If you have used Bountysource in the past, you may have received an email announcing new terms of service that included a clause that would forfeit unclaimed bounties. On June 16, Bountysource sent this message:
You are receiving this email because we are updating the Bountysource Terms of Service, effective 1st July 2020.
We have added a Time-Out clause to the Bounties section of the agreement:
2.13 Bounty Time-Out.
If no Solution is accepted within two years after a Bounty is posted, then the Bounty will be withdrawn and the amount posted for the Bounty will be retained by Bountysource. For Bounties posted before June 30, 2018, the Backer may redeploy their Bounty to a new Issue by contacting support@
bountysource.com before July 1, 2020. If the Backer does not redeploy their Bounty by the deadline, the Bounty will be withdrawn and the amount posted for the Bounty will be retained by Bountysource.
What do I need to do?
If you agree to the new terms, you don’t have to do anything… Or, if you do not agree with the new terms, please discontinue using Bountysource.
This gave open source projects and their bounty hunters just two weeks to act; oftentimes it would take longer than that to even get a response from the support team. The controversial terms have since been withdrawn—at least for now. On June 17, Bountysource sent the following message (emphasis theirs):
You’re receiving this because we updated our Terms of Service.
Withdrawal of new Terms of Service
Yesterday, we communicated a change to the Bountysource Terms of Service (ToS) agreement.
These changes have been withdrawn and the ToS reverted to its prior state.
The ToS will be revised and clarified in the future.
In December, 2017, Bountysource was acquired by a cryptocurrency company called CanYa who redesigned the Bountysource site and service with a new cryptocoin focus. In addition to the general friction we’ve experienced with using the service since to get developers paid, we feel like this policy change–even withdrawn–is concerning. It calls into question the future of Bountysource as a platform and the stability of their business model. While we understand that operating a platform incurs costs, we want to make sure that funds are primarily going to developers, not being automatically scooped up by corporate stakeholders.
These events have led us to re-think our recommendation and use of Bountysource. As such, we’ve removed Bountysource from our website, removed any Bountysource integration with elementary repos on GitHub, withdrawn our funds, and closed our account. For backers and bounty hunters on Bountysource, your bounties on elementary projects will automatically be returned to you. You may also wish to withdraw any funds and close your account by emailing support@
As an alternative, we recommend checking out GitHub Sponsors. We recently launched a few tiers on Sponsors, and have been very pleased with it.
You can directly sponsor organizations like elementary, as well as individual contributors. For elementary specifically, we have a new $50/month tier that offers the closest equivalent to a bug bounty program: each month, backers at this tier can comment on any elementary issue to get at least an hour of our investigation time. This is a great way to help steer development in the direction you see fit while also directly supporting us.
GitHub also covers payment processing and doesn’t charge any fees for GitHub Sponsors; this means 100% of your sponsorship goes to elementary to help fund our work.
If GitHub Sponsors isn’t your cup of tea, you can also check out the funding section on our Get Involved page to see other ways you can help support elementary OS.