Can you provide the minimum identification requirements to be able to get a bug bounty from FPI? If you have to report to the IRS does that mean only citizens of the United States are eligible to work on Freenet for pay?
As for access to the source code, is it not open source? If you mean push access to the repo, I thought most of the bug bounties are to fix bugs and submit code, not review and merge code. There is no security concern regarding anonymous vs known developers submitting code. At the end of the day the code should be reviewed line for line, whether it's by a "trusted" name or not. Ian: > I think Matthew is right, it might cause legal issues if we're paying someone > anonymously, we have to report all expenditures to the IRS and they might not > react too well to us paying significant amounts of money to anonymous bitcoin > addresses. It could be considered money-laundering, for example. > There is also a trust issue, since we would probably need to give them access > to > source repos and other things - and it would be irresponsible to do that with > someone we know nothing about. > Ian. > > > > > > On Sun, May 7, 2017 6:26 PM, Steve Dougherty [email protected] wrote: > Is your understanding consistent with Matthew's that FPI cannot pay a > developer > who remains anonymous to FPI? > > Are you willing to have FPI offer bug bounties? If so, I can put out the call. > Would you rather that we engage individual non-proven developers one at a time > and offer them lump sums for merged code instead? That would make setting a > deadline reasonable, at least, which would be nice. > > > > -------- Original Message -------- > Subject: Re: DDG Tasks Bug Bounty Proposal > Local Time: May 6, 2017 3:46 PM > UTC Time: May 6, 2017 7:46 PM > From: [email protected] > To: [email protected] > > Interesting idea, but isn't there a danger of duplicated effort with this > approach? > > It would be annoying to put a bunch of work into something only to be beaten > to > the finish line by someone else. From a developer's perspective that would > add > to the risk and may be a disincentive to try. > > On Sat, May 6, 2017, 4:53 AM Steve Dougherty <[email protected]> wrote: > Hi everyone, > > To my understanding, at least currently xor does not want FPI to pay him for > his > work. Some developers on FMS have proposed bug bounties - say, $1000 - for > completing a task like "fix Windows tray / installer to work with 64-bit > Java." > This would be in a "first to get reviewed and merged gets paid" fashion, the > idea being we can pay people not yet familiar with the project to familiarize > themselves and not have to commit to paying an unknown developer hourly. At > least one developer has asked that payment be available in crypto currency; > this > seems reasonable to me. > > Thoughts? > > - Steve >
