Open Source Maintainers Owe You Nothing
mikemcquaid.com
This post is heavily inspired by my experience over the last ten years participating in the open source community and eight years as a maintainer of Homebrew (which I’ve maintained longer than anyone else at this point).

For those outside the loop: rsync starting using AI agents to handle the influx of AI security reports to improve the test suite and fix bugs. It introduced a few CVEs and people who never contributed in any way started firing shots at the maintainer.

rsync maintainer’s response to the people getting pissy about his usage of AI: medium and the related post on programming.dev

  • Zos_Kia
    1·
    8 days ago

    Which of the CVEs in question are you referring to?

      • Zos_Kia
        1·
        7 days ago

        I mean the ones in the latest release of rsync, tf does nginx have to do with anything ?

        • poVoq@slrpnk.net
          1·
          7 days ago

          I have not looked at the CVEs in Rsync specifically, but given the deludge of “critical” security issue found by AI lately that have been mostly nothing burgers, I am near certain the same applies to those included in that Rsync patchset.

          • Zos_Kia
            1·
            7 days ago

            It must be nice to have technical opinions that don’t need to be grounded in facts. Why would you check your assumptions when you can just vibe.