You didn't ask this directly but I wanted to explicitly describe how the CoCo election was conducted beyond the trustees.
First, a new gmail account,
astropy.coco.e...@gmail.com, was created so that it could be used to create the election in helios. Erik Tollerud and I had the initial password for this account.
A day before the election was to begin, I set the election up in helios using this new gmail account by transferring candidate statements from the discourse server to helios. I set the display of names to be randomized for each voter.
Arliss Collins from NumFOCUS is serving as the Returns Officer for the election -- a Returns Officer is required for the CoCo election under APE0. On the evening of August 17, we (the governance group) handed off the google account and hence the CoCo vote to Arliss, with a request that the google account password be changed so that we would have no access to the email or to the administrative view of the election.
Note that Arliss is not acting as trustee -- the trustee is the helios server.
The administrator of an election can see who has voted but not how they voted. Arliss is the only one who can see that for this election.
Arliss will take care of asking helios to calculate the encrypted tally, then to decrypt the tally, and then share the results.
Thanks again for asking the questions -- I'm sure other people may have had similar questions about helios and/or how the election was conducted.
We will bring forward a set of minor suggested changes to APE0 based on the experience with the initial elections.
Thanks,
Matt Craig on behalf of the governance working group