Bug bounties

Introduction

Any ticket opened on the JHipster bug tracker can have a “$100” label: the person who solves that ticket will get the money!

Who can create bug bounties?

How much is a bug bounty?

At the moment, each bug bounty is $100 for the person solving that ticket.

Where is the list of currently opened bug bounties?

Bug bounties are mostly available on the main project, but can also be opened on sub-projects under the JHipster organization on GitHub.

Happy bug hunting :-)

How bug bounties are created

Once a ticket is created, it can get the bug bounty label by two actions:

  • a silver or gold sponsor adds a comment asking to add the bug bounty label and mentioning @jdubois or @deepu105 on GitHub.
  • @jdubois or @deepu105 directly add the bug bounty label, as they believe it is an important new feature, a critical bug, a long-standing issue, or a time-consuming task.

To be valid, the bug bounty should then have the $100 label added by either @jdubois, @deepu105 or @pascalgrimaud.

How to get the money

Once a bug bounty is created, anybody can propose a fix (even @jdubois and @deepu105!). Our goal is to spend that money so that something is fixed as quickly as possible.

In order to claim the money, you must:

  • Create a Pull Request that fixes a ticket with the “$100” label.
  • In order to close the ticket automatically, you must have one commit message with the Fix keyword. For example, Fix #1234 to close ticket #1234.
  • That Pull Request must be merged by someone from the core team. If there are several Pull Requests, the core team member either selects the most recent one or the best one - that’s up to him to decide what is best for the project.
  • You can then add a $100 expense on the JHipster OpenCollective. You must add a link to your Pull Request in the description (for example: $100 bug bounty claim for https://github.com/jhipster/generator-jhipster/pull/1234). You will also need to provide an invoice, see the Open Collective FAQ for expenses for more details, and to get a Google Docs template that you can use.
  • Then, you must add a comment on your Pull Request, telling that you claimed the money, with a link to your OpenCollective expense. This is to be sure it is the same person who fixed the issue and claimed the money.
  • That expense will then be validated by @jdubois and @deepu105, and you will receive your money on your Paypal account.