For those outside the loop: rsync starting using AI agents to handle the influx of AI security reports to improve the test suite and fix bugs. It introduced a few CVEs and people who never contributed in any way started firing shots at the maintainer.
rsync maintainer’s response to the people getting pissy about his usage of AI: medium and the related post on programming.dev
Taking a project that works fine and making it actively worse by introducing AI made bugs is imho a valid reason to hard fork. The maintainer might not owe you anything, but it shows very poor judgement to slopify a good project like rsync this way.
how did he slopify anything? he got a huge invtease in contributions and used a tool to help weed out slop.
They could have just refused merging slop. Rsync didn’t need these “contributions”.
What about the 6 critical security bugs he fixed in that release. Didn’t rsync need those “contributions”?
The “critical” bugs that I have recently seen being found by AI were all extremely unlikely to be exploitable under realistic assumptions 🤷
Which of the CVEs in question are you referring to?
The ones in Nginx and the Linux kernel.
I mean the ones in the latest release of rsync, tf does nginx have to do with anything ?
I have not looked at the CVEs in Rsync specifically, but given the deludge of “critical” security issue found by AI lately that have been mostly nothing burgers, I am near certain the same applies to those included in that Rsync patchset.
Enjoy maintaining your hard fork!