zlacker

[return to "Vouch"]
1. freaky+Ix2[view] [source] 2026-02-09 02:00:31
>>chwtut+(OP)
The underlying idea is admirable, but in practice this could create a market for high-reputation accounts that people buy or trade at a premium.

Once an account is already vouched, it will likely face far less scrutiny on future contributions — which could actually make it easier for bad actors to slip in malware or low-quality patches under the guise of trust.

◧◩
2. stavro+8z2[view] [source] 2026-02-09 02:14:13
>>freaky+Ix2
How is that different from what happens now, where someone who contributes regularly to a project faces less scrutiny than a new person?
◧◩◪
3. freaky+2K2[view] [source] 2026-02-09 04:13:03
>>stavro+8z2
The difference is that today this trust is local and organic to a specific project. A centralized reputation system shared across many repos turns that into delegated trust... meaning, maintainers start relying on an external signal instead of their own review/intuition. That's a meaningful shift, and it risks reducing scrutiny overall.
◧◩◪◨
4. stavro+pL2[view] [source] 2026-02-09 04:27:40
>>freaky+2K2
This isn't a centralised reputation system, though, is it? Each project keeps its own whitelist.
[go to top]