That’s the problem, I feel their exclusions from bounty are too wide. This vulnerability if confirmed should be eligible for some bounty imho. That said, they published the exclusions publicly, so getting butt hurt over not getting paid when they said you wouldn’t feels a bit petty to me.
Why do you say he's butt hurt? He doesn't even mention not getting paid. The post is about Keybase not taking a security vulnerability seriously. Is it petty to warn people about an insecure product?
