In this case it was a typo in a comment in third-party code included as part of the repo.<p>In general, it depends on the terms of the bug bounty.<p>Perhaps the most famous is Knuth's bounty for any mistakes, not just typos but also the wrong use of font and other presentation errors.<p>For an example from another project, tarsnap's bug bounty is at <a href="https://www.tarsnap.com/bugbounty.html" rel="nofollow">https://www.tarsnap.com/bugbounty.html</a> . It uses different categories, each with a different payout level. The least level is:<p>> Cosmetic errors in the Tarsnap source code or website, e.g., typos in website text or source code comments. Style errors in Tarsnap code qualify here, but usually not style errors in upstream code (e.g., libarchive).<p>In this case it sounds like the submitter for the typo didn't follow the requirements of the bug bounty offer, so it doesn't matter if a typo counts.
Even though it's not a security bug, I'd give the guy a small reward for contributing given that the community/support for this project is trying to grow.