Bug bounties Permalink to " Bug bounties"

Introduction Permalink to "Introduction"

Any ticket opened on the JHipster bug tracker can have a “$$ bug-bounty $$” label: the person who solves that ticket will get the money, either $100, $200, $300 or $500 depending on the ticket!

Who can create bug bounties? Permalink to "Who can create bug bounties?"

How much is a bug bounty? Permalink to "How much is a bug bounty?"

Next to the “$$ bug-bounty $$” label, there should be a “$100”, “$200”, “$300” or “$500” label, that tells how the much the bug bounty is worth.

Where is the list of currently opened bug bounties? Permalink to "Where is the list of currently opened bug bounties?"

Bug bounties are mostly available on the main project, but can also be opened on sub-projects under the JHipster organization on GitHub.

Happy bug hunting :-)

How bug bounties are created Permalink to "How bug bounties are created"

Once a ticket is created, it can get the bug bounty label by two actions:

  • a silver or gold sponsor adds a comment asking to add the bug bounty label and mentioning one of the project leads on GitHub.
  • project leads and governing body directly add the bug bounty label, as they believe it is an important new feature, a critical bug, a long-standing issue, or a time-consuming task. If you are working on an issue and if you think it deserves a bounty don’t hesitate to ask one of the project leads.

To be valid, the bug bounty should then have the $$ bug-bounty $$ label added by either project leads or governing body. It should also have a “$100”, “$200”, “$300” or “$500” label to tell how much it is worth, but if that tag has been forgotten, it is by default worth “$100”.

How to get the money Permalink to "How to get the money"

Once a bug bounty is created, anybody can propose a fix (even the project leads and governing body!). Our goal is to spend that money so that something is fixed as quickly as possible.

In order to claim the money, you must:

  • Create a Pull Request that fixes a ticket with the “$$ bug-bounty $$” label.
  • In order to close the ticket automatically, you must have one commit message with the Fix keyword. For example, Fix #1234 to close ticket #1234.
  • That Pull Request must be merged by someone from the core team. If there are several Pull Requests, the core team member either selects the most recent one or the best one - that’s up to the team member to decide what is best for the project.
  • You can then add a $100, $200, $300 or $500 expense on the JHipster OpenCollective. You must add a link to your Pull Request in the description (for example: $100 bug bounty claim for https://github.com/jhipster/generator-jhipster/pull/1234).
  • Then, you must add a comment on your Pull Request, telling that you claimed the money, with a link to your OpenCollective expense. This is to be sure it is the same person who fixed the issue and claimed the money.
  • That expense will then be validated by the project leads or governing body, and you will receive your money on your Paypal account.