For those outside the loop: rsync starting using AI agents to handle the influx of AI security reports to improve the test suite and fix bugs. It introduced a few CVEs and people who never contributed in any way started firing shots at the maintainer.
rsync maintainer’s response to the people getting pissy about his usage of AI: medium and the related post on programming.dev
I have not looked at the CVEs in Rsync specifically, but given the deludge of “critical” security issue found by AI lately that have been mostly nothing burgers, I am near certain the same applies to those included in that Rsync patchset.
It must be nice to have technical opinions that don’t need to be grounded in facts. Why would you check your assumptions when you can just vibe.