For those outside the loop: rsync starting using AI agents to handle the influx of AI security reports to improve the test suite and fix bugs. It introduced a few CVEs and people who never contributed in any way started firing shots at the maintainer.
rsync maintainer’s response to the people getting pissy about his usage of AI: medium and the related post on programming.dev
What about the 6 critical security bugs he fixed in that release. Didn’t rsync need those “contributions”?
The “critical” bugs that I have recently seen being found by AI were all extremely unlikely to be exploitable under realistic assumptions 🤷
Which of the CVEs in question are you referring to?
The ones in Nginx and the Linux kernel.
I mean the ones in the latest release of rsync, tf does nginx have to do with anything ?
I have not looked at the CVEs in Rsync specifically, but given the deludge of “critical” security issue found by AI lately that have been mostly nothing burgers, I am near certain the same applies to those included in that Rsync patchset.
It must be nice to have technical opinions that don’t need to be grounded in facts. Why would you check your assumptions when you can just vibe.