Ask HN: Offering bounty for bugs in an open source project – good or bad?
We have two well received open source project for web related tools and we could attract a few sponsors via open collective. This means we now have a few bucks we would like to invest back into the community
We thought about offering bounties and then letting users write invoices to our open collective so they can get paid.
The questions would be:
1) Is offering bounties even worth it? 2) What range should a bounty be? min. 50$? 3) Write an invoice and get 100% of the money or use a system? 4) What systems are out there and which one would you recommend?
The Open Source projects we are considering it for is:
https://github.com/open-wc/open-wc
https://github.com/modernweb-dev/web We (the D language foundation) have a bounty system. It's not bad, however I wouldn't expect the world from it: the kind of things that get bounties put on them are often not $150 bugs - i.e. it's not always the incentive you might imagine it to be. The bounties do however work as a statement of intent for new contributors to see what is important vs nice to have. I also would let the bounties be set by users rather than centrally. We also maintain a fund ourselves with enough money to fund a few things ourselves, our so-called HR fund, I recommend doing that also. > I also would let the bounties be set by users rather than centrally. So you mean go to an issue and say I will add another 50 bucks if that get's resolved. Makes sense and will certainly would require a system. Having a dedicated HR found sound good we have been wondering how to call/do this. Thanks for sharing your experience - it certainly helped staying realistic. It seems it will not magically lead to all issues being resolved by others. It was a slim hope but yeah probably more a dream then anything . It still seems worth a try It's a great way to attract people that just want to shove low quality solutions into your project. I recall github or some other org offering free tshirts if you committed to open source. Repos were flooded with one line changes and the real developers got annoyed I assume you are referring to hacktoberfest. We did get a few good contributions from that but yeah it's dangerous if any contribution counts. This got me thinking so I think those issues will need to be very well define - probably even with failing tests if possible.
Also it's probably good to keep the number of bounty issues low for maintainability. Seems there is still much to learn. Good idea for specific things, where you already know how you want the implementation to be like. Otherwise you can't really control the overall code quality. Small chunk issues that are definite done/not done, and easy to check if it's fixed or not. Price depending on what you think your own implementation time would be * how much you value getting the contribution. That sounds good. Needs to be very specific and easy to "check". I assume making such well defined bounty issues will require quite some work. If it's worth it only time will tell. What I found so far: https://issuehunt.io/
- 10% issuehunt fee
- 3.5% stripe fee to deposit also 3.5% to withdraw
- search seems good with filters
- diverse projects
- last tweet in 2019 https://www.bountysource.com/
- 10% withdrawal fee
- search seems limited
- seems to be almost exclusive to crypto
- twitter is active HackerOne has an open source program which is free. You could start with it: https://www.hackerone.com/company/open-source-community I'm sure you can talk to them then, and figure out the best strategy to offer paid rewards. Interesting - I didn't knew that one. It seems very security related - I'm not sure if issues for not supporting a specific part in a spec or for improving documentation for a feature will fit in. What do you think? This is 100% security bug bounty. No docs improvements or functionality bugs.