Offering bounties for small bugs such as "cosmetic" errors is great.
When browsing open source code, I often refrain from reporting small mistakes (e.g. spelling errors), fearing it would "waste" the time of the maintainers for "superficial" problems... I also don't want them to think I'm criticizing their code / spelling.
I think even small errors are important (broken window theory). By explicitly encouraging such reports, you encourage people to read your code, but you also let people know it's okay to "bother" you with these small errors.
This is really cool, and it sounds like a great thing to try for important projects. I just wanted to get more detail on something.
People who report bugs usually care more about feeling respected than getting every possible dollar from you. ... I awarded two very similar bugs from the same reporter $10 and $50 respectively
Where does this assertion about respect come from? How do you know this? Did people come out and say it? Did their interest in continuing to look for bugs rise, fall, or stay the same as a result of the consistent explanations? Do you have actual quotes from the reporters?
I was just curious if this is speculation because it is very easy for us to make the fallacy of assuming someone else thinks the way we do, that their reason for doing something would be the same as what we think would be the reason. I want to believe the assertion, but since it is a generalization, I am skeptical.
It's completely rational to think that people will be intrinsically motivated by money, and they are on some level. But people are irrational - what drives them is usually a lot different than what you would expect.
Dan Pink is at the forefront of demystifying motivation. When you have time, check out this TED Video, it's very insightful - http://www.ted.com/talks/dan_pink_on_motivation.html. TL;DW - Cash incentives alone make people slow and stupid for cognitive tasks.
Aside from the fact that it's a generally true statement, and the fact that several people turned down the bounties -- yes, people did make comments along those lines.
Money doesn't tend to motivate me in bug hunting, but the laptop I am writing this on, and my next holiday came from a bounty I received from Mozilla a couple of weeks ago. I would have have found and disclosed the bug responsibly, regardless of the bounty program. But it sure as hell feels nice to be rewarded some times. I was also awarded a gift by LastPass earlier this year for reporting a security problem and letting them fix it before blogging it up. The vast majority of bug reports go unrewarded though. I don't mind, when the software is open source, or isn't backed by a wealthy company/individual.
It's not necessarily a trivial amount of money -- ralph found over $1000 of bugs.
Of course, that's pretty low compared to the amount of time he probably spent looking for them.
EDIT: I was replying to a comment pointing out that to professional developers the bounties rather trivial in value. I don't know why it was deleted, as it seemed a reasonable point to make...
I think I'm the bounty hunter that got $10 and $50 for two similar bugs. cperciva's summary is accurate in my case. WRT feeling respected, it wasn't an explicit need for me but implicitly it helps a lot that his replies had a few lines of explanation when it was a "no, not a bug" or a borderline decision on how big a bounty. Just as it would if I'd had made the report to a non-bounty FLOSS project.
I think I'm the bounty hunter that got $10 and $50 for two similar bugs.
Yep. I would have named you, but I don't like doing that without asking permission first and I didn't know that I was going to mention the $10/$50 bit until I was halfway through writing that blog post.
I didn't submit any bugs, but I certainly enjoyed reading the code. I learned a lot from it. Tarsnap has some of the simplest, understandable C code I've ever read. If I ever need, secure remote backup, I'd use this software and recommend it to others.
Tarsnap has some of the simplest, understandable C code I've ever read.
Thanks! It's great to hear comments like this -- I think my code is clean and understandable, but I know that most people say the same thing about their own code, so having someone else say this is very gratifying.
When browsing open source code, I often refrain from reporting small mistakes (e.g. spelling errors), fearing it would "waste" the time of the maintainers for "superficial" problems... I also don't want them to think I'm criticizing their code / spelling.
I think even small errors are important (broken window theory). By explicitly encouraging such reports, you encourage people to read your code, but you also let people know it's okay to "bother" you with these small errors.