Proposal: Bug bounties on gitea? #6710

New Issue

Closed

opened 2025-11-02 07:04:25 -06:00 by GiteaMirror · 7 comments

GiteaMirror commented 2025-11-02 07:04:25 -06:00

Owner

Copy Link

Originally created by @Kreyren on GitHub (Jan 18, 2021).

Proposing to implement handling to allow anyone to submit a bug bounty on gitea issues that they care about to influence it's priority and handling in case the issue:

1. affects small user base (low priority issues in general)
2. is not economical for (F)LOSS development as it's too complicated e.g. https://github.com/QubesOS/qubes-issues/issues/4318
3. is for Libre Open Source Software (LOSS) project that depends on business plan in place which bug bounties would allow for.

Originally created by @Kreyren on GitHub (Jan 18, 2021). Proposing to implement handling to allow anyone to submit a bug bounty on gitea issues that they care about to influence it's priority and handling in case the issue: 1. affects small user base (low priority issues in general) 2. is not economical for (F)LOSS development as it's too complicated e.g. https://github.com/QubesOS/qubes-issues/issues/4318 3. is for Libre Open Source Software (LOSS) project that depends on business plan in place which bug bounties would allow for.

GiteaMirror closed this issue 2025-11-02 07:04:25 -06:00

GiteaMirror commented 2025-11-02 07:04:25 -06:00

Author

Owner

Copy Link

@noerw commented on GitHub (Jan 18, 2021):

To clarify: with "on gitea issues" do you mean Gitea the project, or Gitea the software?

For the first, we could just put a notice for that in the issue template (& readme). But I'd make sure the wording clearly conveys that a bounty doesn't buy you that feature, but is an incentive only.

@noerw commented on GitHub (Jan 18, 2021): To clarify: with "on gitea issues" do you mean Gitea the project, or Gitea the software? For the first, we could just put a notice for that in the issue template (& readme). But I'd make sure the wording clearly conveys that a bounty doesn't buy you that feature, but is an incentive only.

GiteaMirror commented 2025-11-02 07:04:26 -06:00

Author

Owner

Copy Link

@Kreyren commented on GitHub (Jan 18, 2021):

To clarify: with "on gitea issues" do you mean Gitea the project, or Gitea the software? @noerw

Gitea the software as i would like to use this for my projects. (i am mainly a LOSS developer)

@Kreyren commented on GitHub (Jan 18, 2021): > To clarify: with "on gitea issues" do you mean Gitea the project, or Gitea the software? @noerw Gitea the software as i would like to use this for my projects. (i am mainly a LOSS developer)

GiteaMirror commented 2025-11-02 07:04:26 -06:00

Author

Owner

Copy Link

@techknowlogick commented on GitHub (Jan 18, 2021):

Closing this ticket as bounties for the Gitea project are a thing already (please see the link in README, https://www.bountysource.com/teams/gitea). Last week there were two large ones made. As well, commissioning developers directly is also possible.

@techknowlogick commented on GitHub (Jan 18, 2021): Closing this ticket as bounties for the Gitea project are a thing already (please see the link in README, https://www.bountysource.com/teams/gitea). Last week there were two large ones made. As well, commissioning developers directly is also possible.

GiteaMirror commented 2025-11-02 07:04:26 -06:00

Author

Owner

Copy Link

@noerw commented on GitHub (Jan 18, 2021):

As @Kreyren clarified, this is about technically integrating bug bounty programs with gitea's issue tracker, not about bounties on issues of the gitea project.

@noerw commented on GitHub (Jan 18, 2021): As @Kreyren clarified, this is about technically integrating bug bounty programs with gitea's issue tracker, not about bounties on issues of the gitea project.

GiteaMirror commented 2025-11-02 07:04:26 -06:00

Author

Owner

Copy Link

@techknowlogick commented on GitHub (Jan 18, 2021):

I think then this would be in scope for the bounty projects of potentially using oauth to edit tickets to insert a link into the ticket, and labelling issues appropriately. If this is a request for the bounty logic to be put directly into Gitea I think that is out of scope as dealing with being a bank and storing funds is significant undertaking.

@techknowlogick commented on GitHub (Jan 18, 2021): I think then this would be in scope for the bounty projects of potentially using oauth to edit tickets to insert a link into the ticket, and labelling issues appropriately. If this is a request for the bounty logic to be put directly into Gitea I think that is out of scope as dealing with being a bank and storing funds is significant undertaking.

