Month: June 2020

Bountysource update

I quickly wanted to share an update to my previous post our leaving Bountysource behind (at least as platform for individual bug bounties).

Bountysource support has informed us that “All bounties on Xfce issues have been refunded and backers notified.”

If you are a backer of one of our issues registered on Bountysource and haven’t been refunded or at least approached please reach out to Bountysource support! (support@bountysource.com)

Meanwhile others (e.g. the elementary project) have also decided to move on for the same reasons…

Why Bountysource? Why?

TL;DR

  1. No more Xfce bugs on Bountysource.com (no support for GitLab)
  2. All remaining bug bounties returned to original backers
  3. Xfce Team account on Bountysource remains intact for now (including all donations so far)

Some background

When we kicked off Bountysource as one way to contribute to Xfce financially, this platform really seemed to be in a different place. It supported a multitude of bugtrackers (including our own, now archived, Bugzilla instance) and the web interface was frankly much more reliable.

When Bountysource decided to change its Terms of Service yesterday (note: the ToS change has been withdrawn since) this was a bit of a wake-up call for us. Let me briefly summarize: All uncollected bounties would after a fixed amount of time would have been withdrawn and the money retained by Bountysource. I can only presume that the business model of the platform is seriously struggling if such a drastic measure is imposed on the community when at the same time the fee of withdrawing/collecting bounties is at a not exactly unconsiderable 10%.

This all comes also after a so-called “inactivity fee” was introduced in 2018, which already felt strange and made me wonder what Bountysource does with all the money it holds for its users to justify such a fee. (Just putting the money in a regular bank account while holding on to it would earn you a little interest, as opposed to costing you – inflation ignored).

In any case, even if my reasoning above is not sound, we took the decision to disable bug bounties for Xfce starting now. This is the only reasonable step because GitLab is not supported, so we don’t have any way of updating our issues or confirming that they were closed (GitHub is the only supported platform these days).

The Bountysource Support team confirmed that all existing bug bounties will be returned to the original backers by them.

Please note that this change does not affect the Xfce Team account. We haven’t decided what our next step will be there but for the time being we will leave things as they are. So you can still donate to the Team and we can withdraw that money to use it for the project (footnote: we have not withdrawn anything so far).