For those outside the loop: rsync starting using AI agents to handle the influx of AI security reports to improve the test suite and fix bugs. It introduced a few CVEs and people who never contributed in any way started firing shots at the maintainer.
rsync maintainer’s response to the people getting pissy about his usage of AI: medium and the related post on programming.dev
Yes they don’t owe us that. Just as the users don’t owe them to have to use the main branch. If they have shown they are no longer fit to maintain, we have to make such information known so users can decide if they want to fork/look for alternatives.
Maintainers signed up to maintain. If they don’t maintain, no one owes them kind words and encouragement.
You are implying that maintainer is a service job and not them simply putting their work into the world for people to use. With foss if YOU dont like the maintainer YOU fork and continue.
They own nothing to anyone. They didnt have to make their code available and doing so is no contract.
Its not that community isnt important but “require” “owe” and even “should” arent applicable to freely given work like this.
The fuck are you taking about? Yes a maintainer is a service job. Their role is to be a good steward of the project they maintain. Accepting good submissions, coordinating QA, cutting releases.
If they do a bad job, then they’re liable to be criticized which is what I actually said and I won’t dignify your strawman with a response.
And FYI, a license is a contract.
when people say “job” they don’t typically mean unpaid gigs. and an open source license is a contract for what you’re allowed to do with their code, not what they’re required to provide you (other than the code itself). it explicitly does not include liability, service guarantees, or warranties.
They didn’t sign up for anything. Read their software licenses.
What? Someone forced them to be maintainers?
Their point is that the maintainer did not sign a contract that requires them to perform maintainer duties. They can choose to stop doing it at any point. They can choose to axe a feature that you deem essential. They can choose to rewrite the project in COBOL for the fun of it.
You may not like it, but that is how it is.
The only legal document involved is the license and any open-source license I’ve seen so far, has stated that the program is provided as is.This is the license under which rsync is provided: https://www.gnu.org/licenses/gpl-3.0.en.html
See sections 15 and 16.The only way you get to have a say in the matter, is by forking and becoming a maintainer yourself.
If I spend my own time building a rickety wooden bridge across a river and people start using it, I don’t owe them anything and I don’t have to maintain the bridge.
If I then spend my time reinforcing the rickety bridge to make it more reliable and sturdy, and perhaps wider so it can support small carts and horses, and more people use it, I still don’t owe them anything and I don’t have to maintain the bridge.
Then perhaps I spend my time turning it into a full concrete/tarmac bridge that can support vehicle traffic and it gets widely adopted so much so that people basically expect to use it in their day to day. I still don’t owe them anything, and I still don’t have to maintain the bridge.
Then I make some further changes to the bridge by using the “tool that sometimes makes bridges better and sometimes makes it fail without warning”, and the people who have come to rely on my bridge start being unable to use it because it randomly drops them into the river. I still don’t owe anyone anything. I still don’t have to maintain the bridge. But I would certainly think people are justified to complain that I did something quite fucking annoying and potentially harmful.
If you build a bridge and make it open to the public, then you absolutely have both an ethical and legal obligation to make it safe to use.
people who have come to rely on my bridge start being unable to use it because it randomly drops them into the river.
That would be at least negligent manslaughter in most, if not all jurstictions.
To be clear I’m not saying that anyone has to do everything that that people request of them. But rather that there is a non-zero amount of responsibility to the public when a project is being actively maintained. If you don’t want that responsibility, then let someone else take over, or announce that the project is abandoned.
The license people agree to, to use the software disclaim warranty and limited liability. So your analogy would be better if the bridge had signage explaining such that most people don’t read. So not a legal obligation, but maybe it hasn’t been tested in court yet.
people are justified to complain
I have to disagree. Not when they didn’t pay any taxes or tolls to build or maintain the bridge, and the bridge has signs at the entrances which state that it is still a completely volunteer-maintained project. Doesn’t matter how good the bridge is, or how many people have deemed themselves deserving of only good results, or that they don’t bother to read the signs. There is no level at which “ok, now they are entitled to trouble-free outcomes”.
At no point did I say anyone was entitled to anything - just that they’re justified to complain. The maintainer doesn’t have any requirement to care about their complaints nor any requirement to address them. But the people are justified in their response.
At least it’s not like a bunch of other popular libraries:
Then I get help from the community for a couple of years and a bunch of contributes to my bridge. Then my bridge is so nice that I can add a toll booth on both sides of the bridge and start charging people money to get across
Maintainers don’t owe you free work, but critiquing bad engineering practices that are publicly visible is valuable discourse. The dude is a legend but he basically sabotaged the project with irresponsible LLM use.