GiteaMirror commented 2025-11-02 07:04:26 -06:00

Author

Owner

Copy Link

@Kreyren commented on GitHub (Jan 18, 2021):

I think then this would be in scope for the bounty projects of potentially using oauth to edit tickets to insert a link into the ticket, and labelling issues appropriately. If this is a request for the bounty logic to be put directly into Gitea I think that is out of scope as dealing with being a bank and storing funds is significant undertaking.

We dont have to deal with a bank if it was using cryptocurrency e.g. monero which would allow handling the funds through the instance quite nicely. (Majority of bug bounties are using cryptocurrencies already in my experience)

Edit: also would like something that is integrated directly in the UI and set as optional configuration per repo as changing the issue content makes the issue less readable

@Kreyren commented on GitHub (Jan 18, 2021): > I think then this would be in scope for the bounty projects of potentially using oauth to edit tickets to insert a link into the ticket, and labelling issues appropriately. If this is a request for the bounty logic to be put directly into Gitea I think that is out of scope as dealing with being a bank and storing funds is significant undertaking. We dont have to deal with a bank if it was using cryptocurrency e.g. monero which would allow handling the funds through the instance quite nicely. (Majority of bug bounties are using cryptocurrencies already in my experience) Edit: also would like something that is integrated directly in the UI and set as optional configuration per repo as changing the issue content makes the issue less readable

GiteaMirror commented 2025-11-02 07:04:27 -06:00

Author

Owner

Copy Link

@6543 commented on GitHub (Jan 18, 2021):

I think this is outside of gitea's scope too .. but would be a nice smal project ...

something like a "gitea bounty bot" ... since it also has to connect to cryptocurrency nodes + manage wallets, ...

@6543 commented on GitHub (Jan 18, 2021): I think this is outside of gitea's scope too .. but would be a nice smal project ... something like a **"gitea bounty bot"** ... since it also has to connect to cryptocurrency nodes + manage wallets, ...

GiteaMirror referenced this issue 2025-11-02 08:33:19 -06:00

Commits Showing Author By Full Name Not Username #9252

Sign in to join this conversation.

