Mitchell Hashimoto from Vagrant, Terraform, HashiCorp, and Ghostty fame has introduced Vouch, new trust management system for open source projects.

With this in place, maintainers can implement a trust-based system where contributors must be vouched before submitting code to designated areas.

The system also allows blocking bad actors entirely through a denouncement feature and maintains a simple list of approved and blocked contributors for easy management (stored as a .td file).

Thanks to this, vouch lists of other projects can be aggregated to create a network where open source projects can check if someone is already trusted elsewhere. This means contributors don’t need to get vouched separately for every project they want to contribute to.