Rsync 3.4.3 dropped earlier this year as a security-focused release patching multiple vulnerabilities. Within weeks, users started reporting that incremental backup workflows had gone sideways—one admin said their system failed on anything except full backups. Standard bug report stuff so far.

Then the Commit History Surfaced

That's when things got interesting. Users poking around rsync's commit log found something that turned a routine regression into a full-blown culture war: since version 3.4.1, dozens of commits were attributed to 'tridge and claude'—Andrew Tridgell himself paired with Anthropic's Claude AI assistant. Someone fired off a GitHub issue titled 'Please Do Not Vibe Fuck Up This Software,' calling out the increasingly common practice of dumping coding tasks into an LLM and shipping whatever comes back. The post spread to Reddit and Hacker News, where the conversation quickly shifted from backup bugs to whether critical open source infrastructure should be trusting AI-generated patches.

Tridgell's Defense

The man himself fired back with a Medium post titled 'Rsync and Outrage,' arguing that critics jumped to conclusions without understanding how the AI tools were actually deployed. His main defense: the Python test suite rewrite wasn't vibe-coding—it was deliberate architecture work where he designed the framework himself, then used Claude alongside OpenAI's Codex and Google's Gemini for what he called 'grunt work.' "I did not just vibe-code 'convert test suite to python,'" Tridgell wrote. "I'm a software engineer with 40 years experience." He claims he manually reviewed all AI-generated code before committing, positioning the tools as productivity multipliers rather than autonomous agents.

The Security Report Flood

Tridgell also pulled back the curtain on maintainer burnout. According to him, security reports—many of them AI-generated themselves—are flooding open source projects at an unprecedented rate. "The world of software engineering has changed dramatically in the last few months," he wrote. "The world of IT security and maintaining software in the face of the flood of reports has completely and utterly changed just in the last few weeks." He also took a subtle shot at users threatening to migrate to OpenBSD's openrsync fork, noting that rsync's new test suite currently flags dozens of failures when run against the alternative implementation.

Key Takeaways

  • Rsync 3.4.3 introduced regressions affecting incremental backup workflows for some users
  • Users discovered commits attributed to 'tridge and claude' dating back to version 3.4.1
  • Tridgell used Claude, Codex, and Gemini alongside manual code review for the Python test suite rewrite
  • The controversy highlights growing tension around AI-generated patches in critical infrastructure
  • rsync remains foundational software—NAS appliances, backup scripts, and countless IT departments depend on it quietly doing its job

The Bottom Line

Here's the uncomfortable truth: Tridgell might be right that he used AI responsibly. He also might be wrong. But this whole mess proves one thing—we still don't have good answers for how critical infrastructure should handle AI-assisted development, and pretending otherwise is just vibes.