While it would help for some use-cases, it wouldn't necessarily reduce the problem that a browser is facing when dealing with malicious code in a large and complex codebase. And vetted people can be victims of supply-chain attacks, which makes it still hard to evaluate a change properly.

It's not an impossible problem, but it's a resource allocation problem, and they don't seem to have a way to address it at the moment besides closing all PRs.

I suspect that rather than some kind of digital proof-of-competence, communities will shift to in-person meetups at conferences and such. Which is unfortunate for people who can't attend for whatever reason, but I think some solution to that can be worked out.

What does verified means? Anyone can create fake linkedin profiles claiming they have worked for faang.

> As a maintainer of a project you should be able to tell if something is slop.

Of course they can, the problem is they have to spend time digging through a ton of garbage looking for the ones that aren't low quality slop.

If you're getting DDOSed, you start by putting up a firewall lol.