
Should a typo qualify for a bug bounty? - shakedown1
https://github.com/clemahieu/raiblocks/issues/302
======
eesmith
In this case it was a typo in a comment in third-party code included as part
of the repo.

In general, it depends on the terms of the bug bounty.

Perhaps the most famous is Knuth's bounty for any mistakes, not just typos but
also the wrong use of font and other presentation errors.

For an example from another project, tarsnap's bug bounty is at
[https://www.tarsnap.com/bugbounty.html](https://www.tarsnap.com/bugbounty.html)
. It uses different categories, each with a different payout level. The least
level is:

> Cosmetic errors in the Tarsnap source code or website, e.g., typos in
> website text or source code comments. Style errors in Tarsnap code qualify
> here, but usually not style errors in upstream code (e.g., libarchive).

In this case it sounds like the submitter for the typo didn't follow the
requirements of the bug bounty offer, so it doesn't matter if a typo counts.

------
shakedown1
Even though it's not a security bug, I'd give the guy a small reward for
contributing given that the community/support for this project is trying to
grow.

