# Open Source Security When you get a PR a tool that gives information about contributors PR reviewing tools - In addition to linting we use a trust model PR spam detector Generative AI Andy (NVIDIA) I'd like to make a note of all the ideas that came up... - AI for preventing spam PRs - source <-> binary: reproducible builds - web of trust that can handle anonymity, not impact non-mainstream contributors - connections with PSF, Anaconda What else? Stéfan notes: - AI for preventing spam PRs - source <-> binary: reproducible builds - web of trust that can handle anonymity, not impact non-mainstream contributors - connections with PSF, Anaconda - connections with 2i2c: cloud platform integrity - connections with github: flagging