Last modified: 2009-06-23 07:40:07 UTC
The private key used in the licensing update vote required a password to decrypt the votes. Currently SecurePoll assumes that the private key has a blank password. Either there needs to be a way to enter a password into the Tallier (my preference), or there needs to be very firm and clear warning that the keys used in SecurePoll should have a blank password. For example a comment with big CAPITAL LETTERS in the setup files.
What setup files? The vote setup interface hasn't been written yet. I'll take this as a feature request for when it is written.
(In reply to comment #1) > What setup files? The vote setup interface hasn't been written yet. I'll take > this as a feature request for when it is written. > I was actually referring to the sample files passed to SPI. There was a warning that the signature needed to have no passphrase, but no warning about the decryption key. I suppose in the future the setup might be more robust than "here is some SQL code to load", but the underlying issue is still there. If the person uses a PGP key that requires a passphrase to decyrpt the software as currently written has no way of dealing with that.
You can't file a bug report against an email I sent. You could perhaps click the reply button in your email client. There are no setup files in SecurePoll. There is no setup interface where one might ask for a passphrase, but I'll keep passphrases in mind when I write one.