No Branch/Tag Specified

Branches Tags

main

release/v1.25

release/v1.24

release/v1.23

release/v1.22

release/v1.21

release/v1.20

release/v1.19

release/v1.18

release/v1.17

release/v1.16

release/v1.15

release/v1.14

release/v1.13

release/v1.12

release/v1.11

release/v1.10

release/v1.9

release/v1.8

v1.25.3

v1.25.2

v1.25.1

v1.25.0

v1.24.7

v1.25.0-rc0

v1.26.0-dev

v1.24.6

v1.24.5

v1.24.4

v1.24.3

v1.24.2

v1.24.1

v1.24.0

v1.23.8

v1.24.0-rc0

v1.25.0-dev

v1.23.7

v1.23.6

v1.23.5

v1.23.4

v1.23.3

v1.23.2

v1.23.1

v1.23.0

v1.23.0-rc0

v1.24.0-dev

v1.22.6

v1.22.5

v1.22.4

v1.22.3

v1.22.2

v1.22.1

v1.22.0

v1.23.0-dev

v1.22.0-rc1

v1.21.11

v1.22.0-rc0

v1.21.10

v1.21.9

v1.21.8

v1.21.7

v1.21.6

v1.21.5

v1.21.4

v1.21.3

v1.21.2

v1.20.6

v1.21.1

v1.21.0

v1.21.0-rc2

v1.21.0-rc1

v1.20.5

v1.22.0-dev

v1.21.0-rc0

v1.20.4

v1.20.3

v1.20.2

v1.20.1

v1.20.0

v1.19.4

v1.21.0-dev

v1.20.0-rc2

v1.20.0-rc1

v1.20.0-rc0

v1.19.3

v1.19.2

v1.19.1

v1.19.0

v1.19.0-rc1

v1.20.0-dev

v1.19.0-rc0

v1.18.5

v1.18.4

v1.18.3

v1.18.2

v1.18.1

v1.18.0

v1.17.4

v1.18.0-rc1

v1.19.0-dev

v1.18.0-rc0

v1.17.3

v1.17.2

v1.17.1

v1.17.0

v1.17.0-rc2

v1.16.9

v1.17.0-rc1

v1.18.0-dev

v1.16.8

v1.16.7

v1.16.6

v1.16.5

v1.16.4

v1.16.3

v1.16.2

v1.16.1

v1.16.0

v1.15.11

v1.17.0-dev

v1.16.0-rc1

v1.15.10

v1.15.9

v1.15.8

v1.15.7

v1.15.6

v1.15.5

v1.15.4

v1.15.3

v1.15.2

v1.15.1

v1.14.7

v1.15.0

v1.15.0-rc3

v1.14.6

v1.15.0-rc2

v1.14.5

v1.16.0-dev

v1.15.0-rc1

v1.14.4

v1.14.3

v1.14.2

v1.14.1

v1.14.0

v1.13.7

v1.14.0-rc2

v1.13.6

v1.13.5

v1.14.0-rc1

v1.15.0-dev

v1.13.4

v1.13.3

v1.13.2

v1.13.1

v1.13.0

v1.12.6

v1.13.0-rc2

v1.14.0-dev

v1.13.0-rc1

v1.12.5

v1.12.4

v1.12.3

v1.12.2

v1.12.1

v1.11.8

v1.12.0

v1.11.7

v1.12.0-rc2

v1.11.6

v1.12.0-rc1

v1.13.0-dev

v1.11.5

v1.11.4

v1.11.3

v1.10.6

v1.12.0-dev

v1.11.2

v1.10.5

v1.11.1

v1.10.4

v1.11.0

v1.11.0-rc2

v1.10.3

v1.11.0-rc1

v1.10.2

v1.10.1

v1.10.0

v1.9.6

v1.9.5

v1.10.0-rc2

v1.11.0-dev

v1.10.0-rc1

v1.9.4

v1.9.3

v1.9.2

v1.9.1

v1.9.0

v1.9.0-rc2

v1.10.0-dev

v1.9.0-rc1

v1.8.3

v1.8.2

v1.8.1

v1.8.0

v1.8.0-rc3

v1.7.6

v1.8.0-rc2

v1.7.5

v1.8.0-rc1

v1.9.0-dev

v1.7.4

v1.7.3

v1.7.2

v1.7.1

v1.7.0

v1.7.0-rc3

v1.6.4

v1.7.0-rc2

v1.6.3

v1.7.0-rc1

v1.7.0-dev

v1.6.2

v1.6.1

v1.6.0

v1.6.0-rc2

v1.5.3

v1.6.0-rc1

v1.6.0-dev

v1.5.2

v1.5.1

v1.5.0

v1.5.0-rc2

v1.5.0-rc1

v1.5.0-dev

v1.4.3

v1.4.2

v1.4.1

v1.4.0

v1.4.0-rc3

v1.4.0-rc2

v1.3.3

v1.4.0-rc1

v1.3.2

v1.3.1

v1.3.0

v1.3.0-rc2

v1.3.0-rc1

v1.2.3

v1.2.2

v1.2.1

v1.2.0

v1.2.0-rc3

v1.2.0-rc2

v1.1.4

v1.2.0-rc1

v1.1.3

v1.1.2

v1.1.1

v1.1.0

v1.0.2

v1.0.1

v1.0.0

v0.9.99

Labels

Clear labels

$20

$250

$50

$500

backport/done

💎 Bounty

docs-update-needed

good first issue

hacktoberfest

issue/bounty

issue/confirmed

issue/critical

issue/duplicate

issue/needs-feedback

issue/not-a-bug

issue/regression

issue/stale

issue/workaround

lgtm/need 2

modifies/api

modifies/translation

outdated/backport/v1.18

outdated/theme/markdown

outdated/theme/timetracker

performance/bigrepo

performance/cpu

performance/memory

performance/speed

pr/breaking

proposal/accepted

proposal/rejected

pr/wip

pull-request

Mirrored from GitHub Pull Request

reviewed/wontfix

💰 Rewarded

skip-changelog

status/blocked

topic/accessibility

topic/api

topic/authentication

topic/build

topic/code-linting

topic/commit-signing

topic/content-rendering

topic/deployment

topic/distribution

topic/federation

topic/gitea-actions

topic/issues

topic/lfs

topic/mobile

topic/moderation

topic/packages

topic/pr

topic/projects

topic/repo

topic/repo-migration

topic/security

topic/theme

topic/ui

topic/ui-interaction

topic/ux

topic/webhooks

topic/wiki

type/bug

type/deprecation

type/docs

type/enhancement

type/feature

type/miscellaneous

type/proposal

type/question

type/refactoring

type/summary

type/testing

type/upstream

No Label

Milestone

No items

No Milestone

Projects

Clear projects

No project

Assignees

Clear assignees

GiteaMirror ninjasurge

No Assignees

1 Participants

Notifications

Subscribe

Due Date

No due date set.

Dependencies

No dependencies set.

Reference: github-starred/gitea#6710