GitHub – mitchellh/vouch: A community trust management system based on explicit vouches to participate. Skip to content You signed in with another tab or window. Reload to refresh your session. You signed out in another tab or window. Reload to refresh your session. You switched accounts on another tab or window. Reload to refresh your session. Dismiss alert mitchellh / vouch Public Notifications You must be signed in to change notification settings Fork 30 Star 1.8k A community trust management system based on explicit vouches to participate. License MIT license 1.8k stars 30 forks Branches Tags Activity Star Notifications You must be signed in to change notification settings mitchellh/vouch main Branches Tags Go to file Code Open more actions menu Folders and files Name Name Last commit message Last commit date Latest commit History 112 Commits 112 Commits .github .github action action tests tests vouch vouch .envrc .envrc .gitignore .gitignore .pinact.yaml .pinact.yaml AGENTS.md AGENTS.md CONTRIBUTING.md CONTRIBUTING.md FAQ.md FAQ.md HACKING.md HACKING.md LICENSE LICENSE README.md README.md VOUCHED.example.td VOUCHED.example.td flake.lock flake.lock flake.nix flake.nix shell.nix shell.nix View all files Repository files navigation Vouch A community trust management system. FAQ · Contributing People must be vouched for before interacting with certain parts of a project (the exact parts are configurable to the project to enforce). People can also be explicitly denounced to block them from interacting with the project. The implementation is generic and can be used by any project on any code forge, but we provide GitHub integration out of the box via GitHub actions and the CLI. The vouch list is maintained in a single flat file using a minimal format that can be trivially parsed using standard POSIX tools and any programming language without external libraries. Vouch lists can also form a web of trust. You can configure Vouch to read other project’s lists of vouched or denounced users. This way, projects with shared values can share their trust decisions with each other and create a larger, more comprehensive web of trust across the ecosystem. Users already proven to be trustworthy in one project can automatically be assumed trustworthy in another project, and so on. Warning This is an experimental system in use by Ghostty . We’ll continue to improve the system based on experience and feedback. Why? Open source has always worked on a system of trust and verify . Historically, the effort required to understand a codebase, implement a change, and submit that change for review was high enough that it naturally filtered out many low quality contributions from unqualified people. For over 20 years of my life, this was enough for my projects as well as enough for most others. Unfortunately, the landscape has changed particularly with the advent of AI tools that allow people to trivially create plausible-looking but extremely low-quality contributions wi

Source: Hacker News | Original Link