I see stories about how election is rigged or that there are security vulnerabilities and lots of people don’t believe the outcome. Why don’t they just open source everything so that anyone can look at the code and be sure the votes are tallied correctly?
How do you know that what’s open sourced is what’s installed and running? Someone should verify it and then you’ll have to trust that person as well.
That’s a very easily solved problem. You generate a code-signing certificate (already used all over the place, and why Windows occasionally tells you that software “isn’t trusted”).
You then verify that certificate in the presence of observers from all parties. At the same time that you verify the anti-tamper tags on the ballot boxes.
The parties only have to trust the person they assigned as an observer.
Both open and closed source software share this problem, so this doesn’t really answer the question.
I meant to say that open sourcing doesn’t make it immediately trustworthy. You have to place the trust somewhere. If you can’t trust that the open sourced code is what’s running, it is effectively the same as running closed source software.
This still adds another moving part to duping people. It’s much, much easier to independently verify the software if it’s open source.