Hello folks ,
Today I would like to revive a topic: Bug bounties. The subject was shut down just before the ML issue but I would like to restart it now.
Hoa requires an important amount of time. Liip, for instance, is sponsoring me at a rate of 5% of my time, to work on Hoa. This is an excellent news for the project. We have other sponsors, like VeryLastRoom that provides a constant source of revenues, thanks! Other sponsors provide other kind of resources for the project, thanks to them too.
But Hoa is more and more used and popular. While we are all volunteers, I would like to set up a bug bounty program. Let me summarize why:
- Motivation, I reckon it will motivate us to work on some hard or cumbersome bugs, like the refactoring of some libraries,
Solid projects, all the collected money will go to the Hoa Foundation. As a reminder, here is the status:
It aims to support the Hoa project by developing, deploying and promoting the free softwares from Hoa Project, its derivatives and associated projects.Thus, it will be easier to communicate around the projects by sending people in conferences, organizing our own conferences, and more importantly share our revenues with other projects we are depending on, like atoum (or PHPBench in a near future I hope). The goal is not to be rich but to create a solid and strong ecosystem on top of PHP and around Hoa,
- Acknowledgement, most of the time a contributor is doing an incredible amount of work, a new snapshot is released, it’s downloaded, great… but… nothing else. Even inside the Hoa’s community, we are happy but we do not express it more than it would deserve. Recently, @pierozi has set up TLS for all Hoa’s domains, @ashgenesis is organizing and coordinating Hoa Virtual Meetings every month and he is preparing the birth of PHP 7.1 on 2 fronts (Hoa and atoum), @Metalaka has done constant efforts on all libraries, just like @shulard. That’s few examples, but it deserves something special, and time to times, I think we could give them a gift (direct money or something else).
Because we are a set of libraries, few people cares about us. Let’s face it ;-). We already know this fact, this is not new. This is the industry behavior. We are the last piece of the chain. So we are not going to make millions of euros, don’t expect that. However, if we can distribute 100 or 200€ sometimes, it will be an excellent news for everyone I guess.
If you agree, I would like to go to BountySource, I guess they are good.
Thanks for reading.
Do you think this is a good idea? Do you think motivations are correct? Thoughts?