Why Bountysource? Why?

TL;DR

  1. No more Xfce bugs on Bountysource.com (no support for GitLab)
  2. All remaining bug bounties returned to original backers
  3. Xfce Team account on Bountysource remains intact for now (including all donations so far)

Some background

When we kicked off Bountysource as one way to contribute to Xfce financially, this platform really seemed to be in a different place. It supported a multitude of bugtrackers (including our own, now archived, Bugzilla instance) and the web interface was frankly much more reliable.

When Bountysource decided to change its Terms of Service yesterday (note: the ToS change has been withdrawn since) this was a bit of a wake-up call for us. Let me briefly summarize: All uncollected bounties would after a fixed amount of time would have been withdrawn and the money retained by Bountysource. I can only presume that the business model of the platform is seriously struggling if such a drastic measure is imposed on the community when at the same time the fee of withdrawing/collecting bounties is at a not exactly unconsiderable 10%.

This all comes also after a so-called “inactivity fee” was introduced in 2018, which already felt strange and made me wonder what Bountysource does with all the money it holds for its users to justify such a fee. (Just putting the money in a regular bank account while holding on to it would earn you a little interest, as opposed to costing you – inflation ignored).

In any case, even if my reasoning above is not sound, we took the decision to disable bug bounties for Xfce starting now. This is the only reasonable step because GitLab is not supported, so we don’t have any way of updating our issues or confirming that they were closed (GitHub is the only supported platform these days).

The Bountysource Support team confirmed that all existing bug bounties will be returned to the original backers by them.

Please note that this change does not affect the Xfce Team account. We haven’t decided what our next step will be there but for the time being we will leave things as they are. So you can still donate to the Team and we can withdraw that money to use it for the project (footnote: we have not withdrawn anything so far).

7 thoughts on “Why Bountysource? Why?”

  1. It might be worth checking with some of the original backers later on, even if it’s not a huge amount of money involved, because bad things tend to happen in other industries when payment handlers do things like this.

    1. GitLab is not supported by Bountysource.
      We just moved to GitLab (for good reasons) so switching to GitHub doesn’t make any sense.

Leave a Reply

Your email address will not be published. Required fields are marked *