Am Donnerstag, 22. September 2011, 17:33:59 schrieb Sam S.: > On Thu, Sep 22, 2011 at 4:13 PM, David Narvaez > > <david.narv...@computer.org> wrote: > > Hi, just wanted to add this link with an interesting (and valid?) point > > of view > > > > http://threatpost.com/en_us/blogs/how-bug-bounties-are-rat-farming-09201 > > 1 > > Yes, allowing uncontrolled personal bug bounties would > a) open the door to various moral hazards: > - incentive for "rat farming" (as you mentioned)
How? People introducing bugs to fix them later? Code is reviewed now and will be then. > - incentive for working alone (or even in secret) rather that > collaborating Who cares if you work in secret on a few lines patch to fix a bug? Do you think people gather in groups to for most bug fixes? > - etc., and > b) introduce lots of destructive petty conflicts of interest into an > environment otherwise based on mutual constructive collaboration: > - Who gets the money, the one who completes the last 1% of the work? I think you miss the point. How many lines do most bug fixes have? Ever thought about not everything being about adding huge features but rather bugs that nobody fixes for weeks? > - How are disagreements handled about by whom, when or if a bug was fixed? How are disagreements currently handled if two devs have different approaches? You must really think that people just wait to start attacking each other over money and will crowd to fix bugs they would not have touched in weeks if there was no bounty. > - etc. > To handle all those possible issues, lots of bureaucracy and > conflict-management would be needed, which would probably do the > project more harm than good. Not at all. Common sense and a working community, including reviews as they are already done. [snip] IMHO you think far too negative and complicated. Sven >> Visit http://mail.kde.org/mailman/listinfo/kde-devel#unsub to unsubscribe <<
