Voting and ensuring integrity

(Edit: removed some prefix stuff that was irrelevant to the vote-integrity)

While I don’t think we need to redo this poll (its fine as is) it does bring up two meta voting issues here that probably deserve their own threads

1: This is a good example of why we probably need to discuss ranked choice voting. I see this poll as “Copy left vs unrestricted” and I imagine many who picked MIT would be just as happy with MPL, and probably the same is true for GPL and EPL. (Edit: Actually this is an even better example of why we need ranked choice voting than I first thought)

  • At first I picked MIT
  • then I immediately saw MPL was more popular
  • I started to write a comment, but then realized I could change my vote. So I went and changed my vote to MLP, because I dont care if its MIT or MPL, I just want to support the more popular one
  • Then I thought I was donedone
  • For a different reason, check the vote today
  • Well now (like a day later) I see MIT is actually more popular, and I had to change my vote again back to MIT
  • While its unlikely to change again tomorrow, from a govenance standpoint it does present a problem in general if people need to check and update their vote frequently (all of us have limited time)

If it was ranked choice system I would’ve just said 1. MIT 2. MLP 3. BSD0 and boom, I’m done, doesnt matter what’s popular at the moment. I’ll only need to edit my vote if my opinion changes.

Theres a lot of benefits to ranked choice voting, CGP gray has a great video about why it is so important.

2: As another discussion, while I am a trusting person, I don’t think we should have the temptation for members to create multiple accounts to vote with. Even if 99% of us are great, one bad actor could swing everything through that loophole.

While I’m not particularly worried because I think this this poll is more meant to be informative (rather than a direct decision), those two things are things we should probably figure out before doing any real polls.

4 Likes

To me “other” refers to all SIG repos, and tools that we might create in the future. For example a ci tool to review packages.

This is part of the reason why we created this vote actually since previously GPLv3 Only and GPLv3 or later were split apart. To keep this easier we merged these options.

You are technically correct since we have no way ensuring that false votes won’t come in. But the issue here is that this will persist no matter what happens. The best thing we can do as moderators is view account creations and observe if they have similar IPs or are created with throw away emails.

Wow you’re fast haha, I tried to sneak some edits in but it looks like I was too slow so I’ll just give an update here.

To be clear, I don’t think we should redo the poll or anything. Its more like this is a v1 attempt at community vote, some issues were revealed, and I think they should be considered before future votes.

Understandable. But like right now (6:30am CST) is a perfect example of whwhy ranked choice would change the outcome.

  • If the vote ended at this moment MIT would win
  • But GPL and EUPL combined (33 and 22%) make up more than MIT. I bet if we asked the EUPL voters, many (maybe not all) would rather GPL win than MIT
  • BUT yet again, there are also votes for BSD0 and MPL that would likely do the same for MIT, potentially swinging back to MIT being the dominant one

If we had ranked choice, we wouldnt need to worry about such things.

3 Likes

Yeah, I’m trying to avoid doing work on my java assignment LOL.

I do see where you are coming from, but this just leads to a endless what if situation.

Yeah I’ve noticed that there have been a number of changes to the poll but with little change in how many people actually voted. I would largely attribute it to active discussions and people researching. But also partly to “I want a more permissive licence to win but my licence is losing, let me change my vote”

1 Like

I just went to check account creations and we have only had 1 new account created since the poll was posted. So I think we can rest assured that the community is good people.

I do feel I’m not being heard here.

I’m saying ranked choice avoids the endless “what if”. Thats exactly what it is designed to do. Its exactly why its awesome.

4 Likes

I wonder how much help Loomio could be in facilitating decisions like these, as I’ve seen come up a couple times. Not familiar with the software myself, but from what’s been said about it, it could help.

4 Likes

Thank you for the video, its a very good explanation. I was originally going to make the vote a multi choice poll, I can’t quite remember why I didn’t though.

2 Likes

Great and again, I don’t think we need to redo this poll. I’m bringing up issues for the future.

I disagree, I think we have some great options for mitigating this. You checking accounts created after the poll is already an awesome first step: “you must have an account created before the poll started in order to vote” could be a great policy that mitigates the temptation to create a new account for a vote on a topic someone feels very strongly about.

Another could be “you need at least 10 hearts from members who already have voter-status”. I can go make 10 burner accounts, but its a lot harder to make 10 burner accounts, make posts from all of them, and collect 10 hearts for the first one, 9 for the second one (using burner for the 10th), 8 for the third, 7 for the fourth … Etc. AND, thats way less of a “temptation” and more like a well-thought out plot by a bad actor, which I think makes it both less likely to happen, and more likely that the bad actor is eventually caught.

Another mitigation could be requring a phone number.

Whatever the policy is, I think Aux should have an official policy. There is the risk that you looked at the new accounts just now and saw “jeff2,jeff3,jeff4,jeff5”. We should solve that BEFORE it happens (while we are small and do have good people) because once it happens, ad-hoc throwing accounts out is a pretty bad and pretty difficult.

This discussion I think warrents a new thread.

1 Like

Done.

This is good but I’m not sure how possible it is to implement. Also this risks making things a popularity contest. Though I’m sure most users will have 10 hearts, its more of a problem if we make this more.

This is probably the best solution we could have.

2 Likes

Agreed. But I think its worth exploring and I’m down to roll my sleeves up and try to figure it out. Discourse has badges/achievements for things as I’m sure you know more than I do. I dont know if theres a way to create a custom “voter status” badge, but if there is then it probably wouldn’t be too hard to add this kind of a system. It might even be nice as a plugin for other discourses to use.

  • Start with a hardcoded list of existing members
  • When an account gets a heart, check if its from voter-status member, and keep a tally
  • If tally reaches 10, add them to voter status list and give them the voter status badge
1 Like

Smart call, we have some custom badges already for those who found the forum before it was annouced.

This might make it possible to have a set of “achievements” for a lack of a better word to lock polls behind.

Yeah kinda like how Stack overflow does it.

Yeah I definitely think it should stay low, and/or we should just avoid it an require a phone number. I don’t like requiring a phone number for privacy reasons, but it might be the best most-easy option.

I’ll probably explore this thread topic more later, but for now I’ll wait for others to throw in their two cents.

1 Like

I really want to avoid phone numbers but maybe 2FA is a good alternative since it makes creating a votable account that bit more of a pain.

2 Likes

Actually I’ve been looking into this! I got some yubikeys recently because I wanted to do website Auth without phone or email, but I wanted banning someone to actually ban them, not just force them make another account.

I specifically wanted more than 2FA; to require that the person need a new physical passkey for each account. I’m 99% sure thats impossible for yubikeys, but keycloak might have that option.

But 2FA is another thing that would add friction

1 Like

this is a solution i was thinking of well but honestly didn’t have the energy to bring up, so thanks for bring this to everyone’s attention! i had a similar experience with MPL and MIT

2 Likes

Generally I think this is a good discussion to have and some sane suggestions.

But I would like to voice strong opposition to phone requirements for anything. Ever.

  • There are a ton of solid reasons for people to both not wanting to share a phone number as well as not being able to.
  • In terms of security it is about as sane as outlawing public service encryption. If you’re determined to bypass, there are plenty of options,
  • Frankly the fact that especially US services seem to treat phone numbers and social security numbers as magic sacred tools of trust is downright insane.
    • As an aside, for the US you can probably file that under “that’s all the security the plebs need”-style lawmaking.

Ahem. Sorry, nitpicking a single line of a long sensible thread there. I’ll go over there now.

12 Likes

Been there done that.

Off-topic aside I think it would be cool if we explored some means of alternative voting.
If not all of us at once we could introduce changes in only one SIG at a time and see how it goes.

I know it is still early but taking care of decision-making early could be crucial. Specially now that a lot of important questions are being asked.

Basic polls have mostly worked so far but we’re already encountering some problems with them…

Also, my issues run a bit deeper: we lack some sort of “regulation” on how to make democratic decisions. We’re a few and, I would believe, with good will so things are not getting chaotic or anything similar. I’m aware of the roadmap listing some info about governance but I find it insufficient.

If not yet ready for a full blown constitutional regulation we could work (or ducktape together) a set of provisional project wide rules and/or recommendations regarding those and other matters.

2 Likes

Yup, phone numbers are not happening. Period.

12 Likes

I’m not sure about the title of the post and content of the first pot, but I created a thread to talk about using appropriate software for this very issue Suggestion to consider loomio for decision making

It doesn’t have to be Loomio as suggested in the linked post, but IMO using discourse for making decisions is a surefire way to repeat the way the nixos community makes decisions, which I perceive to be a mistake. Instead of bending discourse to do what need it to do, why not use software made exactly for what we’re trying to do?

Edit: Loomio also supports ranked choice voting.

3 Likes