[OPEN-ILS-GENERAL] Bug bounties

Tim Spindler tjspindler at gmail.com
Tue Jul 30 18:52:49 EDT 2013


I generally like the idea and support but would have the same concerns as
Dan Scott.  I don't have a solution either.

Tim Spindler
C/W MARS

On Tuesday, July 30, 2013, Rogan Hamby wrote:

> I think I know the Dilbert cartoons you speak of and none of us want those
> scenarios!  Wally made a fortune....
>
> Anyway, I think those are valid concerns and concerns I have as well but
> I'd like to see what Kathy comes up with for a proposal.  I don't think we
> have the resources to offer more than a minimal award so I would hope that
> potential financial gain would be a big factor.  And unlike Wally hopefully
> no one would create bugs just to fix them later.  :)
>
> Also, in the spirit of it being largely symbolic, as Ruth points out, in a
> discussion off list about swag the idea has been thrown out to use some
> kind of swag.  I'm personally amused at the idea of a t-shirt that says
> "Bug Killer"
>
>
>
> On Tue, Jul 30, 2013 at 5:48 PM, Dan Scott <dan at coffeecode.net<javascript:_e({}, 'cvml', 'dan at coffeecode.net');>
> > wrote:
>
>> On Tue, Jul 30, 2013 at 05:35:04PM -0400, Rogan Hamby wrote:
>> > I haven't heard any dissents and at least two in favors of (you and I)
>> so
>> > in the spirit of a meritocracy I would say Kathy that at the least if
>> you
>> > want to come up with a model of how to handle it, go ahead and let's
>> start
>> > poking at the details.
>> >
>> > I won't derail things with my wishlist for accessibility.  :)
>> >
>> > I agree that wishlist bugs shouldn't be on the list.
>>
>> Okay, I'll offer a conditional dissent then. I worry that the
>> introduction of financial incentives will disrupt the contributor
>> ecology. As soon as money is in the picture, all sorts of interesting
>> side effects can occur.
>>
>> For example, will this act as a disincentive for open communication
>> and collaboration about potential alternatives for fixing a bug (because
>> potential fixers jealously guard their approaches from one another)?
>> Will it reduce the interest of current developers in providing
>> assistance to new contributors? Will it introduce difficulties in trying
>> to divvy up credit for bug fixes? Do reviewers of bug fixes get any
>> share of the cash? Do reporters of bugs who provide reproducible test
>> cases get any share of the cash? Is there any requirement to providing
>> regression tests (to prevent the bug from ever rearing its head again)
>> as part of the bug fix? Will contributors of new functionality bury bugs
>> they know about in the interest of getting paid twice, once for the new
>> functionality, and then later for the bug fixes?
>>
>> My conditional dissent would like some examples of projects where bug
>> bounties have actually worked. The examples that I've seen have focused
>> on reporting security vulnerabilities. If there are a few solid cases
>> out there that can serve as a model for us, then I would turn my dissent
>> into cautious assent.
>>
>> It could be that I've just read one too many Dilbert cartoons...
>>
>
>
>
> --
>
> Rogan Hamby, MLS, CCNP, MIA
> Managers Headquarters Library and Reference Services,
> York County Library System
>
> "You can never get a cup of tea large enough or a book long enough to suit
> me."
> -- C.S. Lewis <http://www.goodreads.com/author/show/1069006.C_S_Lewis>
>


-- 
Tim Spindler
tjspindler at gmail.com

*P**   Go Green - **Save a tree! Please don't print this e-mail unless it's
really necessary.*
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://libmail.georgialibraries.org/pipermail/open-ils-general/attachments/20130730/38cad81e/attachment.htm>


More information about the Open-ils-general mailing list