For those outside the loop: rsync starting using AI agents to handle the influx of AI security reports to improve the test suite and fix bugs. It introduced a few CVEs and people who never contributed in any way started firing shots at the maintainer.
rsync maintainer’s response to the people getting pissy about his usage of AI: medium and the related post on programming.dev
If you build a bridge and make it open to the public, then you absolutely have both an ethical and legal obligation to make it safe to use.
That would be at least negligent manslaughter in most, if not all jurstictions.
To be clear I’m not saying that anyone has to do everything that that people request of them. But rather that there is a non-zero amount of responsibility to the public when a project is being actively maintained. If you don’t want that responsibility, then let someone else take over, or announce that the project is abandoned.