Changelog Master Feed Vouch for an open source web of trust (Changelog News #180)
5 snips
Feb 9, 2026 A discussion of Mitchell Hashimoto's Vouch for explicit open source trust and how it could shape verification. A report on an experiment where agent teams built a C compiler that can compile Linux but still fails simple programs. A look at lightweight alternatives to complex tooling and skepticism about pouring effort into LLM-generated code.
AI Snips
Chapters
Transcript
Episode notes
Super Bowl Ad Caused An Expensive Self-DDoS
- AI.com bought a domain for $70M, spent $15M on a Super Bowl ad, then wasn't prepared for the traffic spike.
- That resulted in a massive self-inflicted DDoS and free exposure for Cloudflare's gateway timeout page.
Require Explicit Vouching For Contributors
- Do require explicit vouching for contributors to protect open source projects from untrusted actors.
- Use denunciations and vouched relationships to block very bad users and limit contributions.
Agent Team Built A Compiler That Still Fails Hello World
- Nicholas Carlini led a 16-agent team to attempt a Rust-based C compiler over ~2,000 cloud sessions and $20,000 in API costs.
- The agents produced a 100,000-line compiler that can build Linux 6.9 but still fails simple programs like Hello World.