Andrew Tridgell, creator of Samba and co-creator of rsync, has addressed criticism following the release of rsync 3.4.3, which introduced regressions affecting certain workflows, particularly backup configurations using daemon mode and incremental transfer options.
Rsync 3.4.3 was released on May 20, as a security update fixing six CVE-listed vulnerabilities affecting rsync 3.4.2 and earlier. According to the project’s release notes, three of the vulnerabilities require non-default daemon configurations, while two are reachable through a normal pull or authenticated daemon connection.
The update also includes fixes tied to daemon configurations using use chroot = no, a setting that became central to some of the reported regressions.
However, shortly after the release, users reported issues. Tridgell addressed this controversy in a post titled “rsync and outrage,” noting that open-source maintainers are receiving a large volume of security reports, many generated by AI.
He confirmed that AI tools were used in some aspects of the work. Tridgell stated that Claude assisted with parts of the new Python-based test suite, with cross-checks from Codex and Gemini. However, he rejected the claim that the work was simply “vibe-coded,” stressing that he designed the test suite, reviewed the work, and committed substantial CI time to validation.
“I did not just vibe-code “convert test suite to python”. I’m a software engineer with 40 years experience (yeah, I’m OLD!), so I did a design first and had a plan for how to validate it. I used AI tools to do the grunt work because they are good at that. I reviewed every part of it myself and ran through a huge amount of CI time getting it right (I’m since moved to having a bunch of local VMs to do most testing to reduce the CI wait time).”
Regarding the regressions, Tridgell was clear. He acknowledged that rsync 3.4.3 disrupted some use cases and explained that he focused on security fixes for this release. He described the affected workflows as valid but uncommon, noting they were not included in the existing test suite or his manual testing.
So, in short, the controversy goes beyond AI involvement. The primary concern is that a widely used tool for backups, mirroring, deployments, and system administration introduced security changes that affected standard workflows. Additionally, the use of AI only increased concerns.
At the end, Tridgell stated he is addressing the regressions. As the next step, he is considering either a 3.4.4 release to address some regressions or proceeding with the planned 3.5 release, which will include more extensive security changes.
