Mitchell Hashimoto from Vagrant, Terraform, HashiCorp, and Ghostty fame has introduced Vouch, new trust management system for open source projects.
With this in place, maintainers can implement a trust-based system where contributors must be vouched before submitting code to designated areas.
The system also allows blocking bad actors entirely through a denouncement feature and maintains a simple list of approved and blocked contributors for easy management (stored as a .td file).
Thanks to this, vouch lists of other projects can be aggregated to create a network where open source projects can check if someone is already trusted elsewhere. This means contributors don’t need to get vouched separately for every project they want to contribute to.
On the one hand, I like that it’s focused on the broader concept of trust instead of trying to be some kind of AI slop detector. Focusing specifically on AI invites obnoxious debates from the braindead AI bros, so this might make it easier to get adopted by avoiding politics altogether.
… But on the other hand, I could see this going horribly wrong and being abused to bully people. If it becomes common practice to inherit a vouch list from OSS projects, then upstream maintainers essentially become Reddit moderators; Omnipotent grease lords with the power to make anyone’s life hell with a single commit.