[OPEN-ILS-GENERAL] Bug bounties

Rogan Hamby rogan.hamby at yclibrary.net
Tue Jul 30 18:49:16 EDT 2013


I think I know the Dilbert cartoons you speak of and none of us want those
scenarios!  Wally made a fortune....

Anyway, I think those are valid concerns and concerns I have as well but
I'd like to see what Kathy comes up with for a proposal.  I don't think we
have the resources to offer more than a minimal award so I would hope that
potential financial gain would be a big factor.  And unlike Wally hopefully
no one would create bugs just to fix them later.  :)

Also, in the spirit of it being largely symbolic, as Ruth points out, in a
discussion off list about swag the idea has been thrown out to use some
kind of swag.  I'm personally amused at the idea of a t-shirt that says
"Bug Killer"



On Tue, Jul 30, 2013 at 5:48 PM, Dan Scott <dan at coffeecode.net> wrote:

> On Tue, Jul 30, 2013 at 05:35:04PM -0400, Rogan Hamby wrote:
> > I haven't heard any dissents and at least two in favors of (you and I) so
> > in the spirit of a meritocracy I would say Kathy that at the least if you
> > want to come up with a model of how to handle it, go ahead and let's
> start
> > poking at the details.
> >
> > I won't derail things with my wishlist for accessibility.  :)
> >
> > I agree that wishlist bugs shouldn't be on the list.
>
> Okay, I'll offer a conditional dissent then. I worry that the
> introduction of financial incentives will disrupt the contributor
> ecology. As soon as money is in the picture, all sorts of interesting
> side effects can occur.
>
> For example, will this act as a disincentive for open communication
> and collaboration about potential alternatives for fixing a bug (because
> potential fixers jealously guard their approaches from one another)?
> Will it reduce the interest of current developers in providing
> assistance to new contributors? Will it introduce difficulties in trying
> to divvy up credit for bug fixes? Do reviewers of bug fixes get any
> share of the cash? Do reporters of bugs who provide reproducible test
> cases get any share of the cash? Is there any requirement to providing
> regression tests (to prevent the bug from ever rearing its head again)
> as part of the bug fix? Will contributors of new functionality bury bugs
> they know about in the interest of getting paid twice, once for the new
> functionality, and then later for the bug fixes?
>
> My conditional dissent would like some examples of projects where bug
> bounties have actually worked. The examples that I've seen have focused
> on reporting security vulnerabilities. If there are a few solid cases
> out there that can serve as a model for us, then I would turn my dissent
> into cautious assent.
>
> It could be that I've just read one too many Dilbert cartoons...
>



-- 

Rogan Hamby, MLS, CCNP, MIA
Managers Headquarters Library and Reference Services,
York County Library System

"You can never get a cup of tea large enough or a book long enough to suit
me."
-- C.S. Lewis <http://www.goodreads.com/author/show/1069006.C_S_Lewis>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://libmail.georgialibraries.org/pipermail/open-ils-general/attachments/20130730/bcbfe2eb/attachment-0001.htm>


More information about the Open-ils-general mailing list