I will match peoples' pledges for a bounty 5-to-1, up to $1000 worth of Namecoin, for anyone that can find a critical bug as bad as the one in December.
Someone pledges $5, I match with $25.
Total pledges equal $200, I commit $1000, $1200 total at that point.
Bounty
-
- Posts: 2001
- Joined: Tue Jun 05, 2012 6:25 am
- os: linux
Re: Bounty
This is way too loosely defined. How do you define "as bad as"? What are the requirements for responsible disclosure?
Other than those issues, there are two things that come to mind:
(1) BountySource should be used as escrow so that fraud risk is reduced for everyone involved.
(2) I think this should wait until the rebase is finished, because finding critical bugs in a a codebase that's in the middle of being scrapped doesn't seem like a great use of anyone's time.
I think some of the devs discussed doing a vulnerability bounty (I think last week actually), and we decided that it was a good idea, but not at this specific time.
But, thank you for your enthusiasm! I'd love to see something like this for the libcoin rebase (or for some other Namecoin-related applications) in the future.
Cheers!
EDIT: A couple of other loosely defined things: When does your offer expire? I assume you're referring to the name-stealing bug found by Michael Gronager, but you don't explicitly say this.
Other than those issues, there are two things that come to mind:
(1) BountySource should be used as escrow so that fraud risk is reduced for everyone involved.
(2) I think this should wait until the rebase is finished, because finding critical bugs in a a codebase that's in the middle of being scrapped doesn't seem like a great use of anyone's time.
I think some of the devs discussed doing a vulnerability bounty (I think last week actually), and we decided that it was a good idea, but not at this specific time.
But, thank you for your enthusiasm! I'd love to see something like this for the libcoin rebase (or for some other Namecoin-related applications) in the future.
Cheers!
EDIT: A couple of other loosely defined things: When does your offer expire? I assume you're referring to the name-stealing bug found by Michael Gronager, but you don't explicitly say this.
Re: Bounty
I agree on 1 and 2.
Youre right it's loosely defined, but I am open to anyone with suggestions on how define it. Perhaps also a group of some key people that could have a final say of confirmation that it was a pretty big bug and that it should be rewarded.
Yes I was referring to the name stealing bug.
Youre right it's loosely defined, but I am open to anyone with suggestions on how define it. Perhaps also a group of some key people that could have a final say of confirmation that it was a pretty big bug and that it should be rewarded.
Yes I was referring to the name stealing bug.
-
- Posts: 2001
- Joined: Tue Jun 05, 2012 6:25 am
- os: linux
Re: Bounty
If you're okay with waiting for the rebase, I can offer some suggestions at that point regarding definitions/criteria. (I'd probably also contribute from the FreeSpeechMe fund.)e234679 wrote:I agree on 1 and 2.
Youre right it's loosely defined, but I am open to anyone with suggestions on how define it. Perhaps also a group of some key people that could have a final say of confirmation that it was a pretty big bug and that it should be rewarded.
Yes I was referring to the name stealing bug.
Re: Bounty
when the time comes, i'll put up $200 worth of namecoin