I looked at the rsync commit log and basically every commit since March says “tridge and claude committed.” Andrew Tridgell, the guy who literally invented rsync in 1996. Now hes using a chatbot to write the code and proudly displaying its name right there in the commit.
And before anyone goes “calm down its just a typo fix” no. The recent stuff is the security fixes for 3.4.3. The symlink race CVEs… You know, the exact part where you want an actual human who understands what hes doing, not a machine that spits out code that looks correct but has correctness errors.
Do you get how insane this is? Rsync is the thing holding up basically every backup system on earth. Your NAS uses it. Distro mirrors use it. The server with you grandmas photos uses it. And now the plan is to let a token predictor that can’t even count the amount of letter R’s in “strawberry” write code for it.
“But the tests pass.” The tests pass because the AI probably wrote the tests too you walnut. Its a loop of confident nonsense thats grading its own homework, and the first time it hits an edge case nobody fed it its gonna silently corrupt something and noone notices till the backups are already poisoned.
I’m pinning v3.4.1 and not updating again. If you defend this, dont say nobody warned you when the data loss posts start appearing.
I’m sympathetic to this.
To summarize what’s going on: This is a tool used everywhere in the world, and yet the developer is one single guy who is unpaid for its maintenance. He’s saying no one else volunteers. I wouldn’t be surprised if that’s not literally true but it’s probably true after reasonable vetting, he can’t just accept any guy named Jia Tan who asks to contribute.
Something AI actually has been demonstrably useful for is finding security holes in software. With the advent of AI, tons of FOSS software is flooded with vulnerability reports, they won’t all be accurate but some will and need to be addressed, especially for critical software like rsync that basically everyone uses. I know the kernel maintainers have been completely overwhelmed by the number of fixes needed, and obviously they’re a bigger project but they are also compensated for their work. This is a ton of extra work to add onto one single guy whose paying job is not working on rsync.
I don’t think it’s reasonable to be upset with this guy. We should be more upset about the countless number of organizations that can easily afford to pay a couple developers to put time into a tool they use on a regular basis, but instead choose to say that funding development is someone else’s problem.
Just as a personal opinion, I think a developer with decades of experience on a critical tool probably deserves the benefit of the doubt with intuiting the pitfalls and what to be careful of with AI use in coding. I think the lack of time is more problematic for code quality than AI use in this specific instance. I’m more opposed because I think someone who is still gaining experience being allowed to rely on it will be disastrous, and any allowed usage normalizes it. (Although I’m also opposed because of a disdain for generative AI as a whole.)
he doesnt owe the world anything, and it does his reputation worse service to output garbage than to move slowly