I disagree that it's a good thing on its own.
Where is the money for more paid maintainers?
Oops.
It's not there.
A #bugbounty on open source projects that don't get any funding for additional maintainers is likely to decimate the volunteer maintainer labor pipeline of the futurehttps://twitter.com/mikko/status/1078644544789532672 …
-
-
the on call point comes from a total misunderstanding how open source projects work.
-
Here's how discussion went w the Apache server core paid maintainers when I spoke to them about this: Me: Do you know you're about to be bountied by EU? Them: No. Neat! We'd love serious bugs Oh, we'll likely get lots more low sev bugs & usually leave fixing to our volunteers 1/2
- 7 more replies
New conversation -
-
-
I like more support. I like more security research. I like more funding. I don’t like implying some group is already paid enough. In security, even when people are paid well (which isn’t always), there’s not enough people.
-
Ah-ha, I think I understand what you're saying. It's a nice thought, but I suppose the counterargument is that it's a long way off and *right now* the incentives need to be enough to make the work actually happen

- 7 more replies
New conversation -
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.