Rsync and Outrage
4 hours ago
- #AI-assisted development
- #open-source
- #software security
- The rsync maintainer explains using AI tools to handle an overwhelming flood of security reports, despite backlash.
- He rewrote the rsync test suite in Python with AI assistance, but with careful design and personal review.
- Addresses criticism about AI usage, arguing that LLMs are useful despite outdated views and the need for caution.
- Acknowledges regressions in rsync 3.4.3, apologizes, and advises using older versions if security isn't a concern.
- Defends not using pytest for the test suite, preferring a custom approach tailored to rsync's needs.
- Mentions ongoing work on CVEs and new developers joining rsync, with plans for a major 3.5.0 security update.
- Critiques openrsync, noting it fails many tests from the new suite, and humorously references being called a robot.