commit 17e6f2c278dbdf0522caefbc7ec1726e9fcaa393 Author: Chris Jerdonek Date: Tue Dec 12 12:27:43 2017 -0800 Answer FAQ questions #2 and #3. diff --git a/_source/faq.md b/_source/faq.md index 14da1fb..fad9724 100644 --- a/_source/faq.md +++ b/_source/faq.md @@ -29,9 +29,32 @@ the secure transmission of information over the internet is open source. **2. How can members of the public be sure that the open-source code is what is actually running on the machine?** -[TODO] +The short answer is that there is no way to be certain that the code +running on a particular device or computer is what one expects it to be +(whether the software is open source or not). This is true even if very +careful measures are taken. This is an extremely hard problem to solve and +is an active area of research. One reason is that there is no way to be +sure that the computer hardware itself can be trusted. + +Having said that, good auditing practices that involve randomly checking +computer results by hand against the original paper ballots are an adequate +counter-measure, provided the audits are done correctly. This is why good +audit procedures are important when computers are used to count ballots. **3. How much of the code must be open source for the voting system to be considered open source?** -[TODO] +Whether something is open source or not is best answered not as a yes or +no question but as a matter of degree. For example, a hardware device could +be 99% open source except for one small bit of proprietary firmware. + +In general, our committee recommends the approach of trying to maximize +the amount of open source -- i.e. the more open source, the better. +There is no fundamental reason why the entire voting system can't be open +source. However, if some portion isn't open source, it is better if that +portion is as small as possible and if it's for optional functionality +rather than required functionality. + +Also, if the eventual system does contain any non-open source code, in +the spirit of agile, one could work to replace that code with an open source +equivalent in later versions of the system.