Last modified: 2013-06-06 00:41:56 UTC
It might be desirable to configure the Tally Page so that the decryption key could be entered online from there for use in a single tally run. If the key is never stored to disk it mitigates against abuse/theft/etc. It also might allow decryption to be done at SPI directly rather than on a separately configured wiki (which is a quite cumbersome approach). I suppose there is some small risk that someone could hack into SPI and be there to capture the key, but if someone did that they could pretty much feed in any number of bogus ballots to determine the elections. So if someone could hack SPI we'd already have bigger things to worry about.
I don't think there's much point in using GPG if we're going to do this. The only protection that the GPG encryption layer provides is protection for voter privacy against a server compromise at a single point in time, requiring instead an ongoing compromise for the duration of the vote. There are much better ways to do secure tallying. Maybe this can be implemented later for the benefit of non-Wikimedia users.
I would note that having a way to tally at SPI (regardless of how that is accomplished) would also be a work-around for the problem of server time outs during the uploading and downloading of the vote dump. So if one isn't going to go in this direction, then preventing those occurences takes on a higher importantance.
I was going to write a command-line dump script, that the SPI admin can run on the server. They can make the output available for password-protected download. The dump format would be modified to include election configuration information, so that a command-line tally script could do the tally and present the results without any special configuration. We know from experience that long-running PHP/apache processes with set_time_limit(0) are not very reliable, and that it's better to do such tasks on the command line where possible.
[Removing RESOLVED LATER as discussed in http://lists.wikimedia.org/pipermail/wikitech-l/2012-November/064240.html . Reopening and setting priority to "Lowest". For future reference, please use either RESOLVED WONTFIX (for issues that will not be fixed), or simply set lowest priority. Thanks a lot!]