• Mitchell Hashimoto Launches ‘Vouch’ to Fight AI Slop in Open Source Ecosystem Mitchell Hashimotofrom Vagrant, Terraform, HashiCorp, andGhosttyfame has introducedVouch, new trust management system for open source projects. • With this in place, maintainerscan implement a trust-based systemwhere contributors must be vouched before submitting code to designated areas. • The system also allows blocking bad actors entirely through a denouncement feature and maintains a simple list of approved and blocked contributors for easy management (stored as a.tdfile). • Thanks to this,vouch lists of other projects can be aggregated to create a networkwhere open source projects can check if someone is already trusted elsewhere. • This means contributors don’t need to get vouched separately for every project they want to contribute to. • Vouch also has aGitHubintegration that can check pull requests and auto-close ones from unvouched users and lets maintainers vouch or denounce people by commenting on issues, and a CLI that can be used to check user status, add people to the vouch list, or denounce them.

Article Summaries:

  • Mitchell Hashimoto, known for Vagrant and Terraform, has released Vouch, a trust‑management tool aimed at curbing low‑effort, AI‑generated contributions in open‑source projects. Vouch lets maintainers maintain a simple list of approved and blocked contributors (stored in a .td file) and can be integrated with GitHub to auto‑close pull requests from unvouched users. Contributors are vouched by introducing themselves in an issue; only project write‑access holders may vouch or denounce others, preserving a clear hierarchy. The system aggregates vouch lists across projects, enabling cross‑project trust checks and reducing the review burden from “AI slop.” Hashimoto’s solution leaves policy decisions to downstream projects while providing maintainers a streamlined way to filter submissions.

Sources: