- cross-posted to:
- programming@lemmy.ml
- cross-posted to:
- programming@lemmy.ml
Seems like he’s been pushed into using LLMs as a way to cope with the deluge of LLM-generated security reports.
Seems like he’s been pushed into using LLMs as a way to cope with the deluge of LLM-generated security reports.
I’ve said this before and I’ll say it again. If an established dev uses AI and you don’t want that? Then get involved.
Yep. All the bitching is exhausting.
Talk is cheap. Send contributions or fuck off.
Well rsync is a pretty integral utility for a whole array of software at this point, and I guarantee you that not all of its userbase has the expertise required for direct contributions. I don’t think it’s fair to write off the complaints of people like that as irrelevant, especially if they have a stake in rsync working well for them without having to worry about AI hallucinations screwing them over.
Well yes but.
This guy is already retired, he wants to spend his days sailing and here we are bitching about rsync not being good enough while we all use if for free
Most of us won’t be able to help code
But most of us could help with translations
Many of us could help with documentation
Some of us could contribute regularly nwith small financial donations
Some of us might have enough knowledge and expertise and experience to help code
The point is: rsync need more resources. Either we get him more resources or we STFU about the retired dev using AI. We can’t have it both ways
Then retire. All the time people think it’s maintained it feels safe to not get involved.
I agree. Either retire and pass the torch or stop using “im retired” as an excuse. You can’t have both
I agree with the worry and wanting an alternative but demanding what the dev does is where it crosses a line I feel
I agree with that too, though I think the self-righteous attitude like that of the person I’m replying to swings in the opposite direction a little too hard for my liking. There’s a happy balance, y’know?
People shouldn’t complain in a dev’s ear like they owe them something they never promised, and people trying to call that out shouldn’t counter it with a demeaningly confrontational demeanour. Obviously that’s a lot to ask for on the internet, but it’s a good thing to try for at least.
Tell me about it, I am skeptical about AI and I kinda wanna know the True Positive, true negative, false positive, false negatives with these AI classified bugs. Still a useful tool.
I just think it’s unreasonable to ask someone to do dev work for free, either pay or contribute (code, docs, help in misc ways) or cash (and pull out when they do something you don’t approve that’s your right). But until there’s real fuckery let’s just open bug reports and complain about real issues that can be fixed.
It’s provided as is, no warranty, no guarantee. If you built your life around it, that’s on you, not the dev. If you want something else, do it yourself or pay somebody to do it for you.
Fair, but a little empathy for rsync users who only mean well would go a long way. The everyone-for-themselves mentality doesn’t tend to be very helpful most of the time, if ever.
Meaning well and blasting the rsync maintainer with absolutist anti-LLM messages are very different things.
Th rsync maintainer is ironing out issues. Use an old version and let him cook. Once things are stable, then pull the new version. If you’re on arch or another unstable distro that always pulls the latest version, this is what you signed up for. Staying on the bleeding edge means you’ll bleed.
It doesn’t excuse attacking he maintainer who seems to be making a genuine effort. That shows a lack of empathy.
…Which is why I specified those who only mean well. Obviously that doesn’t include the less pleasant crowd.
We’re mixing up two things here. There’s valid criticism. And there’s the people who want to unleash some social-media style shitstorm. The latter show up in large groups and add some unsubstantiated comments, lots of emojis and drown any kind of conversation. But that doesn’t really take away from the valid criticism. For example a maintainer shouldn’t tag a version and release it, when it’s not ready to be released. That’s the 101 of software development. You can expect as much. Because the “bleeding” thing isn’t really how it works. Once there’s a new minor release tagged by the devs, it’s supposed to be picked up by the distro maintainers and get into any distro’s repositories. Doesn’t matter if it’s Arch unstable or Debian stable. They don’t want bugs and security vulnerabilities in their distro, either. Especially not when it’s 6(!) CVEs! And the Debian dev’s in fact reacted to this. And they even backported stuff to oldstable so the people who run the rock-stable stuff from 3 years ago get the patches! So it really doesn’t matter… Run a bleeding edge distro, or a stable one and don’t update it for 2 years, you’ll be affected by this both ways.
Yeah, everyone with a local LLM running on their PC who suddenly thinks they’re an expert in software development: time to bombard the creator of Rsync with AI bullshit that he will need to wade through.
I’ve had conversations with people when you say that, like they don’t want to get involved, don’t want to code, and they want the dev done their way. Like ok. WTF? Entitled much?
And this is for established devs and their codebases, not some vibe kiddy
Contributions are not enough. It needs people to maintain it. That means dedicating time long term. It’s not a small undertaking.
Contributions can be a step on the road though.
Yes, that is what people are saying, make the effort and contribute.
No. If an established dev leans on LLMs for coding and shovels it into the main branch, they have abdicated their responsibility and trashed their reputation. We get to point that out
without any obligation to do their work for them.
It’s his project. He can do whatever he wants to with it. He doesn’t have a “responsibility” to you or anybody else. Stop being so entitled.
Point it out, doesn’t change the fact that you’re not addressing the core problem, which is developer burnout in these FOSS projects.
Also no its not their work, its literally a voluntary job so stop dictating how people spend their free time.
But that’s just me, you do you.
This reasoning assumes any LLM-assisted change is faulty, right?
The linked article doesn’t make me concerned. They seem to have the expertise, seem to apply due diligence and good practice around (selectively) using LLM.
Can people not directly involved in and working on the project assess the risks well? Do we not have to depend on author and project leadership expertise just like we had to before with any parts of development, management, and tool and infrastructure use?
I haven’t looked up the original communication or drama, but I assume communication could have been much better. Maybe the commits didn’t say much about the reasoning and due diligence that they describe in this article? Other than that, how can you make a better judgment about the changes than them without taking a thorough look and assessment?