Repost of my reply elsewhere:

This guy is already retired, he wants to spend his days sailing and here we are bitching about rsync not being good enough while we all use if for free

Most of us won't be able to help code, fine.

But most of us could help with translations

Many of us could help with documentation

Some of us could contribute regularly with small financial donations

Some of us might have enough knowledge and expertise and experience to help code

Others could come up with other tasks that could be done.

The point is: rsync need more resources. Either we get him more resources or we STFU about the retired dev using AI. We can't have it both ways.

This is the guy who accidentally forced the creation of git, by reverse engineering the BitKeeper protocol and getting all the Linux kernel developers' licenses revoked. Chaotic Good energy.

Hooray! It's good to see another retired dev with 40 years exp respond more eloquently than I ever can to the flood of anti-AI rage. What gets me most about the rage is the absolutism - the flat assumption that anyone who uses AI is either stupid or evil. Period. There's almost no genuine engagement on the topic, mostly just angry shouting. But you see that a lot online - some people think social media is Fight Club.

Seems like he’s been pushed into using LLMs as a way to cope with the deluge of LLM-generated security reports

It's not just LLM generated security reports, but vulnerabilities discovered by AI. Your wording implies they were just reports, and of less validity. Lazy LLM reports are not what he is trying to cope with, since there is nothing to do but close those reports. He is talking about real, verified, vulnerabilities that weren't discovered until AI tools. Not because humans couldn't find them, but none ever did. When it comes to finding, it really doesn't matter if it's found by human or AI, since that doesn't change its existence or severity.

I used AI tools to do the grunt work because they are good at that.

This is something people complaining should remember. AI is good at some parts of the work of a software engineer: the grunt work.

Also, nobody actually knows if human intelligence is just finer grained stochastic prediction as well.

An interesting but valid argument. It doesn't make AI better than it is, but any human contribution and change can and often is also faulty. People have gaps of knowledge, sometimes unwarranted confidence, other times lack of care, or just miss things. It's not like we're comparing the perfect human vs faulty AI.

If you don’t mind the security risk then you can of course use an older release.

I haven't read the original rage/drama but I can imagine if from other drama instances.

This post is certainly a good, founded response.

There's some valid concerns in AI usage, but unwarranted or inappropriate harsh criticism when it's an established trusted developer and engineer - if we assumed good practice before then we could assume continued good practice. Maybe LLM is one point of increasing skepticism, but criticism should be open, respectful, and fair.

They invested a lot of time and effort into a public good project. In that context, they deserve at least respectful and non-worst-assumptuous criticism.

I can't wait for companies to finally price out most of developers out of AI use, especially the FOSS ones.

I just hope most of them won't get too addicted to the tech crack they are getting free/cheap samples of currently, and will be able able to find back their motivation and skill to work without a feel-good dopamine machines.

Also, lol at all the coments being like "if you're 100% against the tech crack, you're delusional. The cat is already out of the bag, it makes you way better at coding, if you use it responsibly!"

The problem isn't that it's not somewhat good, the issue is that soon you won't be able to afford it, while also being addicted and dependant on it. But I'm sure y'all are able to use crack responsibly and will be fiiine.

I've said this before and I'll say it again. If an established dev uses AI and you don't want that? Then get involved.

I hate when AI people say "things are so different in just the past few weeks, what you know from last year is meaningless" without specifying what's so groundbreaking that us regular folks wouldn't be able to comprehend. It just seems like a way to shut people up and feel superior.

The whole rsync repo is 65k lines total. Recent AI-centric changes account for +16k/-6k, including massive changes to the unit tests. Somehow that's not even considered a "minor" update (v3.4.1 to v3.4.3).

That's not responsible use of AI, that's malpractice.

He makes some fair points. However I do think the large amount of regressions in 3.4.3 should have resulted in a new release rolling back those changes.

I still like the response of the libxml2 maintainer, where any vulnerability will be disclosed openly and fixed when it's ready. Maybe more open source projects currently drowning in CVE should take that stance instead of their maintainers burning themselves out over it.

I think there would be a lot less drama around this if authors were just up-front about how they use AI. Put it in your readme, just like you do with licenses.