The tool has been making the rounds, but I've not yet found a place where it is used. It would be good to see how it works, how people interact with it, etc
It is also pretty new, so a short look at the merge PRs finds stuff like https://github.com/mitchellh/vouch/pull/15 - might be worth waiting until people have found the main/most exploits :-/ Overall I think it is an interesting idea, but I'm not sure it will work. You want a big "base" of repos that provide trust (numpy, pandas, scikit-learn, more of PyData, etc), but the bigger you make that base the less strong the signal is. It also should be easy to be a newcomer and get verified, because if we routinely interact with unverified people and work with them then it isn't soo useful to have the system. And I think scikit-learn should remain open to newcomers. So it is a bit of a catch 22 situation. T On Thu, 12 Feb 2026 at 16:24, Adrin via scikit-learn < [email protected]> wrote: > A colleague of mine just sent us a link to this repo: > https://github.com/mitchellh/vouch > > which is a community trust management system, and can easily be > implemented on GH. I was wondering what y'all think about having this on > scikit-learn. > _______________________________________________ > scikit-learn mailing list -- [email protected] > To unsubscribe send an email to [email protected] > https://mail.python.org/mailman3//lists/scikit-learn.python.org > Member address: [email protected] >
_______________________________________________ scikit-learn mailing list -- [email protected] To unsubscribe send an email to [email protected] https://mail.python.org/mailman3//lists/scikit-learn.python.org Member address: [email protected]
