Rsync backups fail after AI-assisted commits ignite open source backlash

A routine backup problem turned into a much bigger argument the moment users saw AI in rsync's commit history. The trigger was rsync 3.4.3, a security-focused release published earlier this year to fix multiple vulnerabilities, after which some users reported that incremental backups were failing. One user said their backup system failed on anything other than a full backup. That is not a cosmetic bug. For the people and companies relying on rsync to move and preserve data, incremental backup failure is the kind of thing that turns a maintenance update into an operational headache.

The flash point was not just the regression itself, but what users found when they dug into the project's recent commits. Since rsync 3.4.1, dozens of commits have been attributed to "tridge and claude," referring to rsync creator Andrew Tridgell and Anthropic's AI assistant Claude. That discovery helped turn a backup issue into a broader argument about whether AI-assisted code belongs in critical open source infrastructure. And rsync is not some side project with a tiny audience. First released in the 1990s, it remains one of the most widely used file synchronization and backup utilities in the Unix and Linux world, embedded in backup products, scripts, NAS appliances, and IT departments that depend on it quietly doing its job without surprises.

That is why the reaction got so heated, so fast. The user pushback included a strongly worded GitHub post titled "Please Do Not Vibe Fuck Up This Software," a blunt reference to the increasingly common practice of handing coding tasks to AI models and trusting the results. The conversation then spread to Reddit and Hacker News, where the topic widened from one broken backup path into a more consequential question for anyone shipping software into production: what happens when AI-generated code touches infrastructure that other systems, teams, and businesses treat as plumbing? The stakes are different from a flashy consumer app because failures in backup and sync software are often invisible until something has already gone wrong.

Tridgell did acknowledge the bug. In a Medium post titled "Rsync and Outrage," he pushed back on the idea that commenters fully understood how AI tools were used, while also conceding that rsync 3.4.3 introduced regressions affecting some backup workflows. He described those workflows as "valid (but unusual) use cases" that were not covered by the project's existing test suite. "I apologize if your use case of rsync was hit by these regressions," he wrote. That matters because it frames the problem not as deliberate neglect, but as the classic failure mode of software engineering under real-world edge cases: tests cover the common path, then a release lands in the weird path that only a subset of users actually run.

But Tridgell also rejected the idea that he simply let Claude drive. According to him, the most visible AI-assisted work involved rewriting rsync's aging shell-script test suite in Python as part of a broader effort to improve security testing and harden the codebase. He said he designed the framework himself, used Claude alongside OpenAI's Codex and Google's Gemini for what he called "grunt work," and manually reviewed the resulting code. "I did not just vibe-code 'convert test suite to python,'" he wrote. "I'm a software engineer with 40 years experience." For executives watching how AI gets deployed inside engineering teams, that distinction is the whole ballgame: tool-assisted production versus blind delegation. One can improve throughput. The other can blow up trust.

Tridgell also argued that maintainers are now dealing with a flood of security reports, many of them AI-generated, which he said has dramatically increased the workload required to keep widely used open source software secure. "The world of software engineering has changed dramatically in the last few months," he wrote. "The world of IT security and maintaining software in the face of the flood of reports has completely and utterly changed just in the last few weeks." Whether or not every maintainer agrees with that assessment, it points to a second-order effect worth noting: AI is not only changing how code gets written, it is changing how much code, how many reports, and how much review work lands on maintainers. In other words, the bottleneck may shift from generation to verification.

Tridgell is not backing away from the tools. He said he intends to continue using them as rsync heads toward a larger 3.5 release focused on security improvements. He also took a shot at users threatening to move to OpenBSD's openrsync project, noting that rsync's new test suite currently reports dozens of failures when run against the alternative implementation. Whether that reassures critics is another matter. But the broader lesson is hard to miss for anyone running engineering orgs, overseeing open source dependencies, or making bets on AI coding adoption: the promise is speed, but the bill comes due in review, testing, and trust. Backup software exists because people do not want surprises. AI coding, by contrast, is still very much about how much surprise a team is willing to tolerate while chasing velocity.