Open Changaco opened 8 months ago
EdOverflow
commented
8 months ago I agree with @karelorigin that doubling the current ranges is a step in the right direction. This may encourage some of the more reputable hackers on the platform to review Liberapay.
karelorigin
commented
8 months ago @Changaco since you have a better understanding of Liberapay's budget, I'd suggest taking it as a minimum. I think a more is better approach is generally preferred when it comes to bounties.
Changaco
commented
8 months ago I don't think the bounty amounts have been changed since.
Actually, I changed them last year, so almost all of the maximum amounts have already been doubled.
Liberapay's HackerOne program was launched in 2018 (https://github.com/liberapay/liberapay.com/issues/549), and I don't think the bounty amounts have been changed since. Liberapay has significantly more income now than it did then, so we could increase the bounty amounts.
@karelorigin has proposed a simple doubling of the current amounts. Are there any other proposals? @EdOverflow?
(The best time for a significant update of the HackerOne program would probably be after Liberapay migrates away from AWS and SQL, as there will be a greater need for reviews of the new infrastructure's security. However, that would mean waiting quite a while, as the work to make that migration possible is nowhere near complete.)