Feature Proposal: Automated Bounty Governance via Payment Receipts & 5% Penalty Fees to Stop Scam Bounties #201319
Replies: 2 comments 2 replies
-
|
💬 Your Product Feedback Has Been Submitted 🎉 Thank you for taking the time to share your insights with us! Your feedback is invaluable as we build a better GitHub experience for all our users. Here's what you can expect moving forward ⏩
Where to look to see what's shipping 👀
What you can do in the meantime 💻
As a member of the GitHub community, your participation is essential. While we can't promise that every suggestion will be implemented, we want to emphasize that your feedback is instrumental in guiding our decisions and priorities. Thank you once again for your contribution to making GitHub even better! We're grateful for your ongoing support and collaboration in shaping the future of our platform. ⭐ |
Beta Was this translation helpful? Give feedback.
-
|
Just my thoughts on this, not against your idea at all. The fake bounty problem is real and I'm glad someone raised it. I just feel like auto bans would be hard for GitHub to actually do. They have no way to check payment deals that happen outside the platform, and a 24 hour timer could be abused. Someone could spam bad PRs on bounty issues just to get a maintainer banned. Maybe an easier thing for GitHub to add would be a "funded" label that only shows when the money is already deposited somewhere, like how Algora or Polar do it. Then people can see which bounties are actually backed before doing any work. |
Beta Was this translation helpful? Give feedback.
Uh oh!
There was an error while loading. Please reload this page.
-
🏷️ Discussion Type
Product Feedback
Body
Hi GitHub Team and Community,
Currently, many open-source repositories use bounty tags (e.g., $100 USD) in their issue titles to attract contributors. However, there is no transparency or protection for developers. Some maintainers merge the contributor's code but hide malicious disclaimers inside their GitHub Actions/Bot scripts stating that the reward is just for "simulation/ranking" and no real payout will be made. This hurts the trust of the open-source community.
I want to propose a simple, automated, and highly effective Bounty Transparency & Penalty Rule that requires minimal effort from GitHub but creates a Win-Win situation for both GitHub and solvers.
⚙️ How the Proposed System Works:
If a repository has a declared bounty in its issue/PR titles, once the contributor's Pull Request is Merged, the maintainer must pay the solver within 24 hours. After paying, the maintainer must upload the official payment receipt directly onto GitHub's portal.
If the maintainer fails to upload the payment receipt within 24 hours, GitHub’s automated system will immediately trigger a Temporary Ban.
This ban will completely lock the maintainer’s account, their organization/project access, and automatically track and block associated emails, phone numbers, and IP addresses to prevent them from accessing GitHub through alternative accounts.
To lift the temporary ban and restore their project/account access, the maintainer must settle the payment directly through GitHub's payment server with a 5% penalty fee.
The Solver Gets 100%: The main bounty amount (e.g., $100) goes directly to the contributor who solved the issue.
GitHub Gets 5%: GitHub keeps the 5% extra fee (e.g., $5) as a service charge for handling the scam/failed case.
Why this is a Win-Win Solution:
For GitHub: Zero upfront escrow management hassle. GitHub only steps in automatically if a maintainer violates the trust. Plus, GitHub generates a new revenue stream from the 5% penalty fees collected from malicious or failed bounty projects.
For Contributors: Developers can work peacefully knowing that if their code gets merged, the maintainer is legally and technically bound to pay, or else their entire GitHub infrastructure will be banned.
For the Ecosystem: Open-source becomes fully transparent, and fake "simulation" bounty scams will disappear overnight.
I believe this feature will elevate GitHub as the safest platform for open-source monetization. I would love to hear the community's and the GitHub engineering team's thoughts on this!
Beta Was this translation helpful? Give feedback.
All reactions