Indeed, it's relatively impossible without ties to real world identity.

mjr00 · 2026-02-08T17:58:07 1770573487

> Indeed, it's relatively impossible without ties to real world identity.

I don't think that's true? The goal of vouch isn't to say "@linus_torvalds is Linus Torvalds" it's to say "@linus_torvalds is a legitimate contributor an not an AI slopper/spammer". It's not vouching for their real world identity, or that they're a good person, or that they'll never add malware to their repositories. It's just vouching for the most basic level of "when this person puts out a PR it's not AI slop".

DJBunnies · 2026-02-08T19:39:31 1770579571

That’s not the point.

Point is: when @lt100, @lt101, … , @lt999 all vouch for something, it’s worthless.

jen20 · 2026-02-08T20:22:59 1770582179

But surely then a maintainer notices what has happened, and resolves the problem?

OkayPhysicist · 2026-02-09T19:18:53 1770664733

That's really easy to clean up, if you maintain the tree of trust. If a parent node gets whacked, all the child nodes do, too.

Dylan16807 · 2026-02-09T03:28:42 1770607722

Real world identity isn't sufficient or necessary to solve that problem.