I was assuming the “handover point” in a typical journey would be opening a PR. Yes, because the PR’s anonymous it requires more careful review and can’t use the trust shortcuts available with known contributors, so it’s (a lot) slower - but the PR can be created, which is I think what’s wanted.
It’s the spam/DoS side of the web form I’d be most concerned about, but a) would expect to find something that worked well enough, and b) taking an iterative approach and reacting to increases in spam shouldn’t be risky, given sensible general controls like rate-limiting what’s sent on to GitHub. What’s actually appropriate here would depend partly on the details of GH’s ToS.
I would like to see more support for the benefits. In the absence of a known queue of anonymous contributors waiting for Qubes to do this, you’re either looking for other relevant projects that have increased contributions substantially by providing similar anonymity, or you’re asking the Qubes team either to invest in just trying it out (potentially reasonable if it’s cheap enough and there’s some evidence, and that’s where I thought this was going) or to take a principled stand on something that isn’t essential to their core values (possible but no reason to expect it that I can see).