Subject: Re: Bug Bounties. Making $ from bugzilla.
From: (Kevin A. Burton)
Date: 25 Nov 2001 19:59:30 -0800

Hash: SHA1

"Stephen J. Turnbull" <> writes:

> >>>>> "Kevin" == Kevin A Burton <> writes:
>     Kevin> The system supports microscopic issues as opposed to
>     Kevin> macroscopic issues.  SXC really tried to fix HUGE problems
>     Kevin> (port XEmacs to GTK, etc).
> But that wasn't a huge problem in an economic sense; it would have been done
> anyway (within a year or two, which is "soon" by the standards of Emacs
> release cycles).  That was a _business_ problem, Bob Weiner needed that port
> yesterday, and perhaps paid with his company for lack of timeliness.

The GTK port still hasn't made it into a stable XEmacs :).  (last I checked it
was in CVS and slated for the next release)

This was a big issue...  IMO.

Most of the other SXC projects were right along this line.

> I think the scale of sXc was forced not by the desire to fix big problems, but
> by the fact that to generate enough revenue per contract to be
> self-supporting, ie, cover the transaction costs, it needed to generate big
> contracts.

True.  But not all good ideas are profitable.

I haven't said that the Bug Bounty system would be profitable.  I think that it
is needed to make profit for some independent developers though.

> I don't see how this system gets around that.

For starters... SXC doesn't exist anymore.

Second a decent and OPEN site that didn't require human intervention would
really take off.

>     Kevin> We fix bugs AND RFEs.
> Getting bugs fixed, now that's a _huge_ problem.  "Herding cats," "pulling
> teeth."  As an XEmacs maintainer, I can confirm that I see very few
> high-quality fixes as one-offs.  And I don't get paid for the fixes; I'm not
> about to give a bad patch an easy time because somebody else might get paid
> for it!

I agree.  

> But it's hard to get good patches even from the regulars if it's not on what
> _they_ perceive as the critical path.

It might be the critical path to pay the bills...

> It seems that for a project like XEmacs, this would just result in (a) beer
> money for some of the regulars and (b) even more scarcity of talent willing to
> work to the long term plan.

Maybe it would be just beer money.  Of course anything > $0.0 would be great
for some people.

I mean I fix things for good of it but it would be nice to see some economic

> This points to another real incentive problem, too.  I don't deliberately
> introduce bugs into XEmacs.

... :)

> I don't think that's a problem in any OSS project.  But there's no need to.
> There are enough "bugs" (as perceived by the user base) that I can demote a
> few thousand to "fix by 2100" status, even though I know how to fix them.  I
> think others are more important, important enough to spend time on diagnosis
> and design etc rather than fixing what I know how to deal with.

Maybe important to *you* but user could speak with their wallet.  A $100 bounty
on a bug might convince you to work on it.

> However, it would be easy to pull a few of those minor bugs off the
> shelf in time for Christmas.  But this would not be good for the
> project.  IMO, as maintainer, anyway.
>     Kevin> ... etc.
> Now that, I agree with wholeheartedly.
> Your proposal _can_ work.  But only if somebody works _hard_ on mediating
> between would-be fixers and overworked maintainers.

Perhaps one of the responsibilities would be to deliver the fix into a STABLE
version of a product.  In some cases just a *fix* wouldn't count and before
getting paid you would have to talk to the maintainer about getting it
integrated and into the next release.

> It's not something that can be addressed with a pile of software and a few
> rules of payment.  It's _people_ work.  And it's _technical_ too, so the
> principal has to be multi-talented.  And it's _retail_, so I doubt it will be
> very profitable.

I obvously don't know anything about profit. :)


- -- 
Kevin A. Burton (,,
             ) Location - San Francisco, CA, Cell - 415.595.9965 Jabber -
   , Web -


 -- Perl version of DeCSS.  
Version: GnuPG v1.0.6 (GNU/Linux)
Comment: Get my public key at: