Jenkins Elections Process Question

48 views
Skip to first unread message

Slide

unread,
Sep 21, 2020, 11:15:50 AM9/21/20
to jenkin...@googlegroups.com
Hi Everyone,

The Jenkins Governance Board Elections Committee is currently implementing the process which has been defined for Governance Board and Officer Elections. As part of this, we are creating the form that will be used for signing up to participate in the elections. We need to collect email addresses as part of the process. We are using a Google Form for the sign-up and it provides a mechanism to collect email addresses, but it requires users to login to a Google account when using the Google Forms mechanism. It does allow us to reduce the possibility of duplicate voting. We will not keep the data after the voting. Another option would be to just have a short text input that accepts an email address and we would collect it that way. We would like the opinions of those on this list to determine whether this is acceptable or not. We need the email addresses in order to communicate if there are issues in the contribution information as well as to add the folks to the Condorcet vote. 

Please let us know ASAP your thoughts on this.

Regards,

Alex Earl

Marky Jackson

unread,
Sep 21, 2020, 11:17:55 AM9/21/20
to Jenkins Developers
I am +1 for google form

--
You received this message because you are subscribed to the Google Groups "Jenkins Developers" group.
To unsubscribe from this group and stop receiving emails from it, send an email to jenkinsci-de...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/jenkinsci-dev/CAPiUgVer2x2iug%2BCFNoJkyQDmPoQt_BZyTukijGTnSjezJp2eA%40mail.gmail.com.

signature.asc

Slide

unread,
Sep 21, 2020, 12:24:26 PM9/21/20
to jenkin...@googlegroups.com
Just to clarify, the two options are

1) Use Google Forms built-in method for collecting email addresses, this requires a Google Account
2) Use a short text input in the Google Form to collection email addresses, this does NOT require a Google Account



--

Richard Bywater

unread,
Sep 21, 2020, 4:15:23 PM9/21/20
to jenkin...@googlegroups.com
Personally I don't think we should be forcing people to sign up for third-party services just to be able to vote on Jenkins related matters. There may be good reasons that people have for not wanting to create a Google account.

Richard. 

--

Oleg Nenashev

unread,
Sep 22, 2020, 6:28:10 AM9/22/20
to Jenkins Developers
>   it requires users to login to a Google account when using the Google Forms mechanism. It does allow us to reduce the possibility of duplicate voting.  

Apart from duplicate voting, it also prevents from submitting voting sign-up forms for other individuals. If we do not use a Google account or any other authentication service, anyone will be able to submit a form for anyone else, including doing submissions for participants who may not want their emails to be stored and who do not want to receive communications from the Jenkins project. It increases the risk of abuse for the voting sign-up system.

We do not want to rely solely on Jenkins LDAP, but I think we need some kind of identity management. Google Auth could bridge the gap, as one of the options we can rollout quickly. We de-facto require it for many other contribution areas.

Best regards,
Oleg

Mark Waite

unread,
Sep 22, 2020, 1:00:53 PM9/22/20
to jenkinsci-dev
On Tue, Sep 22, 2020 at 4:28 AM Oleg Nenashev <o.v.ne...@gmail.com> wrote:
>   it requires users to login to a Google account when using the Google Forms mechanism. It does allow us to reduce the possibility of duplicate voting.  

Apart from duplicate voting, it also prevents from submitting voting sign-up forms for other individuals. If we do not use a Google account or any other authentication service, anyone will be able to submit a form for anyone else, including doing submissions for participants who may not want their emails to be stored and who do not want to receive communications from the Jenkins project. It increases the risk of abuse for the voting sign-up system.

We do not want to rely solely on Jenkins LDAP, but I think we need some kind of identity management. Google Auth could bridge the gap, as one of the options we can rollout quickly. We de-facto require it for many other contribution areas.


I think we should use Google Auth to bridge the gap as you've suggested.
 
Best regards,
Oleg



On Monday, September 21, 2020 at 10:15:23 PM UTC+2 Richard Bywater wrote:
Personally I don't think we should be forcing people to sign up for third-party services just to be able to vote on Jenkins related matters. There may be good reasons that people have for not wanting to create a Google account.

Richard. 

On Tue, 22 Sep 2020, 3:15 AM Slide, <slide...@gmail.com> wrote:
Hi Everyone,

The Jenkins Governance Board Elections Committee is currently implementing the process which has been defined for Governance Board and Officer Elections. As part of this, we are creating the form that will be used for signing up to participate in the elections. We need to collect email addresses as part of the process. We are using a Google Form for the sign-up and it provides a mechanism to collect email addresses, but it requires users to login to a Google account when using the Google Forms mechanism. It does allow us to reduce the possibility of duplicate voting. We will not keep the data after the voting. Another option would be to just have a short text input that accepts an email address and we would collect it that way. We would like the opinions of those on this list to determine whether this is acceptable or not. We need the email addresses in order to communicate if there are issues in the contribution information as well as to add the folks to the Condorcet vote. 

Please let us know ASAP your thoughts on this.

Regards,

Alex Earl

--
You received this message because you are subscribed to the Google Groups "Jenkins Developers" group.
To unsubscribe from this group and stop receiving emails from it, send an email to jenkinsci-de...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/jenkinsci-dev/CAPiUgVer2x2iug%2BCFNoJkyQDmPoQt_BZyTukijGTnSjezJp2eA%40mail.gmail.com.

--
You received this message because you are subscribed to the Google Groups "Jenkins Developers" group.
To unsubscribe from this group and stop receiving emails from it, send an email to jenkinsci-de...@googlegroups.com.

Oleg Nenashev

unread,
Sep 22, 2020, 2:01:02 PM9/22/20
to JenkinsCI Developers
As an additional mitigation, we can also add a "send a sign-up email to jenkins-2020-elections@googlegroups" fallback process to the announcement. It will definitely help contributors in areas where Google services are blocked

You received this message because you are subscribed to a topic in the Google Groups "Jenkins Developers" group.
To unsubscribe from this topic, visit https://groups.google.com/d/topic/jenkinsci-dev/pzDc62So6xM/unsubscribe.
To unsubscribe from this group and all its topics, send an email to jenkinsci-de...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/jenkinsci-dev/CAO49JtFVHGcagjz9ejMMwP027_30bjfQ_XUV6UZVXY-ASriamg%40mail.gmail.com.

Gavin Mogan

unread,
Sep 22, 2020, 2:12:34 PM9/22/20
to Jenkins Developers
> jenkins-2020-elections@googlegroup
> It will definitely help contributors in areas where Google services are blocked

Wouldn't it make sense for the fallback email to be something other than google then?

cd.foundation is using mailgun (according to MX records), so maybe they could setup jenkins-202...@cd.foundation that forwards to google/the board, so there's no issues.

Gavin

Oleg Nenashev

unread,
Sep 22, 2020, 6:11:37 PM9/22/20
to JenkinsCI Developers
It would make sense, though I am not sure how another email domain would make a difference there. Sending emails to Google addresses is not blocked in China from what I know. CDF might be able to set up an email for us, but I am not sure about timing. If we want to start the sign-up process on Sep 24 as planned, it would be quite a challenge to get the email in time. 

Any thoughts from others?

Olblak

unread,
Sep 23, 2020, 4:07:45 AM9/23/20
to Jenkins Developers ML
We are using a Google Form for the sign-up and it provides a mechanism to collect email addresses, but it requires users to login to a Google account when using the Google Forms mechanism. It does allow us to reduce the possibility of duplicate voting.
It hurts me to say that but we already ask contributors to use a google account to follow discussion happening here so asking people to use their google account to vote shouldn't be a major concerned. But we would have no way to match a google account with a jenkins account...

Otherwise we already have oauth-proxy integrated with our ldap database, so we could write a small application that read the username field from the oauth token generated once we go to something like 'register.jenkins.io'.

IMHO asking people to register to a mailing list like jenkinsci...@googlegroups.com seems the easier and more sustainable solution. We could by default block new registrations during the pre- election period, several weeks before  and we would only accepted people who can show a contribution done before the pre-election period.  

Oleg Nenashev

unread,
Sep 23, 2020, 11:44:49 AM9/23/20
to Jenkins Developers
Unfortunately it is too late to create new service. Its future is also unclear taking the identity management discussions in the infrastructure team.
For now I am going to proceed with creating a new mailing list as a second sign-up way and adjusting the process documentation accordingly.

Oleg Nenashev

unread,
Sep 24, 2020, 6:06:44 AM9/24/20
to Jenkins Developers
Hi all,


Changes summary from yesterday:
  • I have documented the alternate sign-up flow here: https://github.com/jenkins-infra/jenkins.io/pull/3762
  • I have enabled it in the sign-up form for now, but I am ready to rollback if there are concerns. 
  • I also enforced sending the form confirmation to responders, it might be an additional safety net preventing email tampering.  
Best regards,
Oleg
Reply all
Reply to author
Forward
0 new messages