
BountySource suspended from GitHub - styfle
https://github.com/bountysource/core/issues/1147
======
jaspervdj
Explanation in this comment:
[https://github.com/bountysource/core/issues/1147#issuecommen...](https://github.com/bountysource/core/issues/1147#issuecomment-345923247)

    
    
      On July 27, we reached out to Bountysource in response to a complaint we
      received from a user. During our investigation and discussions with members of
      your team, we found that your organization does not have a mechanism for
      responding to removal requests from users, which is required by our Terms of
      Service. Specifically, Bountysource does not "respond promptly to complaints,
      removal requests, and 'do not contact' requests from GitHub or GitHub Users."
      Over two months later, you have not made any changes to your platform in
      response to our requests.
      
      Therefore, we have suspended your application until you create a process for
      actively responding to all personal information removal requests, including
      those related to projects and issues. In order for us to remove the
      suspension, we would ask to see two things:
      
      1. Confirmation from you that you have a process in place for responding to
      takedown requests about all areas of your website.
     
      2. Inclusion of a public notice to your users stating how to request the
      removal of information. That notice can be included in your documentation or
      other legal notices.
      
      Once you have that process and public notice in place, we'll be happy to
      review your site and consider lifting the suspension.
    

Sounds like it's (hopefully) not permanent.

~~~
Sir_Cmpwn
As someone who does _not_ want BountySource involved in their open source
projects, I applaud GitHub for this move. IMO BountySource is a borderline bad
actor. It was a pain in the ass to get them to remove my projects from their
platform and then they only "sort of" did.

~~~
eganist
Since reading comprehension is apparently a challenge:

Accusation

> IMO BountySource is a borderline bad actor.

Elaboration

> It was a pain in the ass to get them to remove my projects from their
> platform and then they only "sort of" did.

Sir_Cmpwn has no further obligation to elaborate even further on the detail
given, though there might be a benefit to explaining what "'sort of' did"
means.

Edit: looks like he did here anyway --
[https://news.ycombinator.com/item?id=15748433](https://news.ycombinator.com/item?id=15748433)

~~~
openasocket
Elaboration is more of a quantitative thing than qualitative, though. It's
always possible to elaborate further, and there's no harm in asking to do so.
And I found that his further elaboration was helpful:

"I could also clarify that BountySource is opt-out: by default they're
accepting bounties for projects that did not agree to having a bounty
program."

I originally assumed you had to register your project on BountySource, and
they were just making it difficult to de-register something that had already
been added.

Making this thing opt-out only, and apparently making opting out difficult, is
really bad behavior, and I completely agree with his characterization.

~~~
philipov
I'm not sure I got all that. Could you elaborate further, please?

------
ComputerGuru
Straight from the comments: “Even with a $25 bounty attached to it, nothing is
happening”

That is why I detest BountySource. FOSS users already have a ridiculous
feeling of entitlement. Let them “sponsor” a bug fix at one-one-hundredth the
going rate, and that obnoxious sense of entitlement gets dialed up to eleven.

~~~
johnnyfaehell
I honestly think FOSS is one of the biggest problems in IT. It sounds weird,
but hear me out. Beware, kind of a rant coming.

The reason I think it is one of the biggest problems is it devalues developers
and the development process. We created a system in which we make software
look like it's so simple you can just have it.

Look at your development toolchain and then think about how many of the major
components are free. Things that you rely on heavily. In PHP, we have
composer, it's great nearly every PHP developer will use it at least once a
week. They created a service that will improve the reliability and reduce the
dependency on Github. They offer it for $10 a month per user. Nearly everyone
said it was too expensive and didn't bring any value to be worth $10 a month
for something they will constantly use. Especially on CI.

If the development community literally doesn't value the cost of software, why
would anyone else?

The average person, if they want to create a website, will end up using
something free such as WordPress to create and maintain their website for
free. They can get lots of extensions for free and will nearly always be able
to do everything they want for free. Now, why would you if you're the average
person who wants a company website think $3,000 is a reasonable price. You can
literally make a website yourself and just pay for hosting. You may think this
is hyperbole, but how many Web Agencies have serious problems with people not
paying compared to car mechanics?

Many people will not spend $5 on a very good, very professional, high-end
iPhone app because it's too expensive. Again, where this come from? The number
of people who just created free apps and put them up on App Store. I know
people who don't pay for any apps on their phones.

So in conclusion, we have a general disappreciation for software. We have many
multi-million if not multi-billion dollar applications that are built nearly
all of free open source applications. Software that we really need to do our
jobs and we have zero warranty on. Think about this for a minute some of these
companies using these libraries, etc probably wouldn't hire someone to wire
their building if it didn't have a warranty. But the libraries underpinning
their software is free, so if that is free, why would you pay your developers
that much money. Think about it, for a highly skilled profession, we are at
the low end of the pay scale. Accountants, engineers, etc generally all seem
to get paid more. Why? Because of FOSS.

~~~
crazypyro
Isn't the barrier to entry much lower than any of the professions you
mentioned?

Many professions have professional certifications that artificially limits the
supply and drives up their prices. (Professional Engineer, CPA, Bar exams,
etc.)

~~~
johnnyfaehell
> Many professions have professional certifications that artificially limits
> the supply and drives up their prices.

We're literally in a profession where companies hire teams of recruiters to
get developers. Majority of companies are looking for developers constantly.
Whereas with the other professions, there are no supply problems, in fact,
there are too many people becoming qualified that people have trouble getting
jobs. Also, we have the barrier to entry the y don't have, the serious lack of
junior positions, a massive demand for mid/senior positions.

Supply and demand, says we should be getting paid more. In realitiy, I get
paid pretty well compared to my friends in other fields, but I am aware of the
serious discrepancy in salaries.

But mainly my main gripe is there is no real support provided for major parts
of my toolchain because we just give it away. Companies are literally
struggling to come up with good software because everyone expects it for free.

~~~
crazypyro
I think the disconnect is that those teams of recruiters are trying to get
experienced developers, not just someone who can sling some code together.

A lot of FOSS starts as an amateur's project and buds into the full scale
projects we see while the maintainers are also growing as software engineers
with the project. People start FOSS projects and give them away because the
initial market value tends to be negligible until the project has had time to
mature and be fleshed out. Something like Linux had almost zero market value
_years_ into the project, its still just a "toy" to the market.

Just the way I see things, but I can understand your viewpoint as well.

------
jgaa
Why would anyone put mission-critical features like login in the hands of a
3rd party in the first place?

Not to mention that OAUTH itself is crap
([https://hueniverse.com/oauth-2-0-and-the-road-to-
hell-8eec45...](https://hueniverse.com/oauth-2-0-and-the-road-to-
hell-8eec45921529)), and should be avoided.

------
zaarn
Quite sad to see it go. I do hope there will be other, more successful
attempts at making OSS sustainable.

~~~
_jomo
There is BitHub, although it's slightly different and doesn't focus on
sponsoring particular bugs.

[https://signal.org/blog/bithub/](https://signal.org/blog/bithub/)

~~~
zaarn
It seems this only accepts Bitcoin.

Bitcoin still has a lot of friction which would lower the potential income of
OSS developers.

I would rather prefer something which can accept atleast a Bank transfer...

------
ishanjain28
Tried it a few times now and then and it was pretty much dead. No wonder they
didn't replied to Github.

