Bounty

Post Reply
e234679
Posts: 15
Joined: Tue Feb 04, 2014 5:11 am
os: windows

Bounty

Post by e234679 »

I will match peoples' pledges for a bounty 5-to-1, up to $1000 worth of Namecoin, for anyone that can find a critical bug as bad as the one in December.

Someone pledges $5, I match with $25.
Total pledges equal $200, I commit $1000, $1200 total at that point.

signup292
Posts: 79
Joined: Sun Mar 02, 2014 11:02 pm

.

Post by signup292 »

.
Last edited by signup292 on Sun Feb 22, 2015 12:58 am, edited 1 time in total.

biolizard89
Posts: 2001
Joined: Tue Jun 05, 2012 6:25 am
os: linux

Re: Bounty

Post by biolizard89 »

This is way too loosely defined. How do you define "as bad as"? What are the requirements for responsible disclosure?

Other than those issues, there are two things that come to mind:

(1) BountySource should be used as escrow so that fraud risk is reduced for everyone involved.
(2) I think this should wait until the rebase is finished, because finding critical bugs in a a codebase that's in the middle of being scrapped doesn't seem like a great use of anyone's time.

I think some of the devs discussed doing a vulnerability bounty (I think last week actually), and we decided that it was a good idea, but not at this specific time.

But, thank you for your enthusiasm! I'd love to see something like this for the libcoin rebase (or for some other Namecoin-related applications) in the future.

Cheers!

EDIT: A couple of other loosely defined things: When does your offer expire? I assume you're referring to the name-stealing bug found by Michael Gronager, but you don't explicitly say this.
Jeremy Rand, Lead Namecoin Application Engineer
NameID: id/jeremy
DyName: Dynamic DNS update client for .bit domains.

Donations: BTC 1EcUWRa9H6ZuWPkF3BDj6k4k1vCgv41ab8 ; NMC NFqbaS7ReiQ9MBmsowwcDSmp4iDznjmEh5

e234679
Posts: 15
Joined: Tue Feb 04, 2014 5:11 am
os: windows

Re: Bounty

Post by e234679 »

I agree on 1 and 2.

Youre right it's loosely defined, but I am open to anyone with suggestions on how define it. Perhaps also a group of some key people that could have a final say of confirmation that it was a pretty big bug and that it should be rewarded.

Yes I was referring to the name stealing bug.

biolizard89
Posts: 2001
Joined: Tue Jun 05, 2012 6:25 am
os: linux

Re: Bounty

Post by biolizard89 »

e234679 wrote:I agree on 1 and 2.

Youre right it's loosely defined, but I am open to anyone with suggestions on how define it. Perhaps also a group of some key people that could have a final say of confirmation that it was a pretty big bug and that it should be rewarded.

Yes I was referring to the name stealing bug.
If you're okay with waiting for the rebase, I can offer some suggestions at that point regarding definitions/criteria. (I'd probably also contribute from the FreeSpeechMe fund.)
Jeremy Rand, Lead Namecoin Application Engineer
NameID: id/jeremy
DyName: Dynamic DNS update client for .bit domains.

Donations: BTC 1EcUWRa9H6ZuWPkF3BDj6k4k1vCgv41ab8 ; NMC NFqbaS7ReiQ9MBmsowwcDSmp4iDznjmEh5

foglight
Posts: 34
Joined: Tue Jul 09, 2013 9:46 pm

Re: Bounty

Post by foglight »

when the time comes, i'll put up $200 worth of namecoin

Post Reply