This moves Ghostty to a vouch-based contribution system. The high-level idea is that only vouched users can participate in contributing to Ghostty. Users are vouched by maintainers commenting "lgtm" on an issue they opened.
The system also supports explicit denouncement: bad actors can be added to the denounced list which blocks them from contributing entirely. We maintain this as a public record so other projects can adopt our prior knowledge about bad actors if they choose. In this PR, only maintainers can denounce by responding denounce, denounce [user] [reason] to any issue or PR.
This also updates our contribution guidelines and templates to fit this new model.
This system is inspired very heavily by Pi. The original commits were based directly on their work.
Important
This is experimental. We're going to continue testing and refining this. It isn't a perfect system [yet]. This PR just adds the basics so we can start proving it out.
Why?
Open source has always worked on a system of trust and verify.
Historically, the effort required to understand a codebase, implement a change, and submit that change for review was high enough that it naturally filtered out many low quality contributions from unqualified people. For over 20 years of my life, this was enough for my projects as well as enough for most others.
Unfortunately, the landscape has changed particularly with the advent of AI tools that allow people to trivially create plausible-looking but extremely low-quality contributions with little to no true understanding. Contributors can no longer be trusted based on the minimal barrier to entry to simply submit a change.
But, open source still works on trust! And every project has a definite group of trusted individuals (maintainers) and a larger group of probably trusted individuals (active members of the community in any form). So, let's move to an explicit trust model where trusted individuals can vouch for others, and those vouched individuals can then contribute.
Web of Trust
The VOUCHED file is purposely a basic, single, flat-file system that is easy to manipulate with any standard POSIX-tooling or mainstream languages without any external libraries.
I hope that eventually projects can form a web of trust and share and ingest VOUCH files from other projects they trust in order to get a better default trust model across projects in the age of relentless AI attack.
The file also specifically is relaxed on the exact policy for being vouched or denounced. If/when another project decides to trust an upstream vouch file, they're expected to do the diligence to understand if they also trust the upstream projects reasoning for vouching/denouncing. For example, if someone decides to create a vouch file promoting their friends or denouncing their own personal shitlist, that's fine, but downstreams can be aware of that and not trust it.
A Generic System
The vouch system is implemented as a standalone project currently in .github/vouch. It is forge-agnostic but includes GitHub integration to start. I plan on expanding this. My goal is that if this works for us, other projects can quickly adopt it. I don't want to extract this out to its own repo or generalize it more until we prove out the edge cases with our usage. But, I will welcome contributions here to improve this system.
Usage
Local files only:
vouch.nu check <user>- check if a user is vouched/denouncedvouch.nu add <user>- add a user to the vouched listvouch.nu denounce <user>- denounce a user
GitHub integration:
vouch.nu gh-check-pr <pr>- check PR author status, optionally auto-closevouch.nu gh-manage-by-issue <issue> <comment>- vouch/denounce via issue comments