And I’m definitely not impressed with his blog post trying to deflect by bringing up topics like whether LLMs are intelligent. He says he retired and would rather be sailing? OK go sailing dude. Don’t wreck the project and break people’s backup systems with your shitty LLM experiments.
According to the blog he broke some niche setups in the name of security fixes and is working om fixing those niche issues. Its his project to “wreck”, go use open rsync that fails 85 of the 95 tests in the new test suite if you want
The blog is damage control for his reputation because his vibe coding experiment didn’t pan out. I don’t care if he says he used it responsibly because it’s clear as day that he did not. We can see the git history.
go use open rsync that fails 85 of the 95 rsync tests
And the new test suite is what is vibe coded lol https://neuromatch.social/@jonny/116666900898570791
It would be better for literally everyone including himself if he did nothing. If he wants to be retired he should just be retired.
Its his project to “wreck”
Sure he clearly can do that. It is also the public’s prerogative to discuss activities happening in public and their effects. Just like he can be famous for making rsync in the first place, he can be famous for breaking everyone’s backups with vibe coding.
Edit: and people discussing dissatisfaction with the direction or governance of a project is the precursor to a relevant fork, so everyone saying “stop complaining or maintain it yourself” is completely misunderstanding how the ecosystem works.
¯\_(ツ)_/¯ sorry, be mad I guess
Sadly, unless you are on the viral side of the open source, all labour of love can and will be used in private for big corp gains, and this I think it’s unfair. But as the author of the text express, “fuck it” you did something expect nothing in return.
What I expect is þe inevitable Rust rewrite which now has a chance of rendering rsync irrelevant because it doesn’t use AI.
I can’t trust LLMs to correctly identify which track a song appeared as in an album; fuck if I’m going to trust it wiþ my data.
Taking a project that works fine and making it actively worse by introducing AI made bugs is imho a valid reason to hard fork. The maintainer might not owe you anything, but it shows very poor judgement to slopify a good project like rsync this way.
Enjoy maintaining your hard fork!
how did he slopify anything? he got a huge invtease in contributions and used a tool to help weed out slop.
They could have just refused merging slop. Rsync didn’t need these “contributions”.
What about the 6 critical security bugs he fixed in that release. Didn’t rsync need those “contributions”?
if there is a good way to use ai its to deal with problems from ai.
Or is it just throwing a second Frisbee up in the tree?
that is actually a good way to get the frisbee out of the tree. Your extremely unlucking if you end up with two up there.
The rsync developer has gifted us with positive value for many years. Now he is gifting us with negative value by making his project worse. So in a real sense he gave us what we were owed: he owed us nothing, and he gave us nothing. Net nothing.
In a real sense though, linking this article (from 2018) to the rsync situation misses the point, because backlash like this in the open source world is never about what people believe they are owed. Software users are and have always been entitled, yes, regardless of whether the software in question is open or proprietary. The difference with open source software though is that when a project diverges from what most people want, it can be forked.
The outrage against open source projects going in the wrong direction then, is not outrage that the developer is not giving them what they are owed. Rather it is the anger stage of the grief cycle related to the realisation that there is now lots of work to be done to fork or replace the project.
Why give a gift and then take it back? Is it reasonable to decry the anger and resentment that such an act engenders?
Remember the left-pad incident? Was the developer within their rights to withdraw their work? Yes. Was it a dick move? Yes. Was the anger against them justified? Yes. The rsync situation is analogous. We scream into the void and then we move on.
Protest forks never survive though. They always start overly ambitious and then realize how much of a full-time job it really is, and eventually give up.
The ones that survive are the ones that you forget are forks
LibreOffice (from OpenOffice)
Jenkins (from Hudson)
VeraCrypt (from TrueCrypt)
ValKey (from Redis)
MariaDB (from MySQL)
LibreWolf, Waterfox et al. (from Firefox)
Angie (from nginx)
CoMaps (from Organic Maps)The list goes on and on. Just about every Linux distribution is derived from one of the three or four earliest ones.
I don’t consider those purely protest forks in the same sense as say, the GIMP fork called Glimpse.
I feel this article is a bit outdated. Unless you put it into an AGENTS.md file… Contribution has changed a bit since 2018. The coding agents won’t abide by those standards for issues and merge requests 😅 The users and contributors, should, though. And double-check, reproduce and understand what their agents do, before sending anything in.
