A GitHub issue titled "Please Do Not Vibe Fuck Up This Software" hit the top of Hacker News this weekend with 431 points and 385 comments. It's about rsync. The body of the issue is a single screenshot of a Mastodon post.
There's some interesting stuff we can talk about re Rsync itself, but more interesting is that this is representative about how open source maintainers are treated, how quickly people jump to conclusions, and a huge pro-AI vs anti-AI split forming.
Broadly, people fall into one of:
- The vehemently anti-AI crowd who very quickly jump on narrative of "old piece of software has commits by Claude Code and now has bugs". This is great fuel for their anti-AI campaign so they pile on.
- The people who have actually tried to build and maintain open source software, or know people who have.
You don't have to pick a tribe of course! There is room for subtlety in between if you want. Some facts:
- Andrew "Tridge" Tridgell is actually an engineer — the co-creator of rsync (algorithm in ANU Technical Report TR-CS-96-05), the creator of Samba, winner of the 2005 FSF Award for the Advancement of Free Software, and a recipient of the Medal of the Order of Australia. He's probably earned the benefit of the doubt as someone who knows how to build and maintain open source software.
- He handed the reins to Wayne Davison around 2002. In April 2024, Davison announced he was stepping back — "Because various life events have been monopolizing my time, I reached out to Tridge (the original author) and he has graciously agreed to get back into rsync work" — and Tridge returned as the active maintainer. LWN covered it.
- Activity has increased. The test suite got rewritten from 45 shell
.testfiles to 95 Python_test.pyfiles via PR #903 in May 2026. In the last 12 months, 110 of ~130 commits are by Tridge; many carry aCo-Authored-By: Claudetrailer. - This is not a slew of new features — everyone seems to agree rsync is basically "done." But with an increase in externally-reported security vulnerabilities, it's not as simple as "leave good enough alone." The 3.4.x train is entirely security patches: six CVEs in January 2025 (including CVE-2024-12084, a heap buffer overflow scoring CVSS 9.8) and six more in May 2026, one of them (CVE-2026-43619) found by Tridge himself during a follow-on audit.
So, is rsync slop now?
It's kind of hard to prove the exact cause and effect chains between AI and some bugs in an old library. Yes, the maintainer has been using Claude; yes there have been more CVEs from people finding security issues in rsync, which create the need for more activity.
From a look at the commit history, it looks broadly reasonable to me. The tests were rewritten from shell scripts to Python, but that doesn't seem to have been the cause of bugs slipping through. Even though there are more commits recently, it doesn't seem to be random feature development; most changes are in reaction to specific bugs or security issues.
The maintainer is still actively adding commits and ignoring all the issue hate, which seems sensible so he probably doesn't need anyone to come to his defence, but that takes us to...
How to be a good open source citizen
It really sucks to be an open source maintainer today. Your repositories are under a constant barrage of drive-by PRs, 5000 word issues generated by an agent on autopilot, and people are not only demanding fixes and features, but also telling you what tools you should and shouldn't be using to make those fixes.
Here are some things you can do to help (or at least not cause harm) to the open source world
- Before doing some action like opening a PR or an issue, ask yourself 'is this likely to be hurtful, annoying, or in any way taken badly by the maintainer?'. If the answer is yes, then consider not doing that thing.
- Before opening an issue, ask yourself if the issue is helpful to the maintainer or the project, or if it's just something you need to vent about
- Before responding to an issue, ask yourself if you're just adding noise that someone has to read to try figure out if there's something important in it or if you're helping
- If other people have already opened a similar issue, PR, or made a similar comment, then just add a thumbs up to that one instead of creating more work
You don't have to treat open source maintainers as gods (though some might like it). Often projects have problems, problems get noticed by the community and changes or forks are made. It's fine to voice concerns, fine to be critical, and maybe even fine to be angry when Someone Is Wrong On The Internet, but it doesn't hurt to be respectful and to be hyperaware that everyone is dealing with too much input right now so adding more is often not helpful.
Maybe go hug an open source maintainer.
Here's the issue thread evolving in real time, if you want to watch the pile-on unfold (auto-loads when you scroll to it — it's 14MB):