vouch: a contributor trust management system based on explicit vouches to participate
Summary
Vouch proposes an explicit trust model for open source projects, requiring contributors to be vouched for before interacting with protected parts of a project. It supports a flat .td trust file format and a web of trust across projects, with GitHub Actions and a Nushell CLI for managing vouched and denounced users. This approach aims to improve code quality and collaboration security in distributed teams and can be adapted for corporate governance in small to mid-sized companies.