In an update published last week, macOS 15.4 Apple replaced the rsync utility with an alternative implementation, openrsync, developed by the OpenBSD project. The executable file /usr/bin/rsync in macOS now refers to openrsync. The reasons for the change are believed to be recently discovered security issues in rsync, efforts to reduce components under copyleft licenses, and the desire to get rid of an outdated version of rsync, which cannot be updated due to licensing policies.
The key features of openrsync are that it was initially developed with high security in mind, that it is licensed under the permissive ISC (BSD family) license instead of rsync's copyleft GPL license, and that it uses a different internal architecture (one process for sending and receiving data, using an event loop). At the protocol level, openrsync is compatible with rsync, but does not support all command line options, only the most commonly used ones for file synchronization and backup. The lack of support for secondary functions allows the openrsync codebase to be kept under 10 lines of code to reduce the attack surface. For comparison, the latest version of rsync has 62 lines of C code.
Taking into account that until now in macOS The legacy rsync version, 2.6.9, released in November 2006, was shipped; replacing it would not significantly reduce functionality. rsync 2.6.9 was chosen as the last version distributed under the GPLv2+ license. The next release was rsync 3.0, which was upgraded to the GPLv3 license, which prohibits tivoization (tying software to hardware).
Source: opennet.ru
