Subject: Bug Bounties. Making $ from bugzilla.
From: (Kevin A. Burton)
Date: 25 Nov 2001 01:59:14 -0800

Hash: SHA1


Just thinking off the top of my head.  Has anyone talked about this before?  I
am sure I am not the first...

Alice needs a bug fixed in her favorite OSS project.  Alice and Bob don't know
each other but Bob knows a LOT about that project and could fix the bug in a few
minutes but he has other things that are more important....

Alice logs into the Bug Bounty system (theoretical name only of course) and
posts a $20 bounty into the system which holds it in escrow.

It turns out that a lot of other people agree so Carol puts in another $20.

Bob logs into the Bug Bounty system, sees the bounty, fixes the bug and uploads
the patch.

A 3rd party logs in to the system to approve the bounty (it is approved), Alice
and Carol get the patch integrated into the next version upgrade (in a few
weeks) and Bob gets the $40.00.

... of course the devil is in the details. :)

The 3rd party would have to be paid.  Maybe an agreed percentage.  If Bob has a
good reputation maybe he wouldn't need the 3rd party.

Thoughts?  Criticism?

I agree this is similar to SourceExchange, et al but there is one difference,
this is directly related around users and developers, not companies.


- -- 
Kevin A. Burton (,, )
             Location - San Francisco, CA, Cell - 415.595.9965
        Jabber -,  Web -

Learn from other people's mistakes, you don't have time to make your own.

Version: GnuPG v1.0.6 (GNU/Linux)
Comment: Get my public key at: