From owner-freebsd-hackers@freebsd.org Sun Apr 25 18:43:33 2021 Return-Path: Delivered-To: freebsd-hackers@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id D8E655E3174 for ; Sun, 25 Apr 2021 18:43:33 +0000 (UTC) (envelope-from mason@blisses.org) Received: from yangtze.blisses.org (yangtze.blisses.org [144.202.50.44]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 4FSxkD5mxCz3vZC for ; Sun, 25 Apr 2021 18:43:32 +0000 (UTC) (envelope-from mason@blisses.org) Received: from cocytus.blisses.org (cocytus.blisses.org [64.223.129.151]) by yangtze.blisses.org (Postfix) with ESMTP id 6D87217B288 for ; Sun, 25 Apr 2021 14:43:25 -0400 (EDT) Date: Sun, 25 Apr 2021 14:43:23 -0400 From: Mason Loring Bliss To: freebsd-hackers@freebsd.org Subject: Bug bounty framework? Message-ID: <20210425184323.GR18217@blisses.org> MIME-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha512; protocol="application/pgp-signature"; boundary="ssZxAlvqSOvXAj81" Content-Disposition: inline User-Agent: Mutt/1.10.1 (2018-07-13) X-Rspamd-Queue-Id: 4FSxkD5mxCz3vZC X-Spamd-Bar: ---- Authentication-Results: mx1.freebsd.org; dkim=none; dmarc=none; spf=pass (mx1.freebsd.org: domain of mason@blisses.org designates 144.202.50.44 as permitted sender) smtp.mailfrom=mason@blisses.org X-Spamd-Result: default: False [-4.40 / 15.00]; SUBJECT_ENDS_QUESTION(1.00)[]; ARC_NA(0.00)[]; MID_RHS_MATCH_FROM(0.00)[]; FROM_HAS_DN(0.00)[]; RBL_DBL_DONT_QUERY_IPS(0.00)[144.202.50.44:from]; TO_MATCH_ENVRCPT_ALL(0.00)[]; R_SPF_ALLOW(-0.20)[+mx]; MIME_GOOD(-0.20)[multipart/signed,text/plain]; TO_DN_NONE(0.00)[]; PREVIOUSLY_DELIVERED(0.00)[freebsd-hackers@freebsd.org]; RCPT_COUNT_ONE(0.00)[1]; SPAMHAUS_ZRD(0.00)[144.202.50.44:from:127.0.2.255]; RCVD_TLS_LAST(0.00)[]; NEURAL_HAM_LONG(-1.00)[-1.000]; NEURAL_HAM_SHORT(-1.00)[-1.000]; DMARC_NA(0.00)[blisses.org]; NEURAL_HAM_MEDIUM(-1.00)[-1.000]; SIGNED_PGP(-2.00)[]; FROM_EQ_ENVFROM(0.00)[]; R_DKIM_NA(0.00)[]; MIME_TRACE(0.00)[0:+,1:+,2:~]; RCVD_COUNT_TWO(0.00)[2]; ASN(0.00)[asn:20473, ipnet:144.202.48.0/20, country:US]; MAILMAN_DEST(0.00)[freebsd-hackers] X-BeenThere: freebsd-hackers@freebsd.org X-Mailman-Version: 2.1.34 Precedence: list List-Id: Technical discussions relating to FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 25 Apr 2021 18:43:33 -0000 --ssZxAlvqSOvXAj81 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable I lack the free time and familiarity needed to fix some of the things I'd love to see fixed in FreeBSD, and I don't remember this idea coming up previously, so I wanted to see what folks think about a framework for bug bounties and similar. Not too long ago I found myself trying to work through how to get Poudriere to build things at an arbitrary prefix other than /usr/local and I offered a donation to the Foundation in exchange for a working solution. It seems that the process got much of the way there, and in any event I made the donation as thanks for the work that had gone into it. (I'd moved on to other things so I haven't exercised the stuff that was fixed. I'm hoping to give it another try sometime soon.) Recently, someone here noted that with FreeBSD 13 on Vultr VMs, reboots hang, and I observe this as well. I've got several systems where FreeBSD fails to load the kernel sporadically. There's an issue where FreeBSD on KVM stops using the EFI console and quietly switches to a text console, where you need to know this has happened to continue with installation. There's a now-understood (thanks, RhodiumToad) issue where geom tasting devices can consume them in a funny way that can't be undone without a reboot, inhibiting some methods of installation. VIMAGE has (at least historically) had a race that can lead to a system hang. I've observed or been bitten by all these things, and I'd love to find some way to participate in their remediation, and it seems like a useful notion would be giving people a chance to commit to contributing to bug bounties to be paid out to the Foundation when various things are fixed. It'd be a purely altrustic motivation for folks who put time into fixing things, as the fruits of their labour would be FreeBSD working better and the Foundation getting more donations, but then, I see the BSD world as existing based on altruism. (Take this and share! We hope you give back!) A useful tool for this would be a listing of projects that have accrued at least one backer and some way to define goals and results such that it's clear when the bounty has been earned. I'd love to hear thoughts about this. --=20 Mason Loring Bliss (( "In the drowsy dark cave of the mind dreams mason@blisses.org )) build their nest with fragments dropped http://blisses.org/ (( from day's caravan." - Rabindranath Tagore --ssZxAlvqSOvXAj81 Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- iQIzBAABCgAdFiEEEXtBZz1axB5rEDCEnrJXcHbvJVUFAmCFuEkACgkQnrJXcHbv JVXg6xAAsz5yVrvAMSa4ToAtXCsOWC2KeS21SKzqZix6xNxUCmMJ5mTKpMOcOXDD Y2gzLD4o4IIyoG2IKWCnUI/XtmPOkoTrKYDp3wBpKyUa9VLEebM3W6/2sO/6RGeX l9Z6VVMBSGAjb+HBcHnvjtQvsaQRJg6wUxAaP13C08PBEk7bnxWT3RE+EzRRpwWA EXzARSykvzqsnxzPnCA5ZC5XOQpSrG78Ax3VItecaFP176sDgWe2hQKf88w6EYGu zVquSQDzRFeFyPNldi/I7teSfq7UfCRFCCc2DG3nOHr4kEvaw4NlLn22/dWnDK8L yjQVcrz7yGFbLllouOWALi1KR4D8+7RpSDlgk8pzz3WQxMVKuwdGgRQorCUH3BEy 89DuswHDonSUMQcfQoYyryOXrUEwQU+pfNycJp7Za8XjxmC6xCWsb+L821BW7jXJ Ng1kJxoVhxpk2v2iOsxoiTGbPVKoiFEheA6rbzAe0IWKh9jAuN9USb2aw7LAfMHW +CyihWqxxi8xm7vQ62YXwMk/FPtT0fUPIOtDA8Tjq9ibuljp6FbcSlpGe54RdQwm 78DWuFE47HAeCkBRa+/NxKYn9ZINrqrYDOV1px6f3rFq4ziqy3+TKdEMwSrxaAiV UiTCL0r7ipZvWFF37GHySVTJAtyA8CrZFCcZl1SiBqXMixNxv4g= =2QBt -----END PGP SIGNATURE----- --ssZxAlvqSOvXAj81--