[FFmpeg-devel] [RFC] Bug Bounty

Robert Krüger krueger
Fri Jan 29 17:11:23 CET 2010

On 29.01.2010, at 16:11, Michael Niedermayer wrote:

> On Fri, Jan 29, 2010 at 03:48:13PM +0100, Robert Kr?ger wrote:
>> Hi,
>> On 29.01.2010, at 12:39, Michael Niedermayer wrote:
>>> Hi
>>> As our foundation is apparently nearing fully functional status.
>>> Heres my first suggestion of what to do with some of the donations
>>> Dear gentelflamers may i present to you today my proposal of bug bounties,
>>> The idea behind it is to dispose of the many old bugs that dont seem to
>>> receive the attention they should.
>>> Suggested rules:
>>> * Only reproduceable bugs and reproduceable fixes are eligible
>>> * The fix must reach main ffmpeg svn (and not be reverted at the spot;)
>>> that also implicates proper & clean fixes only
>>> * Duplicate bugs are not eligible, if a fix fixes 3 bugs only the highest
>>> of the 3 bounties is payed.
>>> * The rules and bounties can be changed by the developers of ffmpeg through
>>> a vote or by the project leader.
>>> * People must keep track of their own bounties and notify the treassurer
>>> within 1 month of closing the respective bug.
>>> Suggested bountie:
>>> * IF      Bug older than 24 month: 40 Euro (there are 15 such bugs currently)
>>> * ELSE IF Bug older than 12 month: 20 Euro (there are 59 such bugs currently)
>>> * ELSE IF Bug older than  6 month: 10 Euro (there are 88 such bugs currently)
>>> If all these bugs where fixed this would coast the foundation 2660 Euro.
>>> In that sense it appears a nice thing, fix all bugs older than 6 month for 2k6
>>> [count of bugs from the roundup search of its webinterface]
>>> An alternative bounty system would be:
>>> * bugs must be at least 6 month old
>>> * bugs receive age_in_month*2 euro
>>> this would lead to a more smooth relation between age and bounty but iam too
>>> lazy to count how much money this would cost the foundation for all current
>>> bugs.
>>> Open questions:
>>> * Can we do this or are there some legal/ tax issues for the foundation
>>> with such many payments to probably quite different people over the
>>> planet?
>>> comments, flames, love letters, death threats?
>> is there also a procedure planned for people who are willing to donate money for resolving particular issues? this has been difficult in the past
>> due to the absence of a legal entity to donate to (well, it's not really a donation then, right).
> I dont see the problem, the one resolving the particular issue surely is a
> entity you can send some payment/gift/whatever to
> in practice simply posting (to roundup) a note like
> "ill pay 100euro per IBAN bank transfer to whover fixes this issue1234,
> this offer is valid for 2 month"
> or
> "ill ship my old commodore at my cost to whoever fixes this issue1234,
> this offer is valid for 2 month and only if the person is within russia
> due to too high shiping costs otherwise."
> or
> "ill send amazon gift cards worth 500$ to whoever fixes this issue1234,
> this offer is valid for 2 month"
OK, those are creative alternatives. I'll consider those next time. I'm asking since I put a 5000 Euro bounty out on the ML for fixing AVCHD decoding a year and a half ago with mixed results (https://roundup.mplayerhq.hu/roundup/ffmpeg/issue475). Someone started working on it, lost interest and it was fixed eventually by someone who didn't know about the bounty eight and a half months later. I just thought if this was brokered it would work a bit better but of course that kind of administration is probably not what anyone of the developers wants to dive into, I guess (e.g. the foundation keeps a part of the bounty and for that sees to it that the person volunteering really does the job and if not assign it to someone else or something like that).  

But I did get other things fixed by individual contracts, so for the time being, I guess I'lll stick to that approach.

> you dont need the foundation for that IMHO
>> will the foundation become a sort of broker for such things? of course there always exists the possibility to offer money for certain tasks to individual developers but it would of course be nicer not to possibly bother individual people if there existed an accepted "best practice". that's all from the donator's point of view. it's your call, of course, if you see any benefit in such a thing.  
> It surely should become possible (or at least i think so) to attach some
> "use this money for" note to a donation.
> how effective this would be in practice i dont know.
Im my case all ffmpeg fixes I/we paid for were motivated/paid for by projects for customers so there is usually a desire for some sort of commitment (even if it is a loose one, which cannot be enforced legally) on the side of the person who pays, so I guess in my/our cases it would not have been an option.  

> Is there some bug you want pay for to see squished?

not ATM but I'm sure it will happen again.



More information about the ffmpeg-devel mailing list