Subject: Re: Bug Bounties. Making $ from bugzilla.
From: "Karsten M. Self" <>
Date: Sun, 25 Nov 2001 12:48:32 -0800
Sun, 25 Nov 2001 12:48:32 -0800
on Sun, Nov 25, 2001 at 11:10:54AM -0800, Ian Lance Taylor ( wrote:
> "Jonathan S. Shapiro" <> writes:
> > If I recall correctly, it was the experience of Cygnus that most patches
> > supplied were undesirable, in that they tended to point the way toward the
> > right solution but were not themselves the right solution. I have a vague
> > recollection that Mike or John Gilmore told me at one point that there were
> > only 10 or 15 outside people whose patches they found could routinely just
> > be applied. This leads me to wonder what quality level the bug bounty could
> > generate.
> That is true, except that when I was at Cygnus there weren't even as
> many as 10 or 15 outside people who submitted high quality patches.
> There were maybe 5.
> This was in part due to the nature of the programs at Cygnus:
> primarily compilers and debuggers.  They are not projects which lend
> themselves to splitting up comprehension among a large number of
> people.  For example, you can write an Emacs lisp program which adds a
> useful feature without understanding many other Emacs lisp programs.
> But when working on a compiler or debugger, you pretty much do have to
> understand the full array of data structures and interdependencies.
> You can split based on processor, and you can split on front end
> vs. back end, but the chunks you are left with are large.

I think this situation may be more common to software development than
is generally realized.

In any field, there is a top cadre of a relatively small number of
widely recognized top-flight developers.  It may be five, it may be a
few score.  But it's small.  I've seen this across a range of free
software  and  proprietary software fields, as well as other

The issue isn't so much finding a large mass of developers, as getting
the small amounts of skill in touch with one another.  The advantage
free software has over proprietary development is this:  while in some
cases some large firms can hire a bulk of talent in a proprietary field,
the typical firm may have only one or two such developers, and may be
lucky to settle for second or third tier expertise.  In the free
software model, most of the top talent is in close contact, and isn't
overly encumbered in communicating with other developers by corporate
confidentiality and liability restrictions.  This is the "free software
development as virtual think tank" concept.

Cygnus probably employed a lion's share of top GNU development at the
time it existed independently (Ian can speak to this better than I), but
not all of it.  The five outsiders were essentially virtual on-tap
consultants for the company.

The interesting question then becomes:  why did these five contribute to
Cygnus's effort?  I've got my own thoughts, they're largely theoretical,
might be interesting for Ian (or some of the five if they're reading) to
tell his side of the story. 


Karsten M. Self <>
 What part of "Gestalt" don't you understand?             Home of the brave                   Land of the free
   Free Dmitry! Boycott Adobe! Repeal the DMCA!
Geek for Hire           

["application/pgp-signature" not shown]