Here is another mail from Alex. I asked him about conflict of interest:
Our "easy fix" to the collusion issue is to request core developers donate the bounty directly to a nonprofit instead of personal gain (the nonprofit could be the PSF).
Attacking the problem directly requires a bit more structure. This would be a start:
subjectiveness from the award process
But, to be honest, it's not a problem with one clearcut solution. If there's a desire for a formal code of conduct (probably a worthwhile exercise), we can take a first pass at drafting one and request feedback from the community.
On Nov 7, 2013 8:19 PM, "Christian Heimes" <email@example.com mailto:firstname.lastname@example.org> wrote:
Am 08.11.2013 01:45, schrieb Alex Rice: > FYI :) Hi Alex, I totally forgot that it's a member's only mailing list. I have forward your mail. Thanks for the heads-up! We are going to discuss your input internally and get back to you in a couple of days. I have one final question / remark for you: Do you have a recommendation how we should handle conflict of interests with IBB? After all a high percentage of security-related discoveries, fixes and improvements are made by Python core committers or PSRT members. Although we are all unpaid volunteers I (and probably others) would feel uncomfortable to suggest fellow developers for a bounty. It would feel like cronyism... Are you working on a code of conduct for these kinds of problems? Good night! Christian