"I reported the fixation issue privately only because I'm a good guy and was in a good mood."
I for one am glad that Homakov decided to share and write about these security issues rather than just selling it to the highest bidder. I have learned quite a bit over the past year. And it's deplorable that Github isn't paying anything.
In negotiation theory your 'BATNA' or 'Best Alternative To Negotiated Agreement' is the second choice you'll go with if the current negotiation breaks down. Theoretically, neither party in a negotiation need accept less than their BATNA.
For example, when you negotiate your annual raise, your best alternative is the raise you could get by moving to another employer (adjusted for benefits, time spent commuting, how fun the job is etc). You don't have to explicitly say to your boss "give me a raise or I'll quit" - your boss just needs to know your options are open.
If homakov publicly says he'd never consider selling an exploit, he's saying his BATNA is $0 and some kudos on Hacker News. If he says he's undecided, his BATNA would be somewhere between a few thousand and a few hundred thousand dollars. Needless to say, the former statement closes off a lot of negotiation options while the latter leaves them open.
I for one am glad that Homakov decided to share and write about these security issues rather than just selling it to the highest bidder. I have learned quite a bit over the past year. And it's deplorable that Github isn't paying anything.