>
</div>
<div>David</div>
<div><br>
</div>
<blockquote id="replyBlockquote" webmail="1" style="border-left:
2px solid blue; margin-left: 8px; padding-left: 8px;
font-size:10pt; color:black; font-family:verdana;">
<div id="wmQuoteWrapper">
-------- Original Message --------<br>
Subject: Re: [CAVO] Please give opinions and clarifying
information on<br>
these responses<br>
From: "Juan E. Gilbert" <<a moz-do-not-send="true"
href="mailto:juan@ufl.edu">juan@ufl.edu</a>><br>
Date: Mon, August 31, 2015 9:15 am<br>
To: <a moz-do-not-send="true"
href="mailto:masson@opensource.org">masson@opensource.org</a>,
CAVO <<a moz-do-not-send="true"
href="mailto:cavo@opensource.org">cavo@opensource.org</a>><br>
Cc: <a moz-do-not-send="true"
href="mailto:debbryant@opensource.org">debbryant@opensource.org</a><br>
<br>
Question, is there currently any open source GPL v.3 voting
software available? I was told that when we release Prime
III in September, it will be the first. I'm trying to
confirm that true.<br>
<br>
<br>
Thanks,<br>
<br>
<br>
<div class="moz-cite-prefix">On 8/29/15 3:32 PM, Juan E.
Gilbert wrote:<br>
</div>
<blockquote cite="mid:55E208B9.9020900@ufl.edu" type="cite">
Patrick, Prime III will be released, probably on GitHub,
in September, see <a target="_blank"
moz-do-not-send="true" class="moz-txt-link-freetext"
href="http://www.knightfoundation.org/grants/201551186/">http://www.knightfoundation.org/grants/201551186/</a><br>
<br>
We received a grant to release it. New Hampshire is using
it Statewide in 2016. So, it will be there. I'm working on
the finishing touches to release it.<br>
<br>
All of your other comments, make sense to me. I don't know
Alan Dechert either, but I agree, he's someone we should
know. The work he describes, we have done with Prime III
as well.<br>
<br>
Thanks,<br>
<br>
<br>
<div class="moz-cite-prefix">On 8/29/15 1:52 PM, Patrick
Masson wrote:<br>
</div>
<blockquote
cite="mid:1440870739.29433.51.camel@patrick-HP-EliteBook-Folio-9470m"
type="cite"> All,<br>
<br>
Here are some comments based on my initial review. I am
particularly concerned with item eleven, OSET's
response.<br>
<br>
1. Clear Ballot (<a moz-do-not-send="true"
href="http://clearballot.com">clearballot.com</a>) is
not distributed with an OSI Approved Open Source
License.<br>
<<a target="_blank" moz-do-not-send="true"
href="http://sfgov2.org/ftp/uploadedfiles/elections/rfi/20150811_RCVBallotDesign.pdf">http://sfgov2.org/ftp/uploadedfiles/elections/rfi/20150811_RCVBallotDesign.pdf</a>>
<br>
2. International Voting Machines response states: "We
are negotiable on certification and public review of
software; not open source"<br>
<<a target="_blank" moz-do-not-send="true"
href="http://sfgov2.org/ftp/uploadedfiles/elections/rfi/20150818_IVM.pdf">http://sfgov2.org/ftp/uploadedfiles/elections/rfi/20150818_IVM.pdf</a>><br>
3. No documentation of open source claims (GPL3) for
Prime III. Claims of open source license without access
to code is meaningless.<br>
<<a target="_blank" moz-do-not-send="true"
href="http://sfgov2.org/ftp/uploadedfiles/elections/rfi/20150826_PrimeIII.pdf">http://sfgov2.org/ftp/uploadedfiles/elections/rfi/20150826_PrimeIII.pdf</a>><br>
4. Statements like, "Designed so that all or part of the
system’s software operates using open source software."
and "Everyone Counts is based on open-source software
while maintaining the security of a locked down system."
