rules for claiming
any bounties.
- General consensus seems to be to let the bug bounty program only cover
our coding. Any vulnerabilities reported against the Xen project's
infrastructure (web sites, ...) should not qualify for claiming a bug
bounty.
Are there any further topics
r occurring case feels like overkill, and we
don't want to drive away potential new contributors or maintainers by
excluding them at least partially from the bounty program. So right
now we are inclined to not setup further exclusion rules for claiming
any bounties.
- General cons
