Re: DDG Tasks Bug Bounty Proposal

Steve Dougherty writes: > I don't think anyone is proposing that new developers get push access > or bypass review by existing developers. We're all in agreement that > it would not be acceptable. Matthew's question of how to avoid long > review delays doesn't have a great

Re: DDG Tasks Bug Bounty Proposal

I don't think anyone is proposing that new developers get push access or bypass review by existing developers. We're all in agreement that it would not be acceptable. Matthew's question of how to avoid long review delays doesn't have a great answer; I can't think of anything beyond keeping the

Re: DDG Tasks Bug Bounty Proposal

On Tuesday, May 09, 2017 09:12:21 AM x...@freenetproject.org wrote: > On Monday, May 08, 2017 04:57:10 PM Ian wrote: > > There is also a trust issue, since we would probably need to give them > > access to source repos and other things - and it would be irresponsible to > > do that with someone we

Re: DDG Tasks Bug Bounty Proposal

On Monday, May 08, 2017 08:29:45 PM Matthew Toseland wrote: > Having said that, review capacity has been a problem in the past. My > purge-db4o work was delayed for an entire year, for example. How can we > minimise this? Just because our existing core contributors with review privileges aren't

Re: DDG Tasks Bug Bounty Proposal

If the USA would consider paying anonymous people money laundering then I'd agree that we shouldn't risk this. Nevertheless you raised an interesting issue which will also be relevant to non-anonymous employees, I'd like to say something about it: On Monday, May 08, 2017 04:57:10 PM Ian wrote:

Re: DDG Tasks Bug Bounty Proposal

On 08/05/17 18:21, Steve Dougherty wrote: > Original Message > Subject: Re: DDG Tasks Bug Bounty Proposal > Local Time: May 8, 2017 1:09 PM > UTC Time: May 8, 2017 5:09 PM > From: free...@nullvoid.me > To: devl@freenetproject.org > > Can you provide th

Re: DDG Tasks Bug Bounty Proposal

Original Message Subject: Re: DDG Tasks Bug Bounty Proposal Local Time: May 8, 2017 1:09 PM UTC Time: May 8, 2017 5:09 PM From: free...@nullvoid.me To: devl@freenetproject.org Can you provide the minimum identification requirements to be able to get a bug bounty from FPI? If you

Re: DDG Tasks Bug Bounty Proposal

you rather that we engage individual non-proven developers one at a time > and offer them lump sums for merged code instead? That would make setting a > deadline reasonable, at least, which would be nice. > > > > Original Message > Subject: Re: DDG Tasks B

Re: DDG Tasks Bug Bounty Proposal

? That would make setting a deadline reasonable, at least, which would be nice. Original Message Subject: Re: DDG Tasks Bug Bounty Proposal Local Time: May 6, 2017 3:46 PM UTC Time: May 6, 2017 7:46 PM From: i...@locut.us To: devl@freenetproject.org Interesting idea, but isn't

Re: DDG Tasks Bug Bounty Proposal

On Saturday, May 06, 2017 05:53:31 AM Steve Dougherty wrote: > To my understanding, at least currently xor does not want FPI to pay him for > his work. Yes, I'm only temporarily not available for hire as I've decided to instead work for free for some months, see [1]. Once this is finished I

Re: DDG Tasks Bug Bounty Proposal

for merged code instead? That would make setting a deadline reasonable, at least, which would be nice. Original Message Subject: Re: DDG Tasks Bug Bounty Proposal Local Time: May 6, 2017 3:46 PM UTC Time: May 6, 2017 7:46 PM From: i...@locut.us To: devl@freenetproject.org

Re: DDG Tasks Bug Bounty Proposal

That is a general disadvantage to bounties, yes, but we are not in a situation where there are known-qualified developers with time available to be paid hourly for these things. Original Message Subject: Re: DDG Tasks Bug Bounty Proposal Local Time: May 6, 2017 3:46 PM UTC

Re: DDG Tasks Bug Bounty Proposal

Interesting idea, but isn't there a danger of duplicated effort with this approach? It would be annoying to put a bunch of work into something only to be beaten to the finish line by someone else. From a developer's perspective that would add to the risk and may be a disincentive to try. On

Re: DDG Tasks Bug Bounty Proposal

On 06/05/17 14:11, Freenet wrote: > Could this be solved by paying a known third party? Such as bountysource > or something? > > And from there the developer who creates the patch could still remain > anonymous and gain the funds? Bountysource FAQ: > As part of the cash out process we require a

Re: DDG Tasks Bug Bounty Proposal

Could this be solved by paying a known third party? Such as bountysource or something? And from there the developer who creates the patch could still remain anonymous and gain the funds? Matthew Toseland: > On 06/05/17 10:53, Steve Dougherty wrote: >> Hi everyone, >> >> To my understanding, at

Re: DDG Tasks Bug Bounty Proposal

On 06/05/17 12:36, Matthew Toseland wrote: > On 06/05/17 10:53, Steve Dougherty wrote: >> Hi everyone, >> >> To my understanding, at least currently xor does not want FPI to pay him for >> his work. Some developers on FMS have proposed bug bounties - say, $1000 - >> for completing a task like

Re: DDG Tasks Bug Bounty Proposal

On 06/05/17 10:53, Steve Dougherty wrote: > Hi everyone, > > To my understanding, at least currently xor does not want FPI to pay him for > his work. Some developers on FMS have proposed bug bounties - say, $1000 - > for completing a task like "fix Windows tray / installer to work with 64-bit >

DDG Tasks Bug Bounty Proposal

Hi everyone, To my understanding, at least currently xor does not want FPI to pay him for his work. Some developers on FMS have proposed bug bounties - say, $1000 - for completing a task like "fix Windows tray / installer to work with 64-bit Java." This would be in a "first to get reviewed and