are antithetical. Upon review, it could not be
determined if the "eLect" software is actually
distributed with an OSI Approved Open Source License.<br>
<<a target="_blank" moz-do-not-send="true"
href="http://sfgov2.org/ftp/uploadedfiles/elections/rfi/20150827_EC.pdf">http://sfgov2.org/ftp/uploadedfiles/elections/rfi/20150827_EC.pdf</a>><br>
5, The only information provided in response to
"Designed so that all or part of the system’s software
operates using open source software." is "The database
used by the Electionware election definition system is
PostgreSQL, a scalable open source database." Obviously
this does not apply to the actual election software.<br>
<<a target="_blank" moz-do-not-send="true"
href="http://sfgov2.org/ftp/uploadedfiles/elections/rfi/20150828_ES&S.pdf">http://sfgov2.org/ftp/uploadedfiles/elections/rfi/20150828_ES&S.pdf</a>><br>
6. I do not know who Alan Dechert is but he sounds like
someone CAVO should reach out to. He seems very
committed.<br>
<<a target="_blank" moz-do-not-send="true"
href="http://sfgov2.org/ftp/uploadedfiles/elections/rfi/20150828_Dechert.pdf">http://sfgov2.org/ftp/uploadedfiles/elections/rfi/20150828_Dechert.pdf</a>><br>
7. Digital Foundry's response seems to be a proposal to
build a system. While they seem positively inclined
toward open source, they do not state specifically that
the work developed would be assigned an OSI Approved
Open Source License.<br>
<<a target="_blank" moz-do-not-send="true"
href="http://sfgov2.org/ftp/uploadedfiles/elections/rfi/20150828_DigitalFoundryResponse.pdf">http://sfgov2.org/ftp/uploadedfiles/elections/rfi/20150828_DigitalFoundryResponse.pdf</a>><br>
8. In response to the RFI's statement, "Designed so that
all or part of the system’s software operates using open
source software." HartInterCivic states, "Yes. Verity is
designed to use open source software." Using open source
software (e.g. Linux OS, noSQL DB, etc.) is not the same
as the elections/voting software being released with an
OSI Approved Open Source License.<br>
<<a target="_blank" moz-do-not-send="true"
href="http://sfgov2.org/ftp/uploadedfiles/elections/rfi/20150828_Hart.pdf">http://sfgov2.org/ftp/uploadedfiles/elections/rfi/20150828_Hart.pdf</a>><br>
9. In response to the RFI's statement, "Designed so that
all or part of the system’s software operates using open
source software," Dominion Voting states, "Dominion’s
Democracy Suite is designed so that parts of the
system’s software operates using open source software,
such as the use of Linux for the development of
ImageCast optical scan tabulators. In addition, due to
the fa ct that many COTS components form part of the
voting system, additional system components operate on
open source software, such as the Android platform used
in conjunction with the ImageCast X voting terminal."
Using open source software (e.g. Linux OS, Android,
etc.) is not the same as the elections/voting software
being released with an OSI Approved Open Source License.<br>
<<a target="_blank" moz-do-not-send="true"
href="http://sfgov2.org/ftp/uploadedfiles/elections/rfi/20150828_Dominion.pdf">http://sfgov2.org/ftp/uploadedfiles/elections/rfi/20150828_Dominion.pdf</a>><br>
10. Galois appears to seek a contract to build a system.
They make several claims, "Our products are all Open
Source, customers can purchase fit-for-purpose versions,
and we have a variety of support and service contracts."
"We can provide evidence of these claims by simply
referring evaluators to our Open Source product
repositories." Looking at their prior work / GitHub
repositories (<<a target="_blank"
moz-do-not-send="true"
href="https://github.com/GaloisInc">https://github.com/GaloisInc</a>>),
they appear to distribute work under the BSD license.<br>
<<a target="_blank" moz-do-not-send="true"
href="http://sfgov2.org/ftp/uploadedfiles/elections/rfi/20150828_Galois.pdf">http://sfgov2.org/ftp/uploadedfiles/elections/rfi/20150828_Galois.pdf</a>><br>
11. OSET has made two claims, that I am leery of: 1.
that they have submitted the OSET Public License (OPL)
or some other to the OSI. I am not aware of any
submission for review, but have asked the OSI Board to
confirm. The statement on page 9 that open source
licenses "may not work for procurement regulations" and
elections software requires "certain terms and
conditions," seem dubious.<br>
<<a target="_blank" moz-do-not-send="true"
href="http://sfgov2.org/ftp/uploadedfiles/elections/rfi/20150828_OSET.pdf">http://sfgov2.org/ftp/uploadedfiles/elections/rfi/20150828_OSET.pdf</a>><br>
12. In response to the RFI's statement, "Designed so
that all or part of the system’s software operates using
open source software," Clear Ballot states, "Clear
Ballot is built with modern software tools, allowing the
integration of many open source pieces of software in
its voting system. The main programming language is
Python and many of the web utilities come from open
source software." Using open source software in the
development of a system (e.g. Python, etc.) is not the
same as the elections/voting software itself being
released with an OSI Approved Open Source License.<br>
<<a target="_blank" moz-do-not-send="true"
href="http://sfgov2.org/ftp/uploadedfiles/elections/rfi/20150828_ClearBallot.pdf">http://sfgov2.org/ftp/uploadedfiles/elections/rfi/20150828_ClearBallot.pdf</a>><br>
<br>
Hope this helps,<br>
Patrick<br>
<br>
<br>
On Fri, 2015-08-28 at 22:56 -0700, Brent Turner wrote:
<blockquote type="cite" style="border-left: blue 2px
solid; margin-left: 8px; padding-left: 8px;"> <a
target="_blank" moz-do-not-send="true"
href="http://sfgov2.org/index.aspx?page=4892"><a class="moz-txt-link-freetext" href="http://sfgov2.org/index.aspx?page=4892">http://sfgov2.org/index.aspx?page=4892</a></a><br>
<br>
</blockquote>
<blockquote type="cite" style="border-left: blue 2px
solid; margin-left: 8px; padding-left: 8px;">
<pre>_______________________________________________
CAVO mailing list
<a target="_blank" moz-do-not-send="true" href="mailto:CAVO@opensource.org">CAVO@opensource.org</a>
<a target="_blank" moz-do-not-send="true" href="https://lists.opensource.org/cgi-bin/mailman/listinfo/cavo">https://lists.opensource.org/cgi-bin/mailman/listinfo/cavo</a>
</pre>
</blockquote>
<br>
<br>
<fieldset class="mimeAttachmentHeader"></fieldset>
<br>
<pre wrap="">_______________________________________________
CAVO mailing list
<a target="_blank" moz-do-not-send="true" class="moz-txt-link-abbreviated" href="mailto:CAVO@opensource.org">CAVO@opensource.org</a>
<a target="_blank" moz-do-not-send="true" class="moz-txt-link-freetext" href="https://lists.opensource.org/cgi-bin/mailman/listinfo/cavo">https://lists.opensource.org/cgi-bin/mailman/listinfo/cavo</a>
</pre>
</blockquote>
<br>
<pre class="moz-signature" cols="72">--
Juan E. Gilbert, Ph.D.
Andrew Banks Family Preeminence Endowed Professor & Chair
Computer & Information Science & Engineering Department
University of Florida
P.O. Box 116120
Gainesville, FL 32611
352.562.0784 (V)
352.392.1220 (F)
<a target="_blank" moz-do-not-send="true" class="moz-txt-link-abbreviated" href="mailto:juan@ufl.edu">juan@ufl.edu</a>
Twitter: @DrJuanGilbert
<a target="_blank" moz-do-not-send="true" class="moz-txt-link-freetext" href="http://www.juangilbert.com/">http://www.juangilbert.com/</a> </pre>
</blockquote>
<br>
<pre class="moz-signature" cols="72">--
Juan E. Gilbert, Ph.D.
Andrew Banks Family Preeminence Endowed Professor & Chair
Computer & Information Science & Engineering Department
University of Florida
P.O. Box 116120
Gainesville, FL 32611
352.562.0784 (V)
352.392.1220 (F)
<a moz-do-not-send="true" target="_blank" class="moz-txt-link-abbreviated" href="mailto:juan@ufl.edu">juan@ufl.edu</a>
Twitter: @DrJuanGilbert
<a moz-do-not-send="true" target="_blank" class="moz-txt-link-freetext" href="http://www.juangilbert.com/">http://www.juangilbert.com/</a> </pre>
<hr>_______________________________________________<br>
CAVO mailing list<br>
<a moz-do-not-send="true" href="mailto:CAVO@opensource.org">CAVO@opensource.org</a><br>
<a moz-do-not-send="true"
href="https://lists.opensource.org/cgi-bin/mailman/listinfo/cavo">https://lists.opensource.org/cgi-bin/mailman/listinfo/cavo</a><br>
</div>
</blockquote>
</span>
<br>
<fieldset class="mimeAttachmentHeader"></fieldset>
<br>
<pre wrap="">_______________________________________________
CAVO mailing list
<a class="moz-txt-link-abbreviated" href="mailto:CAVO@opensource.org">CAVO@opensource.org</a>
<a class="moz-txt-link-freetext" href="https://lists.opensource.org/cgi-bin/mailman/listinfo/cavo">https://lists.opensource.org/cgi-bin/mailman/listinfo/cavo</a>
</pre>
</blockquote>
<br>
<pre class="moz-signature" cols="72">--
Juan E. Gilbert, Ph.D.
Andrew Banks Family Preeminence Endowed Professor & Chair
Computer & Information Science & Engineering Department
University of Florida
P.O. Box 116120
Gainesville, FL 32611
352.562.0784 (V)
352.392.1220 (F)
<a class="moz-txt-link-abbreviated" href="mailto:juan@ufl.edu">juan@ufl.edu</a>
Twitter: @DrJuanGilbert
<a class="moz-txt-link-freetext" href="http://www.juangilbert.com/">http://www.juangilbert.com/</a> </pre>
</body>
</html>