[Vienna-pm] Vienna.pm Winter of Code

Nicholas Clark nick at ccl4.org
Mon Nov 5 08:43:37 PST 2007

[sorry, more English replies]

On Tue, Oct 30, 2007 at 10:43:57AM +0100, Thomas Klausner wrote:

> 2) Bounties
> Wir ueberlegen uns Dinge, die wir gerne implementiert haette, und 
> versehen sie mit einem "Preisschild". Wer eines der Projekte umsetzten 
> will, meldet sich, und wenn wir glauben, dass die Person(en) in der Lage 
> ist, das Projekt umzusetzten, geben wir das OK.
> Je nach Groesse der Bounty wird ein Teil des Geldes nach einem 
> Zwischenbericht ausbezahlt
> Pot. Probleme:
> - Zu grosste Projekte (SOAP!!), deren Erreichung schwer zu ueberpruefen ist.
> - Das definieren von Bouties kann kompliziert/muehsam sein

I thought about this for a while, and had an idea that I've not been able to
implement yet, that might solve some of the troubles with bounties for a
subset of the things that they can be applied to - test driven bug bounties.

Specifically, have bug bounties that are attached to specified TODO tests for
the software in question. The bounty gets paid out when a patch is applied
that makes the TODO test pass. Generally the people wanting to place a
bounty also have to supply the TODO test(s).

It doesn't solve all problems, and I suspect that it's more useful for an
ongoing bug bounty program where motivation and resources come from end
users.  But what it does solve, I feel, are:

* No extra work for the maintainers of the software.
  [They don't even have to be running or adjudicating the scheme]

* Very clear objective criteria for when a bounty is completed

* Very clear "spec" of what is wanted

* No contradiction between aims of the bounties, and the aims of the
  maintainers of the software [because you can't place a bounty until the
  TODO test is accepted by the software's maintainers. For a more general
  bounty scheme you run the risk of someone placing a bounty on work that
  they want done, someone else doing it, and the maintainers going "hey, hang
  on, that's not a good idea". And there's not good solution to that impasse]

* It gets people writing regression tests

This was really for dealing with routine bugs, so I was thinking that tasks
and bounties wouldn't be that huge (say 100 - 250 euros, tasks might take an
evening to a weekend to complete)

There are more general benefits of a bug bounty scheme:

Offering bounties may well suck new developers into a project.

Allowing people/firms to place money as rewards for bounties lets them
directly vote for which bugs are important to them. Clearly this isn't quite
relevant here, as you're talking about bounties funded from existing money,
rather than creating a scheme where people can also put money in.

I'd hope that an active bounty scheme, where people get to create bounties,
as well as create them, would encourage feedback and make people more
enthusiastic about the project. But I'm not sure how on topic that is for

Nicholas Clark

More information about the Vienna-pm mailing list