I’m concerned stuff like this will lead to a “dark forest” scenario, in which the risks of open source outweigh the benefits.

@mttaggart But maybe part of the verification would be actual identity (is anonymity valued in software contributions?). Or maybe the ability to talk through the PR.

@mttaggart I can imagine it being automated; maintainers have a calendly-type thing, so making the appointment is not work for the maintainer. If you want to submit a PR you get on the calendly. I don't really see the incentive for bots to spam a system that is going to human-verify them eventually. Maybe the problem would be that a bad human actor with a bunch of bots would make themself available for the verification.

@mttaggart Given that reviewing a PR is already labor-intensive, is it that much marginal effort to ask contributors to hop on a call and verify their humanity? Maybe once they've done it once they can get a credential as a trusted contributor.