Subject: Re: Bug Bounties. Making $ from bugzilla.
From: "Stephen J. Turnbull" <stephen@xemacs.org>
Date: 26 Nov 2001 15:01:54 +0900

>>>>> "Kevin" == Kevin A Burton <burton@openprivacy.org> writes:

    Kevin> The GTK port still hasn't made it into a stable XEmacs :).

I take it you haven't checked since April 15th.[1]

    Kevin> (last I checked it was in CVS and slated for the next
    Kevin> release)

Slated for next release is "official support" == "maintainer asks the
regulars to work on GTK bugs before they work on personal projects."
GTK is not likely to be the default on any platform for the forseeable
future; too many people use XEmacs in a multi-display configuration,
which GTK cannot support.

But not in the next release, I don't think.  Not unless Bill comes
back in a big way, or we get some fresh blood to work on it.  I do
plan to call for proposals _specifically_ on making the GTK port
complete and stable enough to be "officially supported" (in the sense
above).  I think it unlikely, based on current list traffic, that I'll
get realistic plans attached to willingness to do the work.

    Kevin> Second a decent and OPEN site that didn't require human
    Kevin> intervention would really take off.

You and I evidently have drastically different assessments of the
degree of human intervention required.  Consider the issue of
"realistic plans" mentioned above, and the dual issue of salving hurt
bounty-hunter feelings, alluded to below.

BTW, what was un-OPEN about sXc or Cosource.com?

    >> But it's hard to get good patches even from the regulars if
    >> it's not on what _they_ perceive as the critical path.

    Kevin> It might be the critical path to pay the bills...

XEmacs itself has no bills, and I don't want the regulars on piece
rate.  We've had enough problems when we've had people on salary.  The
problem is not getting patches from the regulars.  It's getting good
ones, when they don't expect to work on the subsystem being patched
before somebody else does the next massive reengineering of it.

    Kevin> Maybe important to *you* but user could speak with their
    Kevin> wallet.  A $100 bounty on a bug might convince you to work
    Kevin> on it.

I already said that it very well might.  Let me repeat myself (3rd
time, actually, you quoted it too):

    >> However, it would be easy to pull a few of those minor bugs off
    >> the shelf in time for Christmas.  But this would not be good
    >> for the project.  IMO, as maintainer, anyway.

That "IMO" is _not_ just my personal agenda.  (Admittedly, as long as
nobody else is publishing one, it's hard to tell "the good of XEmacs"
from "Stephen's blind spots.")  The problem is that most of the
current bugs I know about have pretty obvious fixes.  These obvious
fixes regularly (0) are buggy in themselves, which means $10 of QA for
each $1 of fix; (1) conflict with each other; (2) conflict with
similar features in GNU Emacs; (3) add ugliness and unmaintainability
to the code; or (4) gratuitously introduce APIs or UI elements which
we will either have to support or remove to general disapproval.  I
don't want that kind of work done at all, by regulars or bounty
hunters.

The point is that I don't see any way to resolve the conflict of
interest between a user/bounty-hunter coalition who are surely bright
enough to figure out that a $100 fix very well would make things work
the way the user wants them to, and the maintainer who wants $10,000
worth of reverse engineering (which I spend a lot of time on; our docs
are not good enough by far to support bounty hunters), design,
documentation, implementation, and testing to get it done right.

I.e., it won't be resolved without highly skilled human intervention.

    Kevin> Perhaps one of the responsibilities would be to deliver the
    Kevin> fix into a STABLE version of a product.  In some cases just
    Kevin> a *fix* wouldn't count and before getting paid you would
    Kevin> have to talk to the maintainer about getting it integrated
    Kevin> and into the next release.

And how many more XEmacs bugs will you fix for a "maybe $100" after I
once say "no", and you dislike my reasons?  Would you really spend
$100 of your time and emotional energy on getting a $100 bounty patch
past a maintainer who seems intent on making "Beavis and Butthead"
into a threesome?

To make this idea really work, you need to get the maintainers to buy
in to the concept, and fast-track the bounty patches.  You can see I'm
already disposed against it.  I'll listen to counter-arguments, but
so far all of yours have addressed the issue of patch production, not
the QA issues near and dear to this maintainer's heart.

So, do you think my feelings are unlikely to be representative of
maintainers in general?


Footnotes: 
[1]  Try

wget ftp://ftp.xemacs.org/pub/xemacs/xemacs-21.4/xemacs-21.4.0.tar.gz
gunzip -c xemacs-21.4.0-tar.gz | tar xf -
cd xemacs-21.4.0; configure --with-gtk=yes; make
src/xemacs

and see what you get.  Or try it with "s/21.4.0/21.4.5/g".

If you want to quibble over the difference between stable and
"gamma," OK, you got me there.  But otherwise, GTK is in a stable
XEmacs.  By all standards for Linux apps staffed by volunteers only,
except maybe Debian potato :), 21.4 _is_ stable.  "Gamma" is my way of
saying I think we should try harder.

-- 
Institute of Policy and Planning Sciences     http://turnbull.sk.tsukuba.ac.jp
University of Tsukuba                    Tennodai 1-1-1 Tsukuba 305-8573 JAPAN
              Don't ask how you can "do" free software business;
              ask what your business can "do for" free software.