Settle on a voting solution

[achrinza]

Currently, there's no documented consensus on how a vote among the LoopBack TSC members should occur (i.e. how to cast a vote). In the past, we have used GitHub Teams Discussions and GitHub Issues Reactions. However, non of these meet the following requirements:

• Authenticity: The authorisation to vote is only restricted by GitHub authentication. Requiring a PGP-signed Git Commit may be more resilient against account takeovers.
• Secrecy during voting process: The votes are visible to other TSC members, which may sway their own votes.
• Immutability: The votes can be modified after the voting itself has concluded. This is in part because the TSC members are delegated the GitHub Organisation Admin role, which means that locking a GitHub Issue does not prevent votes changes.
• Vote tabulation UX: For GitHub Issue-based voting, there's nothing preventing non-TSC members from "casting a vote". This mean that tabulation would require filtering through the noise (e.g. through the use of the GitHub API).

This issue is to aid in discussing and deciding on a more robust solution.

Prior art

• Caritat
  • Used by the Node.js TSC for recent votes (e.g. Vote on prefix-only core modules nodejs/TSC#1206) Ongoing discussion: [meta] settle on a voting solution nodejs/TSC#1165
  • Git-based workflow
  • Does not require new infrastructure
• CIVC (alt. website)
  • Web-based workflow
  • Third-party hosted websites available (see links above); Self-hosted also an option.
  • Used for Cloud Foundry TOC elections
  • Prev. used for Kubernetes elections (prior 2021).
• Elekto
  • Web-based workflow
  • Requires self-hosting
  • Intended to be a replacement for CIVC
  • Currently being tabled by Cloud Foundry for their upcoming TOC election: Propose using Elekto as the system for the 2022 TOC election cloudfoundry/community#282
  • Used in Kubernetes 2021 elections: https://github.com/kubernetes/community/blob/9cc5dc80174d04a7d05f4c4fb387f9efea167c5b/events/elections/2021/README.md
    K8's problem statement: Create app for holding Steering elections using only github auth kubernetes/community#5096
• Google Forms (or equivalent)
  • Web-based workflow
  • Used in OpenJS Foundation Board Seat Election (e.g. CPC Board Seat: Election Information and Call for Nominations openjs-foundation/cross-project-council#859)

All of the listed solutions utilise the Condorcet election method.

Except Caritat, all of the solutions do not provide any method to validate the authenticity of the results.