Open Source Maintainers Owe You Nothing
mikemcquaid.com
This post is heavily inspired by my experience over the last ten years participating in the open source community and eight years as a maintainer of Homebrew (which I’ve maintained longer than anyone else at this point).

For those outside the loop: rsync starting using AI agents to handle the influx of AI security reports to improve the test suite and fix bugs. It introduced a few CVEs and people who never contributed in any way started firing shots at the maintainer.

rsync maintainer’s response to the people getting pissy about his usage of AI: medium and the related post on programming.dev

  • terabyterex@lemmy.world
    64·
    3 days ago

    how did he slopify anything? he got a huge invtease in contributions and used a tool to help weed out slop.

    • poVoq@slrpnk.net
      122·
      3 days ago

      They could have just refused merging slop. Rsync didn’t need these “contributions”.

      • Zos_Kia@jlai.lu
        2·
        20 hours ago

        What about the 6 critical security bugs he fixed in that release. Didn’t rsync need those “contributions”?

        • poVoq@slrpnk.net
          1·
          15 hours ago

          The “critical” bugs that I have recently seen being found by AI were all extremely unlikely to be exploitable under realistic assumptions 🤷

              • Zos_Kia@jlai.lu
                1·
                1 hour ago

                I mean the ones in the latest release of rsync, tf does nginx have to do with anything ?

                • poVoq@slrpnk.net
                  1·
                  36 minutes ago

                  I have not looked at the CVEs in Rsync specifically, but given the deludge of “critical” security issue found by AI lately that have been mostly nothing burgers, I am near certain the same applies to those included in that Rsync patchset.