Openrsync: An implementation of rsync, by the OpenBSD team
OpenBSD's openrsync offers a BSD-licensed, security-hardened alternative to the venerable rsync, leveraging OpenBSD-specific features like pledge(2) and unveil(2) for robust file synchronization. Hacker News is abuzz not only with appreciation for the technical merits and security focus, but also with a lively tangent about OpenBSD's "no slop" philosophy extending to a wary eye on AI integration in software. This release taps into the community's desire for secure, lean, and auditable foundational utilities.
The Lowdown
openrsync is a new implementation of the popular file synchronization utility rsync, developed by the OpenBSD team and released under a permissive BSD (ISC) license. The project aims to provide a secure and lean alternative, integrating deeply with OpenBSD's native security features like pledge(2) and unveil(2) to limit system calls and filesystem access, respectively. While primarily targeting OpenBSD, it boasts portability across various UNIX-like systems, including Linux, FreeBSD, macOS, and OmniOS, with continuous integration testing ensuring broad compatibility.
Key aspects of openrsync include:
- BSD Licensing: A core differentiator from the original GPL-licensed rsync.
- Security-First Design: Emphasizes native OpenBSD security mechanisms, offering a highly sandboxed operation.
- Algorithm Fidelity: Implements the core rsync algorithm, including the sender/receiver model and block exchange, with detailed documentation available through man pages.
- Streamlined Architecture: Unifies the "generator" and "receiver" functions into a single process using an event loop, differing from the original rsync's multi-process approach.
- Partial Feature Set: Compatible with rsync protocol 27 but supports only a subset of command-line arguments.
openrsync is a testament to the OpenBSD project's commitment to creating secure and auditable core utilities. Its development was funded as part of the rpki-client(1) project, further highlighting its role in critical infrastructure. The project explicitly warns users about the inherent security risks of any rsync implementation handling arbitrary data, underscoring the importance of its security model.
The Gossip
Open Naming & Licensing Nuances
Commenters questioned the "Open" prefix for openrsync, noting that the original rsync is already open source (GPL). The discussion clarified OpenBSD's specific philosophical stance, where "Open" often signifies a BSD-licensed version of a tool, viewed as "more open" than GPL due to the perceived restrictions of copyleft. This is a common theme with OpenBSD projects (e.g., OpenSSH).
The 'No Slop' Philosophy Meets AI
A significant portion of the discussion pivoted to OpenBSD's well-known "no slop" or anti-bloat philosophy. Commenters linked openrsync to this ethos, particularly in the context of recent developments where AI-generated code or AI-related features are being integrated into traditionally "clean" codebases like postfix. There was debate over whether this concern about AI integration was a valid security or quality issue, or simply an overreaction to a new technology.
Practicalities and Feature Gaps
While generally positive about openrsync, some users noted practical differences from the original rsync. Specifically, the absence of common command-line flags like --exclude or -z (compression) was mentioned as a potential limitation in older versions of OpenBSD. Despite these minor feature gaps, the overall sentiment towards openrsync's functionality was positive.