

Tarsnap bug bounties - cperciva
http://www.daemonology.net/blog/2011-04-21-tarsnap-bug-bounties.html

======
danieldk
I encountered tarsnap just a few times, but never took the effort to seriously
evaluate it. This commitment to security might just have convinced me.

(Or in other words: kudos.)

------
jasonkester
A bit off topic, but every time I hear the name of your product, this is what
springs to mind:

<http://images.google.com/images?q=parsnip>

I think it could only help your business if you commissioned a cartoonified
version of one those photos to use as your logo.

------
palish
_"Bounties of under $100 will be awarded as Tarsnap account credits. Bounties
of $100 or more will be awarded as Tarsnap account credits or via US dollar
cheque depending upon the recipient's preference."_

If we accumulate $100 worth of Tarsnap account credits, can we exchange them
for real money? Or perhaps food / shelter?

~~~
cperciva
_If we accumulate $100 worth of Tarsnap account credits, can we exchange them
for real money?_

Yes. If you ask nicely I'll write you a cheque for less than $100, for that
matter -- it's really just that I don't want to end up mailing lots of $1
cheques around.

~~~
zackattack
Hi Colin,

I found two bugs.

    
    
      tar/multitape/multitape_internal.h:124: * missing files. Return 0 on success, 1 if the metadata file does not
    
      tar/multitape/multitape_metadata.c:406: * missing files. Return 0 on success, 1 if the metadata file does not
    

Throughout the rest of your source code, you adhere to the standard of French
spacing, two spaces after a period. In these instances you deviate.

~~~
nandemo
In my opinion the above bug reports deserve a picodollar or two.

~~~
cperciva
Spacing after the end of a sentence is pushing things a bit, but I did say
that typos were worth $1 each, and these are indeed typos.

~~~
zackattack
My only regret is not waiting until the next pre-release to report them.

~~~
cperciva
The double-bounty only applies to _new_ bugs, not bugs which were in previous
releases.

------
zacharypinter
In the context of wanting "people to read through the Tarsnap code":

Any reason why the source is being served as a tarball instead of putting it
up on github?

~~~
cperciva
Several reasons, among them "I don't like git" and "I haven't gotten around to
it yet". :-)

